Many clients and services (including caGrid) leverage the Globus Toolkit as their underlying framework. Globus requires the use of PKI credentials for authentication. A PKI credential consists of a X.509 certificate and private key; the X.509 certificate is signed by a certificate authority. In authenticating parties, Globus ensures both that the authenticating party is the holder of the private key that is bound to the X.509 certificate that they present and that the X.509 certificate presented is signed by a trusted certificate authority. Globus maintains a list of certificate authorities that it trusts in a local trust store on the local file system. Although this is effective, it is very limiting and difficult to manage because every time (1) a new certificate authority is trusted, (2) an existing certificate authority is no longer trusted, or (3) a certificate authority updates its CRL, the local trust store of all clients and services needed to be updated. Under the core Globus release, this is a manual process that is not scalable in large distributed Grids. The Grid Trust Service (GTS) is a grid service for managing certificate authorities (and CRLS) that are trusted by a community. The GTS provides a tool called SyncGTS that keeps all clients'' and services local trust stores in sync with the certificate authorities that are trusted by the GTS. With SyncGTS, the local trust store for each client and service is updated whenever a new certificate authority is added to the GTS, a certificate authority is removed from the GTS, and the CRL for a certificate authority is updated.
SyncGTS provides many configuration options to clients and services. These include syncing with multiple GTS(s) and specifying level of assurance requirements. SyncGTS also provides several deployment options, making it adapatable and easy to integrate with many types of systems. These deployment options include:
Globus Runtime- SyncGTS is deployed directly into a container hosting Web/Grid services, keeping the entire container and services operating within it synchronized with the trust fabric.
Command Line- The command line approach is intended to be used to sync client environments with the trust fabric.
Programmatically- SyncGTS provides a client API that allows developers to integrate SyncGTS into applications and other software projects.
Administration
