Also worth a look is this http://www.crypto-stick.com/ . They have a GPLv3
open source policy and their hardware design is licensed under Creative
Commons. Although it seems the English documentation is in German.
Mike
On Monday 15 October 2012 14:58:20 J Nebrensky wrote:
> On Mon, 15 Oct 2012, Christopher J. Walker wrote:
> > Snoplus would like automated procedures for moving data around - that
> > don't rely on an individual being around to renew the proxy every week.
> >
> > AIUI, robot certificates are the answer, and
> > https://ca.cern.ch/ca/Help/?kbid=021003 would tend to agree.
> >
> > There seem to be two options for storing this key - either a hardware
> > token, or a dedicated machine. Are there any hardware tokens that are
> > recommended, or at least which people around here have experience with,
> > and how much do they cost?
>
> Hi,
>
> We are looking into this for MICE, for the same reason - a cron job can
> generate a new proxy at suitable intervals (until you pull the hardware
> key out of the machine). As usual for MICE, our actual progress is
> slow...
>
> Jens pointed me to a dated wiki page describing how to do this at
>
> https://wiki.nikhef.nl/grid/EToken
>
> I believe the Aladdin eToken mentioned is sold in the UK by Safenet (who
> couldn't be bothered with us) and Exlayer
>
> http://www.exlayer.co.uk/system/sec_eToken.html
>
> but there is a minimum order size of 5 and you have to buy a copy of the
> SDK with each one - so it was the wrong side of 300 quid to get
> started. I can send the contact details if needed.
>
> Being stingy, we instead bought a couple of ePass 2003 tokens
>
> http://www.gooze.eu/epass-2003
>
> - these are supposed to work with OpenSC under Linux and hence be visible
> from OpenSSL, but I've not had a chance to actually sit down and play with
> the thing yet so no idea if it even works at all, let alone some existing
> instructions on how to make a Grid proxy with them.
>
>
> If this is something that more VOs are interested in and there's someone
> with the time and skills to get things working, then I'd certainly be keen
> to get some sort of group effort going...
>
> Thanks
>
> Henry
>
> > Workflow:
> >
> > I guess the idea would be to have the certificate used to generate a
> > proxy every hour or so - and then use that for data management (and job
> > submission).
>
> --
> Dr. Henry Nebrensky [log in to unmask]
> http://people.brunel.ac.uk/~eesrjjn
> "The opossum is a very sophisticated animal.
> It doesn't even get up until 5 or 6 p.m."
|