> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of John Kewley
>
> As I recall you are supposed to keep your full certificate on systems
> within your administrative domain (hence the proliferation of UIs). I was
> just a tad concerned that the model of a central UI was being revisited.
>
Off the top of my head, going via myproxy doesn't sound bad. A new
user is going to have to get their cert using CertWizard anyway,
and once they've got it, it can upload to a myproxy server directly
from their local client system, then they just need to grab the proxy
from there and voms-ify it on the UI. That last bit might need a bit
of friendly wrapper script round it, but the model sounds good.
On a related note, the user experience here is somewhat superficially
similar to that of using SARoNGS; once you'd logged into that with
your institutional credentials, it put the resulting grid proxy on a
myproxy server for you to pick up.
The combination of the two could give us a very neat system - very new
users start with SARoNGS generated 'trial version' grid certs, then if
it looks like it's working, it a relatively small hop to graduate to
a CertWizard managed real one.
Ewan
|