key-index.htm

globus4.0.4中与GSI(Globus Security Infrastructure)相关的文档

                              certificates issued by the CA. GSI typically stores a given CA
                              certificate in
                                          <code class="filename">/etc/grid-security/certificates/<em class="replaceable"><code>&lt;hash&gt;</code></em>.0</code>,
                              where &lt;hash&gt; is the hash code of the CA identity.</p></dd><dt><a name="ca-sign"></a> CA Signing Policy</dt><dd><p> The CA signing policy is used to place constraints on the information
                              you trust a given CA to bind to public keys. Specifically it
                              constrains the identities a CA is trusted to assert in a certificate.
                              In GSI the signing policy for a given CA can typically be found in
                                          <code class="filename">/etc/grid-security/certificates/<em class="replaceable"><code>&lt;hash&gt;</code></em>.signing_policy</code>,
                              where &lt;hash&gt; is the hash code of the CA identity. For
                              more information see [add link].</p></dd><dt><a name="cert"></a> certificate</dt><dd><p> A public key and information about the certificate owner bound
                              together by the digital signature of a CA. In the case of a CA
                              certificate the certificate is self signed, i.e. it was signed using
                              its own private key.</p></dd><dt><a name="crl"></a> Certificate Revocation List (CRL)</dt><dd><p> A list of revoked certificates generated by the CA that originally
                              issued them. When using GSI this list is typically found in
                                          <code class="filename">/etc/grid-security/certificates/<em class="replaceable"><code>&lt;hash&gt;</code></em>.r0</code>,
                              where &lt;hash&gt; is the hash code of the CA identity.</p></dd><dt><a name="cert-subject"></a> certificate subject</dt><dd><p> A identifier for the certificate owner, e.g.
                              "/DC=org/DC=doegrids/OU=People/CN=John Doe 123456". The subject is
                              part of the information the CA binds to a public key when creating a
                              certificate.</p></dd><dt><a name="cred"></a> credentials</dt><dd><p> The combination of a certificate and the matching private key.</p></dd></dl></div><div class="glossdiv"><h3 class="title">E</h3><dl><dt><a name="eec"></a> End Entity Certificate (EEC)</dt><dd><p> A certificate belonging to a non-CA entity, e.g. you, me or the
                              computer on your desk.</p></dd></dl></div><div class="glossdiv"><h3 class="title">G</h3><dl><dt><a name="gaa-config"></a> GAA Configuration File</dt><dd><p> A file that configures the Generic Authorization and Access control
                                    <span class="acronym">GAA</span> libraries. When using GSI this file is
                              typically found in
                              <code class="filename">/etc/grid-security/gsi-gaa.conf</code>.</p></dd><dt><a name="grid-map-file"></a>grid map file</dt><dd><p> A file containing entries mapping certificate subjects to local user
                              names. This file can also serve as a access control list for GSI
                              enabled services and is typically found in
                                    <code class="filename">/etc/grid-security/grid-mapfile</code>. For more
                              information see the <a href="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#prewsaa-env-gridmapfile" target="_top">Gridmap file</a>.</p></dd><dt><a name="grid-sec-dir"></a>grid security directory</dt><dd><p> The directory containing GSI configuration files such as the GSI
                              authorization callout configuration and GAA configuration files.
                              Typically this directory is <code class="filename">/etc/grid-security</code>.
                              For more information see <a href="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#prewsaa-env-gridsecurity" target="_top">Grid security directory</a>.</p></dd><dt><a name="gsi-authz-config"></a> GSI authorization callout configuration file</dt><dd><p> A file that configures authorization callouts to be used for mapping
                              and authorization in GSI enabled services. When using GSI this file is
                              typically found in
                              <code class="filename">/etc/grid-security/gsi-authz.conf</code>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">H</h3><dl><dt><a name="host-cert"></a> host certificate</dt><dd><p> An EEC belonging to a host. When
                              using GSI this certificate is typically stored in
                                    <code class="filename">/etc/grid-security/hostcert.pem</code>. For more
                              information on possible host certificate locations see the <a href="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#prewsaa-env-credentials" target="_top">Credentials</a>.
                        </p></dd><dt><a name="host-cred"></a> host credentials</dt><dd><p> The combination of a host
                              certificate and its corresponding private key..</p></dd></dl></div><div class="glossdiv"><h3 class="title">P</h3><dl><dt><a name="priv-key"></a> private key</dt><dd><p> The private part of a key pair. Depending on the type of certificate the key corresponds to it
                              may typically be found in
                              <code class="filename">$HOME/.globus/userkey.pem</code> (for user certificates),
                                    <code class="filename">/etc/grid-security/hostkey.pem</code> (for
                                    host certificates) or
                                          <code class="filename">/etc/grid-security/<em class="replaceable"><code>&lt;service&gt;</code></em>/<em class="replaceable"><code>&lt;service&gt;</code></em>key.pem</code>
                              (for service certificates).
                              For more information on possible private key locations see the <a href="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#prewsaa-env-credentials" target="_top">Credentials</a>
                        </p></dd><dt><a name="proxy-cert"></a> proxy certificate</dt><dd><p> A short lived certificate
                              issued using a EEC. A proxy
                              certificate typically has the same effective subject as the EEC that issued it and can thus be
                              used in its stead. GSI uses proxy certificates for single sign on and
                              delegation of rights to other entities.</p></dd><dt><a name="proxy-cred"></a> proxy credentials</dt><dd><p> The combination of a proxy
                                    certificate and its corresponding private key. GSI typically stores
                              proxy credentials in
                                          <code class="filename">/tmp/x509up_u<em class="replaceable"><code>&lt;uid&gt;</code></em>
                              </code>, where &lt;uid&gt; is the user id of the proxy
                              owner.</p></dd><dt><a name="pub-key"></a>public key</dt><dd><p> The public part of a key pair used for cryptographic operations (e.g.
                              signing, encrypting).</p></dd></dl></div><div class="glossdiv"><h3 class="title">S</h3><dl><dt><a name="svc-cert"></a> service certificate</dt><dd><p> A EEC for a specific service
                              (e.g. FTP or LDAP). When using GSI this certificate is typically stored in
                                          <code class="filename">/etc/grid-security/<em class="replaceable"><code>&lt;service&gt;</code></em>/<em class="replaceable"><code>&lt;service&gt;</code></em>cert.pem</code>.
                              For more information on possible service certificate locations see the
                                    <a href="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#prewsaa-env-credentials" target="_top">Credentials</a>.</p></dd><dt><a name="svc-cred"></a> service credentials</dt><dd><p> The combination of a service
                                    certificate and its corresponding private key.</p></dd></dl></div><div class="glossdiv"><h3 class="title">T</h3><dl><dt><a name="transport-level-security"></a>transport-level security</dt><dd><p>Uses transport-level security (TLS)
                        mechanisms.</p></dd><dt><a name="trusted-ca-dir"></a> trusted CAs directory</dt><dd><p> The directory containing the CA
                                    certificates and signing policy files of the CAs trusted by GSI. Typically this directory is
                                    <code class="filename">/etc/grid-security/certificates</code>. For more
                              information see <a href="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#prewsaa-env-gridsecurity" target="_top">Grid security
                              directory</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">U</h3><dl><dt><a name="user-cert"></a> user certificate</dt><dd><p> A EEC belonging to a user. When
                              using GSI this certificate is
                              typically stored in <code class="filename">$HOME/.globus/usercert.pem</code>.
                              For more information on possible user certificate locations see 
                                    <a href="http://www.globus.org/toolkit/docs/4.0/security/prewsaa/Pre_WS_AA_Public_Interfaces.html#prewsaa-env-credentials" target="_top">Credentials</a>.</p></dd><dt><a name="user-cred"></a> user credentials</dt><dd><p> The combination of a user
                              certificate and its corresponding private key.</p></dd></dl></div></div></div><!-- content ENDS here -->

			<p>&nbsp;</p>
		</div>
      <!--ending div of container-->
    </div>
    <div class="clearing">&nbsp;</div>
    <!--ending div of wrapper-->
  </div>
<div id="footer">
  <hr class="first"/>

  <p>Comments?<br />
  For questions or feedback about this website:  <a href="mailto:webmaster@globus.org">webmaster@globus.org</a><br />
  For technical support or questions about Globus software, visit our <a href="http://www.globus.org/toolkit/support.html">technical
support</a> page.
</p>
  <p>Globus Project and Globus Toolkit are trademarks<br />

    held by the University of Chicago</p>
  <!--ending div of footer-->
</div>
</body>
</html>
</body></html>