iSGTW Feature - Ensuring a Grid Without Boundaries

Feature - Ensuring a Grid Without Boundaries

The EUGridPMA members at the CCLRC Coseners House in Abingdon, England.
Image courtesy of PPARC.

With more than 30 national Grids in Europe alone, the European Policy Management Authority for Grid Authentication must ensure that electronic identities will work across any boundaries. At last month's meeting, its first ever held in the UK, the growing EUGridPMA considered bids for accreditation from Europe and Africa.

"I was very pleased to welcome the EUGridPMA to the UK for the first time, especially as the PMA expanded its horizons," said David Kelsey of CCLRC Rutherford Appleton Laboratory and GridPP in the UK. "We are now closer to enabling access to the grid to all scientists wherever they are located."

Kelsey was an original organizer of efforts to build international trust among grids. EUGridPMA is one of three regional PMA's within the International Grid Trust Federation. IGTF establishes requirements and best practices for identity management, mainly by coordinating a Public Key Infrastructure that is used with Grid middleware.

EUGridPMA coordinates the activities of the Certification Authorities (CAs) that issue electronic identities, or digital certificates, to scientists for use on the grid. While not issuing certificates itself, EUGridPMA accredits certificate authorities whose certificates meet or exceed its guidelines. In addition to Europe, it also encompasses Africa, and receives participation from members of the other PMA's within IGTF from countries such as Canada, Japan, Taiwan and the United States.

"The fact that the community has self-organized across the whole world, and is working together on trust and identity management, is a wonderful testament to the interest in global computing," says Bob Cowles, Open Science Grid Policy representative. "OSG in the US faces the same problems as Europe, and we inform and help each other."

In timely fashion with the recent expansion of the European Union, Bulgaria and Romania sent representatives to the meeting to present their new CAs. The PMA also received the first request for membership from an African country, with representatives from Morocco attending and presenting their new CA.

The PMA granted accreditation to SWITCH, the Swiss national research and education network. SWITCH runs a Grid Identity CA linked to its national implementation of a Shibboleth Authentication-Authorization Infrastructure. Shibboleth, a technology developed by Internet2 in the USA, is also being deployed in academia in several other European countries, including the UK. The ability to link the issuing of electronic certificates to this kind of large-scale identity management system is a first for EUGridPMA.

David Groep, the Chair of EUGridPMA, commented, "Integrating national federations will be a key to the success of the Grid and models for integrating federations in the Grid were a major topic during the meeting. Thanks to this, we are now closer to realizing the European vision of an integrated authentication and authorization infrastructure."

- Sarah Pearce, GridPP
iSGTW Contributing Editor