SSO authentication: a new approach
John Good
jcg at ipac.caltech.edu
Tue Mar 15 11:08:08 PST 2005
Ray -
Even a "weak" CA would be expected accurately
vouch for the fact that the person involved is
indeed some they know "personally". It is only
weak in the sense that the VO as a whole trusts,
for instance, the University of Minnesota Astronomy
Department to keep track of the people they grant
certificates to without further vetting. If there
are repeated problems with any CA, we can stop
accepting their certificates.
If that is what you mean, then I am fine with it
but I don't think this should be referred to as
"weak" in any way. More accurately, we are talking
about a fairly relaxed system of trusted CAs.
- John
Ray Plante wrote:
> On Tue, 15 Mar 2005, John Good wrote:
>
>>I think the answer is not weak certificates but "weak" CAs.
>
>
> In my mind, these are equivalent. ;-)
>
>
>>the user isn't really having to handle certificates themselves.
>
>
> Yes!!
>
> Ray
More information about the grid
mailing list