problems with VO certificate authorities

[Roy Williams]

I believe there is a case to be made that the VO security structure should include both patterns: 
the Certificate Store vs the Browser-plus-Certificate. This being that place that the "warrant" or 
certificate is located: remote or local.

The Store mechanism has a well-secured remote machine that issues "proxies" on demand, which can be 
used on behalf of a user. A Store can service a grid of machines that all need various trust 
assertions. However, it needs to be continuously available. Also, it adds another component to the 
service structure, a component that must communicate securely with others, and thus adds software 
burden.

The Browser mechanism holds the certificate locally, i.e. a laptop. It relies on physical security 
of the machine that holds it, although some browsers can ask for a password as well as physical 
access. It can communicate securely with a server, and can handle the certificates in a 
user-friendly way.

Perhaps the best argument is the upcoming AJAX and JSON-RPC applications that bring great power to 
the browser itself.

Google Maps/Sky is/will be an AJAX application, I suspect that soon enough Google Sky will become a 
prime viewing platform for the virtual sky. It would be nice to have certificate-enabled access to 
sequestered data.