NCSA Home
Contact Us | Intranet | Search

NCSA Public Key Infrastructure

Introduction

NCSA's goal is to provide easy but secure access to its high-performance and high-throughput computational resources. For several years, a variety of security paradigms including Kerberos and SSH authentication have been available or required at NCSA.

In June of 2000, the Alliance began offering for the first time an Alliance secure authentication solution that supported single sign-on to Alliance computational resources. In June, 2003 the Alliance Certificate Authority stopped accepting certificate requests. Acknowledging the trend for more and more organizations to deploy and run their own Certificate Authorities using Open Source CA software solutions (e.g. SimpleCA), NCSA has created its own Certificate Authority, specifically targeted to the NCSA user community.

This NCSA secure authentication solution also supports single sign-on to NCSA computational resources and any other resource that accepts certificates signed by the NCSA Certificate Authority. It provides two important services that are necessary for robust but secure grid computing: strong authentication and single sign-on to those resources.

Getting Started Using the NCSA PKI

  • Effects of transitioning from Alliance CA to NCSA CA
  • Get Your NCSA User Certificate
  • Short Guide to Using Your Certificate
  • NCSA Certificate FAQ

    •  

    More NCSA PKI Information

    Strong authentication

    Each individual site needs to be able to provide access with confidence that you are who you say you are.

    A password used to be enough to ensure that someone accessing the machine is who they logged in as. But a password can be guessed. With a certificate, you have the certificate as well as the passphrase. So even though someone might guess your passphrase, they also need your certificate to authenticate as you. Needing these two pieces is strong authentication. Your NCSA certificate and private key together are the passport you need to securely authenticate and prove your identity to various sites.

    Single sign-on

    Single sign-on means that you need only authenticate once for each session. After using your NCSA certificate to authenticate to a resource that accepts your NCSA certificate you can quickly move from resource to resource and site to site. You no longer need to remember (or worse, store in a file) passwords and logins for each site.

    PKI defined

    Public Key Infrastructure, or PKI, is the name given to the collection of tools, protocols, and policies that provides strong authentication and single sign-on capabilities. Like most implementations of PKI, the NCSA PKI is based on third-party trust. The three parties are you, the site providing the computational resource, and a third-party trusted by the first two parties. The NCSA third-party is the NCSA Certificate Authority (CA). The "proof" of your identity is your NCSA certificate that has been digitally "signed" by the CA. With a certificate digitally signed by the NCSA CA, you can authenticate to and navigate the any resources that accept NCSA certificates.

    University of Illinois home page NCSA Home | About NCSA | NCSA Projects | Blue Waters | NCSA News | NCSA User Info
    Contact NCSA | NCSA Intranet | Site Map
    Contact consult with questions regarding this page. Last updated June 30, 2003.
    All rights reserved. ©2009 Board of Trustees of the University of Illinois.