Design and implementation of a Grid proxy auditing infrastructure

Single sign-on and delegation of rights are key requirements for modern grid infrastructures. These requirements are usually facilitated by X.509 und private-key infrastructures (PKI) and proxy certificates. Proxy certificates, however, can be obtained and abused by a malicious third party. There is currently no method for end users to detect such abuse. We have designed a solution that enables a thorough auditing of grid proxy usage in Globus-based grids and implemented a service that accepts auditing information via a Web service interface and saves them to a back-end database. We introduce modifications to the grid security infrastructure that allow sending audit trails from within Globus components if the user desires to track credential usage. A Web-based front-end shows all logged information. With our approach, expert users can now closely monitor how their credentials are used after job submission. This will help build trust in grid infrastructures and delegated authentication and authorization.