OCSP for Grids: Comparing Prevalidation versus Caching

Nowadays the computational grid uses X.509 digital certificates for a wide variety of security-related tasks, ranging from user authentication to job execution´s delegation. However to ensure a comprehensive security framework such credentials need to be validated so that revoked, suspended and any other compromised certificate will not be allowed to access grid resources. To achieve such tasks great interest is being given to the online certificate status protocol (OCSP) in security workgroups from the global grid forum. In order to better understand the special requirements related with its use in previous work we introduced the Open GRid Ocsp API (OGRO), which provides OCSP support to the Globus toolkit 4. However that research concluded that the grid introduces some special requisites for OCSP´s performance and security. As a follow-up to that work, this paper provides a comprehensive performance comparison between the novel prevalidation and caching mechanisms proposed by the authors to further improve Grid-OCSP. In addition, research about security compliance of both mechanisms around the newest proxy revocation concept is also presented in this work