Gird Programming Secuirty Concepts:

1. Secure communications
    Three pillars of security: privacy, integrity, authentication
     add authorization to this.
     Privacy: a message sent is encrypted to protect its contents
     Integrity: message sent is not tampered with to chnage or modify it.
     Authentication:  Source sending the message is authentic/ can be trusted
     Authorization: Source sending the message is authorized to do so

2. Key based symmetric and asymmetric encryption
     RSA and public key infrastructure
     Sender is assigned a public key private key pair. Message encrypted with private key can onlt be decoded
      using the corresponding public key and vice versa.

3. PKI : privacy is fine; integrity is guarantedd using digital signatures.
    A digital signature is  a piece of information sent alsong with message to find out if the message was tampered
    with or not (p.114 in Sotomayor's turorial)
     Digital signature: message digest, encrypted using private key

4. Authentication is acheieved using certification:
 
5. Certificate and certificate authorities:
     A digital certificate is a document that certifies that a certian public key is owned by a particulkar user.
     This document is signed by a third party called certificate authority (CA). Digital signature in the certificate is
      generated using CA's private key. Thus one can verify it is indeed correct/trusted.

6. Trusted list of CAs: Verisign, GlobalSign, etc.

7. Some important contents of a certificate:
    Subject: name of the user encoded as distinguised name;
              O: organization, OU: organizational Unit, CN: common name/user's name, C: Country                                  
    Subject's public key
    Issuer's subject: CA's distinguished name
    Digital signature: digital signature of all the information in the certificate generated using CA's private key.

8. CA hierarchies: You have trusted list of CAs. Say a certificate A is signed by FOO and FOO's certificate is signed by BAR. You
    have BAR in you trusted list but not FOO. Still the ceritcate A is accepatble by you sinec you have BAR on your list.

9. Grid Security Infrastructure (GSI) offers these features:
   complete public-key system
   mutual authentication through digital certificates: in order for entities A and B to communicate they both must have certificate
   signed by a CA. "strong authentication"
   credential delegation and single sign-on

10. Delegation and single sign-on
      Consider a task Z assigned to B from A: organzation B and C trust only A.
      Z can be split up into many tasks. B could request C to perform subtask Y of Z on behalf of A.
    A can hnad over its certicate to B which is not good or it can allow proxy certificates to be issued on its behalf.

11. Proxy certificates allow a user to act on another user's behalf.
      "credential delegation" proxy certificate allow user to effectively delegate a set of credentials to another user.
     using prxoy-certificates also leads to signle sign on.

12. How proxy certificate is generated:
      B needs A 's credentials to make request to C.

      1)  B generates a public/private key pair.
      2)  B uses the key pair to generate a certificate request that includes proxy's public key
      3)  A digitally signs the certificate with its private key and sends it back to B
      4) B can now use certificate to act on behalf of A.

     A is your server on Cerf/Mills/Vixen, You are all B's and C's.