Grid Research Integration Deployment and Support Center 

GRIDS Essentials
Grid Ecosystem
Training & Support
News & Outreach
Grid Projects Database
Archive: GRIDS Center Newsletter

Current issue | Archive> Home

November 4, 2002

The following news about distributed computing is from the Grid Research, Integration, Deployment and Support Center (GRIDS), part of the National Science Foundation Middleware Initiative (NMI). Subscribe to the GRIDS Center Newsletter by sending e-mail to with "subscribe news" in the body of the message.

1.  Hot Off the Grid

GRIDS CENTER SOFTWARE SUITE ADDS COMPONENTS FOR NMI-R2.  New software tools have been added to the GRIDS suite in NMI-R2, the second release from the National Science Foundation Middleware Initiative (NMI), which was issued on October 25. GSI-SSH is a Grid security-enabled version of Open-SSH, the popular communications tool. GPT (Grid Packaging Tool) is used to bundle GRIDS components, and GridConfig is used to configure and fine-tune them.  The latest GRIDS Center Software Suite includes new versions of the Globus Toolkit™, Condor-G and Network Weather Service. Watch for new GRIDS releases as part of NMI every October and April.  See to download the software.  An NSF press release is at

GLOBUS WORLD IN JANUARY 2003 WILL GIVE USERS A VIEW "UNDER THE HOOD" OF GRID COMPUTING.  The inaugural Globus World will be held in San Diego, January 13-17.  It will feature three tracks of invited talks, interactive panels, and roundtables, with presenters including principal GRIDS Center participants.  Three tracks (Enterprise Planning for Grids,  Architecting Grids with Globus Toolkit, Developing & Administering Globus Toolkit) will offer strategic perspectives to facilitate discussions for enterprise planning and executive decision-making.  See

2.  Feature Story

“KERBERIZED” GRID COMPUTING.  An important NMI goal is the integration of Grid research environments with the campus enterprise.  One example is KX.509, a client-side tool that extends the widely-used Kerberos campus authentication mechanism for use in Grids.

KX.509 has been packaged with the GRIDS Center Software Suite in both NMI releases (NMI-R1 and -R2). It was developed at the University of Michigan under the auspices of a partner NMI team, EDIT (Enterprise and Desktop Integration Technologies). The tool provides a bridge between Kerberos and the Public Key Infrastructure (PKI) associated with Grid security. GRIDS Center leaders like Carl Kesselman believe KX.509 can play a crucial role in the adoption of Grids on campuses and in other organizations where Kerberos is used.

“This is a significant development,” said Kesselman, director of the Center for Grid Technologies at the University of Southern California (USC) Information Sciences Institute.  “We have successfully deployed KX.509 across the USC campus, which is a win for Grid users because it shows how their applications can be integrated with Kerberos infrastructure, and it’s a win for Kerberos sites because it shows they can be hospitable to Grids.”

Interoperability is key to Grids, whose architects are reluctant to dictate local choices for security, authorization and authentication.  Grids are designed to give individual users and sites autonomy, while helping to ensure that local choices can be based on a technology’s merit instead of its popularity elsewhere. 

The certificate and private key generated by KX.509 are normally stored in the same cache alongside the Kerberos credentials. This enables systems that already have a mechanism for removing unused Kerberos credentials to also automatically remove the X.509 credentials. Netscape or Internet Explorer can then load a special library to access and use these credentials for secure web activity.

To use KX.509, the user should be on a system in an existing Kerberos realm and have a Kerberos login for that domain.  In other words, Kerberos client software should already be installed, allowing KX.509 to generate a Grid certificate and private key based on the user’s Kerberos credentials. 

What is not required is the presence of X.509 certificates, the format used for Grid Security Infrastructure (GSI) by software such as the Globus Toolkit and Condor-G.  KX.509 is able to generate a GSI certificate that, when used with either of those packages, can be fully recognized by any Grid server.

According to Jim Pepin, director of the Center for High Performance Computing and Communications (HPCC) at the University of Southern California, "We see USC’s successful campuswide implementation of Kerberized certificates with NMI as a first step toward KX.509's broader use for Grid environments both at USC and across the academic community."

Pepin pointed out that USC was situated to capitalize quickly on KX.509 because researchers like Kesselman have long been involved in helping to shape campus policy, something other universities can emulate. 

“This is the plumbing, and now we need to build ‘appliances’ that use this capability across campus,” he said.  “We’re a huge university with many pedagogical and research applications that could capitalize, including the Shoah Visual History Foundation’s multimedia database of testimony from Holocaust survivors, the Digital Encyclopedia of Los Angeles -- a collaboration with UCLA to digitize motion pictures and other artifacts --  and the Southern California Earthquake Center, part of the Network for Earthquake Engineering and Simulation (NEES).  Each of these projects and others are now much better positioned to deploy Grid tools thanks to our KX.509 deployment."

In non-Kerberos environments, to use Globus Toolkit utilities on a local or remote machine, the user must authenticate his or her identity to the machine with a Grid Security Infrastructure certificate, also called an X.509 certificate. These long-term certificates let the user create a short-term proxy certificate that expires after a period generally defined by the owner of the local or remote resource, after which a new proxy must be generated to renew access.

KX.509 can actually be used in place of permanent, long-term certificates. It does this by creating an certificate and private key in X.509 format based on the user’s existing Kerberos ticket. These credentials are then used to generate the GSI proxy certificate in Kerberos environments just as in the non-Kerberos example above.

See for more information.

3.  What's Coming Up

SC02:  From Terabytes to Insights
November 16-22, 2002
Baltimore, MD
SC2002 brings together scientists, engineers, systems administrators, programmers, and managers to share ideas and glimpse the future of high performance networking and computing, data analysis and management, visualization, and computational modeling. This year, SC will highlight how we can use our evolving cyberinfrastructure to tap into terabytes of data to gain insight into creating a world that is safer, healthier and better educated. The conference is sponsored by the Institute of Electrical and Electronics Engineers Computer Society and by the Association for Computing Machinery's Special Interest Group on Computer Architecture.  Presenters include GRIDS Center principals.  See

Globus World
January 13-17, 2003
San Diego, CA
The inaugural Globus World will feature three tracks of invited speakers, lecturers, interactive panels, and forward-looking roundtables.  (See item above under “Hot Off the Grid.)  Details at

June 22-24, 2003

Seattle, WA
Billed as "the leading technical conference on Grids and Distributed Computing."  HPDC has issued a call for papers with deadline of February 2003.  

4.  More about the GRIDS Center

Part of the NSF Middleware Initiative (NMI), GRIDS is a partnership of the Information Sciences Institute (ISI) at the University of Southern California, the University of Chicago, the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign, the San Diego Supercomputer Center (SDSC) at University of California at San Diego, and the University of Wisconsin at Madison.  For more information, see  To subscribe for GRIDS updates, send mail to with a message body of “subscribe news” (without quotes).  You will receive a confirmation message with simple instructions on how to authenticate your subscription.


To remove your name from the mailing list, send e-mail to In the body of the message, type unsubscribe news. For further information, please email

©2004 GRIDS Center. All Rights Reserved.
Site Map | Contact