SecurityArchitecture

User Credential Architecture:

The configuration planned for FY09 is to use the existing CDC infrastructure invested in Secure Data Network (PHIN:SDN) and VeriSign to produce the user and host certificates necessary for the limited number of production nodes in FY09.

To support greater roll-out and the addition of lots of production nodes, additional Credentialing Service Providers (Certificate Authorities) will need to be established to handle the issuance of user and host certificates. Rather than endorsing a set batch of CAs, PHGrid will develop a policy that allows multiple providers who can meet a common policy set (look to the Federal CIO Council's eAuthentication project for Secure Government Access for a good example). The approved list of CAs (and their signing policies) will be maintained for each PHGrid node so that the entire PHGrid will have a consistent set of CAs that are used for verifying user credentials. (Note: individual nodes will still control the mapping of these credentials to specific services/resources they provide).

The belief is that in the post-FY09 a PHGrid user or node will get a cert from a valid PHGrid CA and use that cert to identify themselves to all of the PHGrid nodes, basically providing single-sign-on within the grid. This is more sustainable than having CDC purchase annual user and host certificates to be used by each participant in the grid. This also fits into a model where we have grid-grid interoperability that doesn't require users and nodes in other grids to acquire additional certs in order to communicate with the PHGrid.