Grid Security Infrastructure
GSI is based on public key encryption, X.509 certificates, and
the Secure Sockets Layer (SSL) communication protocol.
A fixed-size result obtained by applying a mathematical
(the hashing algorithm) to the data supplied (possibly a
password or a longer message). Usually, a
hash value will be much shorter than the original data.
Most importantly, a hash is a one-way function. It is
to be impossible (currently) to compute the original data
from the hash.
Thus, a hash may also known as a
Typical hashing algorithms include MD2, MD4, MD5, and
See also MAC.
|High Level Assurance
||See Assurance Levels. |
International Data Encryption Algorithm
Symmetric key algorithm. Uses 128-bit key. Patented for
commercial use and
therefore not much used. Used in PGP.
||Associating an identity with a subject
(e.g. a network ID with a request). The entity only needs to
identified later (e.g. to send a network packet
it). This means that 'who' or 'what' comprises the identity
important (merely that the packet was delivered correctly).
Often, identification is taken to mean
(and vice versa:
but strictly these are two separate concepts.
for more background on identification and
Internet Engineering Task Force
The IETF is an organisation whose purpose is to coordinate
operation, management and evolution of the Internet. IETF
publications are written by individuals or small working
and published as 'Request For Comments' (RFC)s. Rather than
formally promulgated though an institution such as ITU or
RFCs are reviewed by the Internet at large or by technical
acting on their own initiative.
See PKIX and
||Internet Engineering Task Force
(ITU) includes the ITU Telecommunication
Standardization Sector (ITU-T)
"ITU-T's mission is to ensure an efficient and on-time
of high quality standards (Recommendations) covering all
of telecommunications." "ITU-T was created on 1 March 1993,
replacing the former International Telegraph and Telephone
Consultative Committee (CCITT) whose origins go back to
public and the private sectors cooperate within ITU-T forthe
development of standards that benefit telecommunicationusers
JISC Committee for
Authentication and Security
Defunct as of January 2000. Now taken over by the
for Networking (JCN) and the JISC Committee for the
Information Environment (JCIE)
Joint Information Systems
||JISC promotes the
innovative application and use of information systems and
information technology in further and higher education
UK. It is effectively a funding body for information
technology, established via several of the existing UK
Cryptographic keys are chosen parameters, each connected
specific type of cryptographic algorithm. Their size,
lifetime and usage
depends on the algorithm being used. They may be just large
random numbers or have certain characteristics (e.g. prime
and asymmetric encryption.
Local Institution Certificate Store
||The (theoretical, at present) LICS is a web-application used to
store and retrieve encrypted
It has a
relationship with the institution's
RA but should be
independent of the
CA. It is designed to be
key store for those users storing their certificates and
centrally and a local username-DN
'mapper' for pseudonymity purposes.
For more information, see our
Leeds User Registration and
Certificate Issuing System
PKI system at Leeds
University. LURCIS is a system for managing registration of
users of the IT services at Leeds. At present, the only
users of LURCIS are registration staff throughout the
The default behaviour of the system is to store the user's
keys and certificates on a central server. This is seen by
problematic for trust outside the University, but does avoid
problem of user (and certificate/private key) mobility.
Message Authentication Code
Provides message integrity like a message digest, but additionally
supports message authentication.
MACs can be used with any iterative cryptographic hash
MD5, SHA-1 together with a shared secret key.
|Medium Level Assurance
||See Assurance Levels. |
||AKA thumbprint or hash
||Distillation of the information contained in a file [or
message] into a single large number, typically between 128
bits in length. If any part of the file is changed, it
computationally unfeasible to find another file with the same
message digest value. Also called one-way hash functions
they produce values that are difficult to invert, resistant
attack, effectively unique, and widely distributed. See also
The man in the middle attack is an attack where the attacker
is able to read, and possibly modify at will, messages between
two parties without letting either party know that they have
been attacked. The attacker must be able to observe and
intercept messages going between the two victims. (From Wikipedia)
Manchester Information and Associated Services
Project partner in the
to MIMAS' role in this project).
Zetoc - gateway for
British Library table of contents. Getting a password for
Zetoc depends on
authentication from the user's institution.
National Security Agency (USA)