GSI supports three authentication methods:
X.509 certificates: All three protection schemes seen above can be used along with X.509 certificated to provide strong authentication (as seen in Section 9.4, “Certificates and certificate authorities”).
Username and password: A more rudimentary form of authentication, using usernames and passwords, can also be used. However, when using usernames and password, we will not be able to use features like privacy, integrity, and delegation. This form of authentication is not covered in the tutorial (you can refer to the official Globus documentation for more details on how to use it).
Anonymous authentication: We can request that a communication be anonymous, or unauthenticated. Anonymous generally makes sense when we are using more than one security scheme. For example, we can use GSI Secure Conversation (authenticated with X.509 certificates) and anonymous GSI Transport, so that we don't perform an additional (redundant) authentication.
![[Note]](images/note.png) | |
Since unauthenticated communications are not commonly used, the Globus literature generally uses the term authentication methods to refer directly to GSI Secure Conversation, GSI Secure Message, and GSI Transport. We will follow this same convention throughout the rest of the tutorial. |