Credential revocation is a critical problem in grid environments and remains unaddressed in existing grid security solutions. We present a novel grid authentication system that solves the revocation problem. It guarantees instantaneous revocation of both long-term digital identities of hosts/users and short-lived identities of user proxies. With our approach, revocation information is guaranteed to be fresh with high time-granularity. Our system employs
(mRSA), adapts Boneh’s notion of
to suit security in virtual organizations and propagates proxy revocation information as in Micali’s
system. Our approach’s added benefits include a configuration-free security model for end-users of the grid and fine-grained management of users’ delegation capabilities.