I believe there is a case to be made that the VO security structure should include both patterns: the Certificate Store vs the Browser-plus-Certificate. This being that place that the "warrant" or certificate is located: remote or local.
The Store mechanism has a well-secured remote machine that issues "proxies" on demand, which can be used on behalf of a user. A Store can service a grid of machines that all need various trust assertions. However, it needs to be continuously available. Also, it adds another component to the service structure, a component that must communicate securely with others, and thus adds software burden.
The Browser mechanism holds the certificate locally, i.e. a laptop. It relies on physical security of the machine that holds it, although some browsers can ask for a password as well as physical access. It can communicate securely with a server, and can handle the certificates in a user-friendly way.
Perhaps the best argument is the upcoming AJAX and JSON-RPC applications that bring great power to the browser itself.
Google Maps/Sky is/will be an AJAX application, I suspect that soon enough Google Sky will become a prime viewing platform for the virtual sky. It would be nice to have certificate-enabled access to sequestered data. Received on 2006-10-27Z19:57:39