On order to access global Grid resources, users must hold a valid personal Grid user certificate (authentication), AND users must be member of a Virtual Organization (authorization). Note: Service or host certificates identify services and hosts not users!
A valid Grid user certificate is a prerequisite to request membership in a VO. Multiple VO membership is possible.
(A Grid user certificate can be seen as an analogon to a passport, whereas the VO membership compares to a visa.)
The Grid Security Infrastructure (GSI) is part of the Globus toolkit. It is based on the Public Key Infrastructure (PKI) and uses X.509 certificates. The implementation utilizes openSSL. Certificates are encrypted electronic documents issued by a so-called Certification Authorities (CA); in case of Germany this is FZ Karlsruhe (GridKa). Users must register with the CA at GridKa directly or via a Registration Authority (RA). All requestors must agree to the Certification Policy and Certification Practice Statement of the German Certification Authority (CA) at FZ Karlsruhe GridKa!
DESY acts as a Registration Authority (RA) for the German CA GridKa. CAs require a copy of the passport or ID before they reply to a user certification requests. This copy can be handed-in to the RA at DESY. You don't have to travel to Karlsruhe! Since we might not know you personnaly, fill out the template completely, get the signatures and send it by surface mail or fax to the "DESY IT Secretary".
It is sufficient to hand in this copy ONCE; even when requesting a new certificate.
Definitions can be found in the Internet X.509 Certificate Request Format (RFC2511).
Some useful links: