We need at least one other person authorized to issue FusionGrid
certificates.

The act of issuing certificates requires having a certificate in
your browser, clicking on a link in an email, knowing the requester
personally and/or checking with one of the sponsors  that the
request is legit and then clicking on a button. You will also
receive email whenever a request is made. There is generally a
pretty low level of mail.

You need DOEGrids credentials for this purpose. To get authorized
as agents, you must send the public certificate in a signed email
to Dhiva (dhiva@es.net), who will then authorize the certificate.

Please use 'Certificate for FusionGrid CA Agent' as a subject
for the e-mail and in the email tell us that you want to use
the following certificate as my agent certificate for the
FusionGrid CA and then copy your certificate.  Please CC the
e-mail to Lew Randerson (lranderson@pppl.gov), as a confirmation
from Lew is also needed.

Note: As far as I can tell, a FusionGrid CA Agent and a 
FusionGridRa are the same thing.

A PPPL FusionGridRA can:
------------------------

  o Accept FusionGrid Certificate requests e-mail
    These e-mails have the subject
      "FusionGRID CA - xxx Certificate Request in Queue"
    where xxx is PPPL, GA, or MIT
  o Approve these requests
    We do these for PPPL with Doug McCune's okay.
    (We sometimes do get spurious requests.)
    I have sometimes approved TRANSP specific
    requests for GA and MIT but then I have had
    call up David Schissel or Martin Greenwald to
    get their approval for the requestor.
  o Request approval is done by clicking on the
    url given in the E-Mail and then approving
    the request on the page to which you are sent.

Requirements:
-------------
  
  o A DoeGrids certificate of the form 
     CN=Xxx Xxxxxxxxx 999999, OU=People, DC=doegrids, DC=org
    Where Xxx Xxxxxxxxx is your name and 999999 will
    be a latter defined number.
  o Getting one is the complicated procedure we used to 
    make all the users go through.

  o Requesting a DOEGrids certificate is described in:
     http://www.doegrids.org/pages/How-To-Import.html
    And then in:
     http://www.doegrids.org/pages/cert-request.html
     Affiliation will be "FusionGrid"
     Sponsor will be "Doug McCune"
  o The certificate key will be stored in your browser
    at request. The certificate itself will be stored
    in your browser when you import it from the page
    where it was stored after approval.
  o I will get e-mail about this request and then can
    approve it.
  o After approval you can go to http://www.doegrids.org,
    lookup the certificate, and then import the certificate
    from the details subpage into your browser.

  o This certificate is required in your browser when 
    approving a certificate request and is also used as
    a signature in your e-mail requesting FusionGridRA
    status
    
To apply for FusionGridRA status:
---------------------------------
   
  o Send your DoeGrids-certificate-signed mail to dhiva@es.net
    with a copy of your certificate in the form.  E-mail 
    subject is "Certificate for FusionGrid CA Agent". Contents
    are something like ... I want to use the following
    certificate as my agent certificate for the FusionGrid CA
    and then copy your certificate.

For More Details:
-----------------

  o For more details, see
      http: www.fusiongrid.org/FusionGridCP-1.0b.doc