[phpwiki]
Taking the time to read up on the GridShib CA and MyProxy CA was very useful. They and phpki ultimately all are backened by an openssl configuration so in a sense are compatible with each other. The decision to use one over the other seems to mainly be about where one stores a cert and how one can retreive it. The GridShib CA has a great way of creating certs that are truely private (client-based key) so I'm guessing there is not a key store in GridShib CA. MyProxy CA would seem to have a keystore since it's backended by Simple CA. This makes it like phpki except that the interface is command-line versus web.
It seems like one could combine the best of all three of these solutions to make a complete grid ca that could let user have certs for multiple purposes (using jws from gridshib ca) and yet have proxies in myproxy service for grid consumption. Dimply having the trust between the grid portal and a specific MyProxy service could make the interface transparent for users. For the security consiouse they could use a JWS-based myproxy-login to allow the user to not have a stored cert on the ca at the expense of an extra step during interaction. Hmm, or you could have the user use their local cert inside the web browser. options...
