PURSE

From the website:

PURSE is an "integrated solution" that provides an easy-to-use web interface for potential users of an application to "register" themselves and request sign-in credentials. Administrators receive requests and decide whether to grant them or not. When a user is registered, a Grid credential is created on his behalf and used "behind the scenes" whenever he uses the application.

PURSE combines the Simple CA and MyProxy components with a back-end database (e.g., MySQL) and a web portal to automate user registration requests. The registration interface solicits basic data from user, including a desired ID/password combination. Requests are forwarded by email to an administrator and the data from the requests are stored in a database. The administrator uses administrative functions in the web portal to process requests. Users receive email notification when their accounts are ready for use.

When an account is created, the portal generates a credential for that account automatically using the Simple CA component. This credential is issued by the application administrator, so it is most likely only "valid" for use with the specific application and no others. The credential is stored in the MyProxy service and secured using the requested ID/password combination.

When a user logs into the application, the application obtains a Grid proxy certificate from the MyProxy service using the user's ID/password, and the application can then use this proxy to authenticate to any other Grid service that recognizes credentials issued by the application administrator.

See the website for more details. This info was simply copied from there; more details from PURSE developers and/or users would be great.