TERENA Certificate Service (TCS) 2 August 2011. Slide 2 ›TCS is a competitively tendered bulk-buy contract between TERENA and Comodo Limited on behalf.

Slides:



Advertisements
Similar presentations
Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
Advertisements

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Contrail and Federated Identity Management
A Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’ Sept 2009 Barcelona.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
EU NREN PKI Jan MeijerAARnet PKI / Access Federations Strategy Workshop 10 February 2010 Sydney.
Webinar “Operating the TCS shared portals” for NREN admins TCS shared portal project a/TCS_Portal_project Jan Meijer.
TCS Procurement at GÉANT Association Nicole Harris 27 November 2014.
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
TERENA Certificate Service (TCS) 9 June Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up.
Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio
John Dyer Business & Technology Strategist TERENA 10 February 2014 TF-MSP Meeting ACOnet, Vienna Aggregation of Demand Collaborative.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Networks ∙ Services ∙ People David Groep TCS TNC2015 Workshop TCS SAML demo background June 16, 2015 TCS PMA.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
Updates from the EUGridPMA David Groep, July 16 st, 2007.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.
Claudio Allocchio TERENA Technical Programme - Update General Assembly, 21 October 2005, Budapest 1 TERENA Technical Programme Update Claudio Allocchio.
David Groep Nikhef Amsterdam PDP & Grid TERENA Certificate Service Certificates4All! David Groep standing in for Licia Florio, TERENA, using material from.
Unlimited SSL and personal certificates at one annual fixed fee.
Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA
E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
Licia Florio Poznan, 5 June SCS Proposal Investigates the possibility to set up a service that offers popup-free cheap server-certificates against.
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
GRID-FR French CA Alice de Bignicourt.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
QuoVadis Group Roman Brunner, Group CEO Update for EUGridPMA – May 12, 2009.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
TERENA Certificate Service (TCS) September SCS,TCS,TCS-II – the ten year road to simple unlimited certificates › Back in 2004 many NRENs had set-up.
AEGIS Certification Authority
Classic X.509 AP updates (v4.1)
Tweaking the Certificate Lifecycle for the UK eScience CA
MaGrid CA Self audit and update
Certificate Service Survey Summary
BG.ACAD CA Self-audit report 2018
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

TERENA Certificate Service (TCS) 2 August 2011

Slide 2 ›TCS is a competitively tendered bulk-buy contract between TERENA and Comodo Limited on behalf of NRENs. ›Allows participating NRENs to issue unlimited numbers of certificates for flat fee (EUR K per year). ›TERENA member NRENs in Europe, Central Asia, the Middle East and North Africa are eligible. ›Uses commercially trusted CA (AddTrust/UTN-USERFirst), with dedicated sub-CAs established for each TCS certificate type. ›TCS expands on old SCS (provided by GlobalSign) by offering client and code-signing certificates in addition to SSL certificates. Background

Slide 3 ›Five types of certificate available: ›Server Certificate - for authenticating servers and establishing secure sessions with end clients. ›e-Science Server Certificate - for authenticating Grid hosts and services. These are IGTF compliant. ›Personal Certificate - for identifying individual users and securing communications. ›e-Science Personal Certificate - for identifying individual users accessing Grid services. These are IGTF compliant. ›Code-signing Certificates - for authenticating software distributed over the Internet. Certificate Types

Slide 4 ›Comodo contract runs from 1 July 2009 until 31 June 2012, with option to extend for further 2 years. ›It is a full service: ›Server certificates available since 1 July ›Personal and eScience Personal certificates available since 5 February 2010 ›Code-Signing certificates available since 1 June 2010 ›eScience Server certificates available since 1 October 2010 › Currently 26 of 39 NRENs using service, but … ›How they implement it is a national decision. ›Not all currently offer all certificate types. Service Details

Slide 5 ›eScience variants come free when NRENs subscribe to TCS Server and/or Personal certificate types. ›Grid certificates have specific requirements. ›Maximum validity of 13 months. ›Attribute values restricted to 7-bit ASCII. ›Only bound one end entity. ›TCS eScience Personal Certificates: › IGTF profile “ Member Integrated X.509 PKI Credential Services (MICS) ” ›EUGridPMA accreditation received in January 2010 ›TCS eScience Server Certificates: › IGTF profile “ Classic X.509 CAs with secured infrastructure ” ›EUGridPMA accreditation received in August 2010 ›Thanks to Jan Meijer, Milan Sova and David Groep who guided the accreditation process with EUGridPMA. eScience Certificates

Slide 6 Participants NREN/Country SESPEPCNREN/Country SESPEPC ACOnetAT  -  -  IUCCIL  -- BELNETBE  -  LITNETLT  ---- CARNetHR  ----UoMMT  - CyprusCY  P  SURFnetNL  CESNETCZ  -UNINETTNO  -  - UNICDK  --  -PSNCPL  RedIRISES  -  -  FCCNPT  ---- FUNETFI  --  -RoEduNetRO  -  -- RENATERFR  -  --AMRESRS  ---- GRNETGR  -  --ARNESSI  ---- HUNGARNETHU  ----SANETSKPPPPP HEAnetIE  ---  SUNETSE  GARRIT  -JANET(UK)UK  ----

Slide 7 ›Comodo web interface ›Web-based interface suitable for NRENs issuing small numbers of certificates. ›Basic and not recommended. › Can ’ t be used for eScience Personal certificates as EUGridPMA accreditation requires IdP authentication. ›Comodo API ›Accessed via HTTPS and authenticated with username/password. ›Instructions sent as POST parameters, with responses sent in plain text or URL-encoded. ›Allows NRENs to develop their own custom front ends for issuing certificates. ›Documented at Issuing Certificates

Slide 8 ›Djangora (Django + RA) ›Supports issuing of Server, eScience Server & Code-signing certificates. ›Developed by Kent Engström (Linköping) University on behalf of SUNET. ›Based on Django Python framework & MySQL/PostgreSQL database. ›Web interface. ›Source code available, can be customised by NRENs. ›Confusa (named after flowering plant growing in Arctic regions) ›Allows users to apply for Personal & eScience Personal certificates. ›Developed by UNINETT and NDGF. ›Based on PHP with customisable web interface. ›User authentication undertaken through existing institutional identity providers (IdPs), normally used in conjunction with identity federations. ›Available under GPL licence from Djangora & Confusa

Slide 9 ›Several NRENs decided to pool resources and operate common portal for personal certificates. ›Hosted on resilient servers at Tilburg University under contract to TERENA. ›Utilises Confusa software. ›Each NREN community needs to operate at least one IdP, but multiple IdPs are supported. ›Participants: ›ACOnet (AT), BELNET (BE), FUNET (FI), GARR (IT), RENATER (FR), SUNET (SE), SURFnet (NL), UNI-C (DK), UNINETT (NO) ›This is now also a full service. TCS Portal

Slide 10 Statistics (1 July 2009 – 16 June 2011) TypeTotal Server(from 1 Jul 2009)59,901 eScience Server(from 1 Oct 2010)227 Personal(from 5 Feb 2010)2,194 eScience Personal(from 5 Feb 2010)844 Code-Signing(from 1 Jun 2010)81 Overall63,247

Slide 11 ›TERENA has not done much promotion to date. ›Other priorities and staff resources. ›TCS is primarily nationally oriented. ›How best to target? › NRENs don ’ t see much demand, therefore don ’ t buy into service or actively promote. ›Not always close cooperation between NRENs and Grid communities. ›Grid communities are reluctant to relinquish their own CAs. ›Some grid software has problems with longer chains of trust found in TCS certificates. Not TCS problem per se, but gets the blame! Take-up of eScience certificates

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.