Summary of Poznan EUGridPMA32 September 2014. EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.

Slides:



Advertisements
Similar presentations
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Advertisements

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
Updates from the EUGridPMA David Groep, Apr 20 th, 2009.
Updates from the EUGridPMA David Groep, Oct 11 th, 2011.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.
LiveAP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure SURFsara, and EGI.eu O-E-15 and EGI-InSPIRE.
EUGridPMA CAOPS-WG and IGTF Issues June 2012 Delft, NL David Groep, Nikhef, EUGridPMA, EGI and BiG Grid.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
TERENA TF-EMC2 Workshop David Groep,
Updates from the EUGridPMA David Groep, July 16 st, 2007.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – going where? Collaborative, distributed, and generalized assurance beyond just identity authentication.
EUGridPMA Status, current trends and some technical topics March 2013 Boulder, CO, USA David Groep, Nikhef & EUGridPMA.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Updates from the EUGridPMA David Groep, Nov 7 nd, 2008.
EUGridPMA status and updates David Groep, GGF18. EUGridPMA Status Update, TAGPMA Ottawa David Groep – Items  EUGridPMA.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
European Grid Policy Management Authority. Event - 2/total Speaker Name – Coverage of the EUGridPMA Green: Countries with an accredited.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.
SHA-2, current trends and some technical topics March 2013 Taipei, TW David Groep, Nikhef & EUGridPMA.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.
EUGridPMA Status, current trends and some technical topics March 2013 Taipei, TW David Groep, Nikhef & EUGridPMA.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011.
IOTA AP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure and SURFsara.
Updates from the EUGridPMA David Groep, May 9 st, 2007.
Status review and pending issues March 13, 2012 Oxford, UK David Groep, Nikhef, EUGridPMA, EGI and BiG Grid participation supported by IGE, the Initiative.
Updates from the European Side of the Pond David Groep, November 2006.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
EUGridPMA Status Review … and proposals February 28, 2012 Taipei, TW David Groep, Nikhef, EUGridPMA, EGI and BiG Grid.
APGridPMA Update Eric Yen APGridPMA August, 2014.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Welcome to Amsterdam EUGridPMA35 September EUGridPMA Amsterdam 2015 meeting – 2 David Groep – Welcome back in Amsterdam.
14 th EUGridPMA Meeting Update from TAGPMA Jim Basney Lisbon, Portugual October 6-8, 2008 The Americas Grid Policy Management Authority.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
Updates from the EUGridPMA David Groep, Oct 17 st, 2007.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
EUGridPMA Status and Current Trends and some IGTF topics March 2015 Taipei, TW David Groep, Nikhef & EUGridPMA.
IGTF Generalised Assurance comments by federation operators with a SAML background September 19-21, 2016 CERN, Geneva, CH.
Classic X.509 AP updates (v4.1)
EUGridPMA CAOPS-WG and IGTF Issues March 2013 Charlottesville, VA, USA David Groep, Nikhef, EUGridPMA, and EGI.
Grids & PKI: TAGPMA & Bridges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL.
EUGridPMA Status and Current Trends and some IGTF topics March 2016 Taipei, TW David Groep, Nikhef & EUGridPMA.
EUGridPMA Status and Current Trends and some IGTF topics June 2014 Lehi, UT, US David Groep, Nikhef & EUGridPMA.
EUGridPMA Status and Current Trends and some IGTF topics March 2014 Taipei, TW David Groep, Nikhef & EUGridPMA.
The IGTF Charter Name uniqueness throughout the IGTF is anchored in the Charter Current Charter assigns a namespace to an Authority, implying that the.
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
Emir Imamagić University Computing Centre (Srce)
Presentation transcript:

Summary of Poznan EUGridPMA32 September 2014

EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC

EUGridPMA Poznan 2014 meeting – 3 David Groep – Geographical coverage of the EUGridPMA  26 of 28 EU member states (all except LU, MT)  +AM, CH, DZ, EG, IL, IR, IS, JO, MA, MD, ME, MK, NO, PK, RO, RS, RU, SY, TR, UA, CERN (int), DoEGrids(US)* + TCS (EU) Pending or in progress  ZA, KE, TZ, SN, TN, AE, GE

EUGridPMA Poznan 2014 meeting – 4 David Groep – Summary Topics  Update to naming in Approved Robot Guidelines  AARC and the pan-European AAI in the next two years  Generalized IGTF Levels of Authentication Assurance  On-line CA Architectures Guidelines document  Registration Practice Statement  xSIM - Identity Management for Virtual Organizations –  Auditing, accreditation, and compliance –  SWITCH/QuoVadis membership status change –  Miscellaneous topics

EUGridPMA Poznan 2014 meeting – 5 David Groep – Robot naming  "the validated fully-qualified domain name of the system from which the robot shall be solely operating. The RA SHALL ensure that the requester is appropriately authorized by the owner of the associated FQDN or the responsible administrator of the machine to use the FQDN identifier asserted in the certificate. In this case the CA SHOULD have a facility to obtain at least the contact information contained in the public certificate about the owner of the FQDN based on the subject name of the certificate to any requester."

EUGridPMA Poznan 2014 meeting – 6 David Groep – LoA extraction and generalisation  The LoA generalization process aims to extract those elements from the IGTF APs that are of general value to the community well beyond PKI. This has not always been clear from the AP document, since they have both LoA elements and PKI implementation requirements combined in a single document. But the APs, and now these LoAs, actually encode the consensus of acceptable levels for our major relying parties, and are designed such that they also balance the 'cost' or 'do-ability' of our identity providers.

EUGridPMA Poznan 2014 meeting – 7 David Groep – LoA updates and the Classic AP  SLCS + MICS done in Lehi  The Classic AP profile was similarly analysed and the LoA generic elements extracted from it. These have been added to version 02 (IGTF-LoA-authN- set v02) which is now available on the IGTF member Wiki ocumentLinks along with the set of differences compare the (merged) levels identified in Lehi. ocumentLinks

EUGridPMA Poznan 2014 meeting – 8 David Groep – On-line CAs  The Guidelines for On-line PKI Certification Authorities was completed - and encodes the current requirements and best practices for operating and establishing an on-line CA architecture. It also addresses the best common practice found today in large-scale and publicly trusted CAs.  It is by now good practice that the key generation is done in a documented ceremony (to prevent technology lock-in to a specific HSM), although generation inside the HSM is obviously allowed.

EUGridPMA Poznan 2014 meeting – 9 David Groep – RPS  Communities in practice seem to have a life cycle longer than many of the (project or research- organisation funded) issuing authorities that they use. This has been the case for Open Science Grid, the Austrian community, and is likely to happen often. In practice, these communities seek a new issuing CA, but the underlying registration and identity vetting practices remain the same.  Q-J0-aYALDqGtBE_gkb0Ap8snWcsnTWPGnqI (this is the version before discussion in Poznan) Q-J0-aYALDqGtBE_gkb0Ap8snWcsnTWPGnqI

EUGridPMA Poznan 2014 meeting – 10 David Groep – Misc topics  KENET revised the CA architecture and decided on the use of EJBCA. This should make it easier to deploy a secure CA (no longer VMs )  TCS  New provider  model (TERENA is the organisation representing and accrediting the CA) will stay the same.  The name space assigned to TCS will remain the same, so the change should be fully transparent to the end- users!  Additional details were kindly provided live by our new TCS issuing CA provider during the meeting  QV membership change

EUGridPMA Poznan 2014 meeting – 11 David Groep – EUGridPMA Meeting Agenda  33 rd PMA meeting January 2015, Berlin, DE (offered by DFN)  APGridPMA & ISGC: March 2015 (Security Workshop on 15)  TNC2015: June 2015, Porto, PT (REFEDS on 14 th )  34 th EUGridPMA, May 2015, Kopenhagen  Beyond open for co-location with AARC and others

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.