QuoVadis Group Roman Brunner, Group CEO Update for EUGridPMA – May 12, 2009

QuoVadis Snapshot Founded 1999 as Commercial Certification Authority Offices in Switzerland, UK, Holland, Bermuda Organisations want to “use digital certificates” more than “run their own PKI” –Complexity of PKI policy and technology can distract from the actual business QuoVadis provides turnkey solutions surrounding digital certificates and digital signatures –Allow the customer to focus on their users and core systems/processes Critical mass to provide: –Specialised registration systems to improve user experience, compliance –Secure hosting and operations of the PKI –Support for arcane PKI issues –Audits and accreditations –Wide distribution of roots in OS and Browsers

Do It Yourself ? OIDs Operational policy and procedures Archiving Policy Approval Authority Implementation plan Operational CAs Root CA Directory structure Token management Smart card issuing Validation process Naming convention Regulatory compliance Renewal process OCSP Revocation process Registration process Legal liability CP & CPS Backup systems Firewalls Business continuity plan Security Policy and Procedures Support organisation Trust Model End-to-end test Operations test System test Training Support Training end-users Training Operations Audit Key Management Hardware management Concept of Operations

Service Overview Digital Certificates End User certificates, including Qualified and Advanced certificates, for various uses. Functional certificates, including ElDI-V/GeBüV, code signing, gateway, etc. SSL including the new Extended Validation SSL. Managed PKI Outsourced certification authorities (CA) that can be tailored to the particular needs of a client or community. Rapid-deployment Trust/Link registration authority (RA) web portals for easy issuance for both End User and SSL certificates. Signing Services Trusted time-stamping to reinforce data integrity and non-repudiation in the submission, storage/archive, or tracking of electronic records. Digital signing tools (both client and server side). Root Services Root CA hosting for organisations wishing to set up their own trust anchors. Root CA signing enhances the trust and recognition of customers’ in-house CAs. PKI policy, technologies, and integration into customer environments.

Root Distribution Browsers Microsoft Internet Explorer 5.0+ (including Maxthon and others) Mozilla Firefox (including Camino, Fennec, and Sea Monkey) Opera (including Opera Mini) Safari 1.0+ (including mobile Safari) Google Chrome Konqueror and K-Meleon Operating Systems Microsoft Windows XP+ Apple OS/X+ RIM Blackberry 4+ KDE Java (in progress) Clients Apple Mail.app Eudora Microsoft Entourage Microsoft Outlook Microsoft Outlook Express Mozilla Thunderbird Mozilla Sea Monkey RIM Blackberry Mail (part of Core Applications) Other Microsoft Office Open Office Wide array of OSS applications that use the Mozilla NSS libraries 3.9+ Adobe Acrobat (in progress)

Audits and Accreditations QuoVadis seeks accreditations in support of our client needs: –WebTrust for Certification Authorities –WebTrust for Extended Validation –Swiss Qualified Certification Services Provider –Netherlands Qualified Certification Services Provider –Bermuda Authorised Certification Services Provider –Currently obtaining PKI Overheid Accreditation in the Netherlands

QuoVadis Grid CA Custom GridCA built for SWITCH in compliance with EUGridPMA standards –Updates made to QuoVadis CP/CPS Evolved from QuoVadis relationship providing SSL to SWITCH institutions using Trust/Link SSL Available for other EUGrid members’ use: –Reduce PKI management burden –Simple interface for users –Chained to QuoVadis root for wider “trust” in end user software

EUGridPMA Accreditation EUGridPMA team has performed a detailed review and approval of: –The QuoVadis CP/CPS –The QuoVadis Grid Issuing CA, End User, Server and CRL certificate profiles The repository on the QuoVadis website ( contains the QuoVadis Grid Issuing CA certificate, the Grid CRL, and the QuoVadis Root Certificateshttp:// Update to CP/CPS will be posted when CA goes into production QuoVadis are currently in progress with the TACAR application A big thanks to all the EUGridPMA reviewers for all their hard work, time, and input!

Certificate Types Grid End User certificates for authentication and secure Grid Server certificates for authentication and secure communication with Grid resources Grid members who wish to use the Grid CA would sign up as Participating Institutions/Registration Authorities –QuoVadis is working with SWITCH to document procedures for RAs Certificates will be issued and managed using our Trust/Link web applications: –Trust/Link For End Users –Trust/Link For SSL

Example: Trust/Link SSL Pre-vetted details allows immediate issuance of SSL –Templates for consistency Separation of institution “accounts” Delegated administration, ability to accommodate different approval regimes Single login for Subscribers to manage all their SSL Custom s for lifecycle events Flexibility for certificate types, use of SANs, etc. QuoVadis can provide demonstrations for interested groups

Roman Brunner