Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated.

Slides:



Advertisements
Similar presentations
School statistic collections Summary of previous years, results, issues and proposed changes to future years collections.
Advertisements

IGTF and SHA-2 David Kelsey TAGPMA meeting, SDSC Feb 2012.
CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
Michelle Groy Johnson Quality Improvement Officer Research Integrity Office Tough Love: Understanding the Purpose and Processes of Quality Assurance.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.
Pathway Interaction Database (PID) Market Research BioPortals Tiger Team Meeting Mervi Heiskanen January 31, 2013.
EGI-InSPIRE RI EGI.eu European Grid Infrastructure EGI-InSPIRE RI Credential Validation Middleware Requests compiling.
IGTF Risk Assessment Team 9/14/091.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
IGTF, WLCG, EGI and SHA-2 (and RFC proxies) David Kelsey (STFC-RAL and WLCG) TAGPMA meeting, Panama City Aug 2012.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
Data Quality Lyndsay Pendegrass IST Peter Hyland
CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers By Kartik Patel.
Interset Support Overview March 2017
Wallpaper only – on screen during welcome and chat
Dependent Eligibility Audit CEWW Health Insurance Consortium
ONAP security meeting
Jens Jensen EU Grid PMA, Berlin Jan 2015
FAEC DATA Act Working Group May 8, 2017
Expired Survey Results as of
Workplace Etiquette with Microsoft Office 365
AEGIS Certification Authority
Interpreting School Rules
Classic X.509 AP updates (v4.1)
UGRID CA Sergii Stirenko, Oleg Alienin
Operating systems and Internet Infrastructure services
2012 Business Guidelines for Association Membership
Virtual Face to Face Meetings for ID-check
Improving Data, Improving Outcomes Conference August, 2016
ONAP security meeting
Communications Protocols: The Good Faith Process
More leads, More enquiries, More sales
EUGridPMA Status and Current Trends and some IGTF topics June 2014 Lehi, UT, US David Groep, Nikhef & EUGridPMA.
Mobile App ID Cards.
EUGridPMA Status and Current Trends and some IGTF topics March 2014 Taipei, TW David Groep, Nikhef & EUGridPMA.
Leveraging the IGTF authentication fabric for research
Leveraging the IGTF authentication fabric for research
Communications IGTF RAT Comms Challenge 3 Fall 2015
Team Leader Training The CG’s Summary…
SHA-2 Migration status David Groep Nikhef Nikhef, Amsterdam
Cardinal Convo - March AM PM.
Supporting communities with harmonized policy
Contents subject to change.
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
Registry Information Session
MaGrid CA Self audit and update
AuthN Middleware Requests
Basics of a Joint Health and Safety Committee
and the SHA-1 depreciation time line and status
David Kelsey (STFC-RAL)
Division of Long-Term Services and Supports
Abstinence / Postponement of Sexual Activity: A Healthy Choice
Introduction to Invoicing
Early Career 2013: Satisying Life
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
Key Value Indicators (KVIs)
Best practices for packaging and distributing device drivers
Default Prevention: A Beginners Guide to Implementation
Response Time: How Long is Too Long
Back to the New Basics Schools and Libraries Division
ANAB AQMS Activity 2011 ~ to date July 2011
KISTI CA Report Status & Self-Audit
IETF 87 DHC WG Berlin, Germany Thursday, 1 August, 2013
IRS Has Started to Issue Penalty Letters
OCSP Requirements GGF13.
Advice Guidance & Proceed
Digital Marketing Services PREPARED BY : GLOBALMAILMEDIA
Presentation transcript:

Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated by SURFsara, and EGI Core Services

Interacting with the IGTF ID providers Today Every 1-6 hours: CRL retrieval Every 24 hours: CRL Availability/Reliability check Every ~2 years: RAT Communications challenge but is that enough, and is it ‘healthy’? 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Last RAT challenge results In a strict interpretation we can say that ~30 % missed out on the requirement to react within one business day – only 70% were compliant .. and 13% did not reply at all – and the rechallenge only marginally improved it  Results communication test 2013: 76 % fullfilled the requirement - 24 % failed. 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015 Data: Ursula Epting, KIT

Interoperable Global Trust Federation 2005 - 2015 CRL availability Retrieved hourly, and assessed 2x per day February: 40(!) warnings generated, so 20 fault-days CRL expiration time too close CRL download unavailable at times seems like CAs are using the PMA warnings as their calender – this is not how it should be! Warnings are auto-generated and do not require response apart from fixing the issue – so are no measure of communication responsiveness 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Interoperable Global Trust Federation 2005 - 2015 Self-audit status At least for EUGridPMA, self-audit are requested for the agenda (3x per year) from those CAs that are ‘due’ for one Some requests (to a very small number of CA managers) by the PMA chair lacked any response by e-mail Might complete non-response be an EUGridPMA-specific issue? EUGridPMA does not have monthly videoconfs … 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Interoperable Global Trust Federation 2005 - 2015 We need to communicate What do we do with Non-responsive CAs and CA managers Consistently failing CRLs Consistently non-updated CRLs Non-response to the RAT challenge within a defined window? EUGridPMA proposed transparent and consistent process 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Suspension consistency guidance proposal What is your view? Suspension consistency guidance proposal suspend a CA for operational reasons if after N days of commencement of a failure condition it cannot be resolved time starts after the last test, so for an off-line CRL it means it has not been updated for already 60 days suspend a CA also after failure to respond to a Communications Challenge for more than N days increase the frequency of the RAT Challenges to twice-yearly and set the grace period N to 30 days unless there specific alleviatory circumstances are communicated 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Getting more from the RAT CC Merge in the request for SHA-2 status? “Are you issuing exclusively SHA-2 EECs now?” “Do you have any SHA-1 certs lets today?” Considerations Must be able to respond quickly (1 day) – asking for complex things that need checking might delay response Can ask for ACK, later measure follow-up? So (1) is likely preferred – but your choice! 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Building a global trust fabric Questions? Building a global trust fabric Interoperable Global Trust Federation 2005 - 2015

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.