TIES II — Feasibility study for a JISC national certificate issuing service Middleware studies meeting 11 March 2004.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

Supporting education and research Core Middleware Development Nicole Harris, Programme Manager, JISC Middleware Team.

Joint Information Systems Committee 01/04/2014 | slide 1 Access Management and e-Portfolios What are we trying to protect??? Joint Information Systems.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Scoping Study for Institutional Profiling and Terms & Conditions Services JISC Joint Programme Meeting Brighton 6-7 July 2004.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

Joint Information Systems Committee 01/04/2014 | | Slide 1 e-Infrastructure Programme James Farnhill, Programme Manager, JISC Identity Management and Levels.

Joint Information Systems Committee 01/04/2014 | | Slide 1 e-Infrastructure Programme James Farnhill e-Research Programme Manager e-Infrastructure Security.

Shibboleth Development and Support Services SDSS Development Federation Next Phase Sandy Shaw, EDINA JISC CM Programme Meeting, Windermere, 14–15 November.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Philip LordDigital Archiving Consultancy Alison Macdonald Digital Archiving Consultancy Liz LyonDigital Curation Centre David GiarettaDigital Curation.

DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.

4 December 2002 Grid Resource Access Workshop, NeSC 1 Managing Access to Resources on the Grid David Boyd CLRC e-Science Centre

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

JIBS OpenURL meeting 17 Sept BALSA and proposal for OpenURL routing service Andrew Bevan (EDINA user support)

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

Supporting education and research JISC ‘Accessing the Future’ Addressing the needs of Further Education and smaller institutions Nicole Harris, JISC Programme.

Introduction to Shibboleth and the IAMSECT Project.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

WSU A Symphony in Four Movements. A Century of Controlled Flight.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Configuring Active Directory Certificate Services Lesson 13.

Public Key Infrastructure Ammar Hasayen ….

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Internet Trust Defined. Delivered. Electronic Business the Way It Was Meant to Be.

Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Copyright © 2000 Internet Document Security Alan Weintraub Research Director March 9, 2000.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

MALARIA TRACK SESSION SUMMARIES_ICIUM 2011 TEAM MEMBERS: EVELYN ANSAH, KOJO YEBOAH-ANTWI, CHARLES EZENDUKA, DAVID OFORI-ADJEI.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Software Industry Issues Mark Lange Microsoft EMEA March 1, 2005.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Jisc Publications Router – helping you capture your institution’s outputs 10 Sept 2015.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Supporting education and research The JISC Core Middleware Call Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research.

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.

Tweaking the Certificate Lifecycle for the UK eScience CA

SOLUTION FOR YAHOO TWO STEP VERIFICATION NOT WORKING

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

E-MARC Recommendations

David Kelsey (STFC-RAL)

Inter-institutional Trust Fabric Overview and Synergies

The JISC Core Middleware Call

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

TIES II — Feasibility study for a JISC national certificate issuing service Middleware studies meeting 11 March 2004

Aim  To consider the deployment of digital certificates to a significantly expanded e-Science community, and make recommendations to JISC

Technical options  Community operated open source CA  Community operated insourced CA  Fully outsourced CA

JISC IE Background  TIES I study recommended model of single national CA with institutional RAs  TIES I envisaged full rollout of certificates for JISC IE services as well as e-Science  But Shibboleth now adopted as preferred solution for IE  Remaining role for digital certificates?

e-Science background  All e-Science resources currently require users to present identity certificates  One CA per country  One flavour: medium assurance certification  Unpopular with users and RAs  RAL CA issues certificates at ~£220 a pop  RAL CA will not scale above ~1000 certificates  Due to expand rapidly (~20,000 in 5 years)  How to afford? How to scale? How to make acceptable? How to handle non-institutional users?

Approach  Two levels of assurance: basic and medium  CA based on commercially provided software  Single trust anchor

Specification  Three types of certificate: Two flavours of identity certificates for users: –Medium assurance for high-value and non-UK resources –Basic assurance for the rest (including students), UK-only Certification for SSL-enabled servers engaged in cross- institutional secure communication –e.g., for Shibboleth servers  Uses: identity assurance ( users and servers), signed  Choice of insourced/outsourced solution

Next steps  Briefing note for discussion  Confirm requirements (balance constraints and ambitions)  Firm up specification (numbers of RAs, certificates, policy, key usage, CRL regime)  Talk to suppliers

Contacts  Sandy Shaw, EDINA  Fiona Culloch, EDINA  David Chadwick, University of Salford   TIES I report: