1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

Slides:



Advertisements
Similar presentations
Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.
Advertisements

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien F2F Meeting 8 th March 2010.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Updates of APGrid PMA 22 June, Members (15 + 1) 15 Accredited CAs AIST (JP) APAC (AU) ASGC (TW) CNIC (CN), SDG IGCA (IN) IHEP (CN) KEK (JP) KISTI.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
User Certificate Application: ASGCCA. Agenda Introduction ASGCCA User Responsibilities Certificate application form RA verify identity of users User generate.
IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
Academia Sinica Grid Computing Certification Authority (ASGCCA)
KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, th APGridPMA in Taipei.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
Lessons Learned from disaster recovery Jinny Chien April 20, th APGridPMA in Taipei.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
KEK GRID CA Takashi Sasaki Computing Research Center KEK.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.
Update of APGridPMA APGridPMA Meeting Academia Sinica, Taiwan 22 March,
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
APGridPMA Update Eric Yen APGridPMA August, 2014.
Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.
FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,
BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
GRID-FR French CA Alice de Bignicourt.
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
Soapbox (S Series) Who, what, where, why, how Rome Soapbox, Jan 2013 Jens Jensen, Chief Soapbox Officer.
Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )
Updates of APGrid PMA 18 th EUGridPMA Meeting 18 th EUGridPMA Meeting 18 January, 2010 Eric Yen ASGCCA Taiwan.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
Self-Audit & Status Report for KEK GRID CA Hiroyuki Matsunaga KEK (High Energy Accelerator Research Organization), Computing Research Center APGridPMA.
PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
AEGIS Certification Authority
Guidelines for auditing Grid CAs
Grid Security Jinny Chien Academia Sinica Grid Computing.
MaGrid CA Self audit and update
Emir Imamagić University Computing Centre (Srce)
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
KISTI CA Report Status & Self-Audit
BG.ACAD CA Self-audit report 2018
Presentation transcript:

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March

2 Outline ASGCCA basic audit Information ASGCCA Audit Score list The Detailed Audit Report Summary & Further Plan

3 ASGCCA Self-Audit Info Time : March 2008 Place : Academia Sinica Staff : Jinny Chien, Min Tsai, Felix Lee and Eric Yen The relevant document: CP/CPS, CA cert, EE cert, Host cert and any other document available for the auditors Others : CA room, CA machine etc….

4 A List of Marks for Auditing According to the result of the examination and each item can be scored from A to D, and X as below. A : Good B : Recommendation (minor change) C : Recommendation (major change) D : Advice (must change) X : Could not evaluate (N/A)

5 ASGCCA Self-Audit Status Full items are 71 During this evaluation, ASGCCA got the following scores. Score A (Good): 57 / 71 Score B (minor change): 10 / 71 Score C (major change): 2 / 71 Score D (must change): 1 / 71 Score X (N/A): 1 / 71 The following reports only included score B to score X

6 The Audit Report Format ScoreASGCCA gets the score at this item DiagnosisCheck the relevant documents StatusThe status of ASGCCA now SolutionThe improvability of ASGCCA Evaluation: The items of the auditing checklist

7 Self-Audit Detailed Report(1)‏ ScoreB DiagnosisASGCCA CP/CPS Status The ASGCCA CP/CPS is structured in RFC 2527 Solution (In progress) We plan to modify current the CP/CPS this year and the new CP/CPS will follow RFC Evaluation: The CP/CPS document is structured in RFC 3647

8 Self-Audit Detailed Report(2)‏ ScoreD DiagnosisASGCCA CA certificate and CRL Status CA ’ s cert and CRL describe the signature algorithm is MD5. (MD5 must not be used in particular)‏ Solution (In progress) Use another signature algorithm such as SHA1 and add it at the annual CA schedule Evaluation: The message digests of the certificate and CRLs generated

9 Self-Audit Detailed Report(3)‏ ScoreB DiagnosisCA certificate and EE certificates Status CA cert and EE cert are compliant with the current Grid Certificate Profile but there is MD5 problem must be resolved. Solution (In progress) Use another signature algorithm such as SHA1 and add it at the annual CA schedule Evaluation: CA cert and EE cert must comply with the IGTF and OGF profile

10 Self-Audit Detailed Report(4)‏ ScoreB DiagnosisASGCCA CRLs Status No description in the current CP/CPS and we use CRL version 1 Solution (In Progress ) Check the CRL profile and modify the current CP/CPS. Evaluation: The CRLs must be compliant with RFC 3280 and use version 2(recommended)‏

11 Self-Audit Detailed Report(5)‏ ScoreC DiagnosisASGCCA CP/CPS Status ASGCCA CP/CPS does not describe the transition procedure Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The CP/CPS described the transition of the CA’s cryptographic data

12 Self-Audit Detailed Report(6)‏ ScoreA DiagnosisASGCCA CA certificate Status Old and New ASGCCA CA life time are not longer than 20 years. However, our CP/CPS is only states 5 years limit. Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The CA lifetime must be no longer than 20 years

13 Self-Audit Detailed Report(7)‏ ScoreB Diagnosiscertificates Status We have re-key procedures which are described on the CA web page but not in the CP/CPS Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The rekey process described to the CP/CPS

14 Self-Audit Detailed Report(8)‏ ScoreB DiagnosisAudits and CP/CPS Status There are more information about the compliance audit but no information describing how we audit RAs Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The CA perform operational audits of CA/RA at the regular time

15 Self-Audit Detailed Report(9)‏ ScoreB DiagnosisHost certificate Status Users directly access the secure web page to generate FQDNs. Then CA will verify this request with RAs. Solution (Done) User -> RA -> CA This information must add to the version 2.1 Evaluation: How does the RA verify the FQDN of the host certificate

16 Self-Audit Detailed Report(10)‏ ScoreB DiagnosisCA and RA Status ASGCCA uses signed mails between CA and RA but there is no information to the current CP/CPS and only on the web Solution (Done) Added the details to the draft version 2.1 Evaluation: The secure communication between CA and RA

17 Summary & Further Plan ASGCCA will resolve the following problems in MD5 problem on all certificates from ASGCCA 2.The CP/CPS is compliant with RFC CRL profile is compliant with RFC Publish new version CP/CPS

18 Reference ASGCCA web The current CP/CPS The revised CP/CPS version 2.1 The Audit Report

19 Any Question? Thanks for the listening

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.