Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.

Slides:



Advertisements
Similar presentations
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
Advertisements

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Updates from the EUGridPMA David Groep, March 8 th, 2010.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep,
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
Updates from the EUGridPMA David Groep, Apr 20 th, 2009.
Updates from the EUGridPMA David Groep, Oct 11 th, 2011.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
The CA Distribution Process David Groep, July 2007.
EUGridPMA CAOPS-WG and IGTF Issues June 2012 Delft, NL David Groep, Nikhef, EUGridPMA, EGI and BiG Grid.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
TERENA TF-EMC2 Workshop David Groep,
Updates from the EUGridPMA David Groep, July 16 st, 2007.
EUGridPMA Status, current trends and some technical topics March 2013 Boulder, CO, USA David Groep, Nikhef & EUGridPMA.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
Updates from the EUGridPMA David Groep, Nov 7 nd, 2008.
EUGridPMA status and updates David Groep, GGF18. EUGridPMA Status Update, TAGPMA Ottawa David Groep – Items  EUGridPMA.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
3-Jul-02D.P.Kelsey, Security1 Security meetings Report to EDG PTB 3 Jul 2002 David Kelsey CLRC/RAL, UK
European Grid Policy Management Authority. Event - 2/total Speaker Name – Coverage of the EUGridPMA Green: Countries with an accredited.
National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Updates from the EUGridPMA David Groep, May 9 st, 2007.
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Updates from the European Side of the Pond David Groep, November 2006.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
APGridPMA Update Eric Yen APGridPMA August, 2014.
Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Welcome to Amsterdam EUGridPMA35 September EUGridPMA Amsterdam 2015 meeting – 2 David Groep – Welcome back in Amsterdam.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Updates from the EUGridPMA David Groep, Oct 17 st, 2007.
IGTF Risk Assessment Team 5/11/091.
Classic X.509 AP updates (v4.1)
EUGridPMA CAOPS-WG and IGTF Issues March 2013 Charlottesville, VA, USA David Groep, Nikhef, EUGridPMA, and EGI.
HellasGrid CA & euGridPMA
EUGridPMA Status and Current Trends and some IGTF topics March 2016 Taipei, TW David Groep, Nikhef & EUGridPMA.
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
MaGrid CA Self audit and update
Presentation transcript:

Updates from the EUGridPMA David Groep, Apr 8 nd, 2008

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep –  EUGridPMA  A word on its history  Autonomous growth  “Virtual Silk Road” PKI  Plans and updates  Auditing  Identity Vetting processes, AuthZ, 1SCP, CP/CPS doc  Repository issues  CAOPSwg documents  Grid Certificate Profile finally “Published”!  RPDNC requirements …

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – Eight years of growth November 2000: Invitation to the DataGrid WP6 partners December 2000: First CA meeting at CERN March 2001: 5 CAs: CNRS, LIP, NIKHEF, CERN, INFN, UK-HEP First version of the minimum requirements December 2002: Inclusion of the CrossGrid CAs April 2004: Establishment of the EUGridPMA First formal charter and guidelines documents … April 2008: 77 accredited CAs in the IGTF

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – Minimum Requirements version 1 Minimum requirements for RA - Testbed An acceptable procedure for confirming the identity of the requestor and the right to ask for a certificate e.g. by personal contact or some other rigorous method The RA should be the appropriate person to make decisions on the right to ask for a certificate and must follow the CP. Communication between RA and CA Either by signed or some other acceptable method, e.g. personal (phone) contact with known person Minimum requirements for CA - Testbed The issuing machine must be: a dedicated machine located in a secure environment be managed in an appropriately secure way by a trained person the private key (and copies) should be locked in a safe or other secure place the private keu must be encrypted with a pass phrase having at least 15 characters the pass phrase must only be known by the Certificate issuer(s) not be connected to any network minimum length of user private keys must be 1024 min length of CA private key must be 2048 requests for machine certificates must be signed by personal certificates or verified by other appropriate means...

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – The European Policy Management Authority for Grid Authentication in e-Science (hereafter called EUGridPMA) is a body to establish requirements and best practices for grid identity providers to enable a common trust domain applicable to authentication of end-entities in inter-organisational access to distributed resources. As its main activity the EUGridPMA coordinates a Public Key Infrastructure (PKI) for use with Grid authentication middleware. The EUGridPMA itself does not provide identity assertions, but instead asserts that - within the scope of this charter - the certificates issued by the Accredited Authorities meet or exceed the relevant guidelines. The EUGridPMA “constitution”

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – The story so far … Foundation of the IGTF allows migration of CAs to Regional PMA

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – The IGTF TAGPMA APGridPMA  improve trust building through better face-to-face contact  better manageability of the PMA

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – Geographical coverage of the EUGridPMA  23 of 25 EU member states (all except LU, MT)  +AM, CH, HR, IL, IS, MA, NO, PK, RO, RS, RU, TR, UA, ME, MK, SEE-GRID + CA, CERN (int), DoEGrids* Pending or in progress  IR, SY, MD, LV

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – More growth expected  Pending EUMedGrid countries: DZ, TN, LY, EG  New initiative across the ‘silk road’ countries  Established by Ara Grigoryan and ArmeSFo  In collaboration with NATO Partnership for Peace programme

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – Auditing started  Based on APGridPMA Auditing effort  Self audits, peer-reviewed  BEGrid, DoEGrids, IUCC, TR-Grid, ArmeSFo, HellasGrid, CyGrid  Assessments were thorough  Implementation of recommendations started  Also external audit DutchGrid CA (thanks, Yoshio!)

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – Pending plans: ‘AuthZ op. policy WG’  Discussing extending to AA policy requirements  authZ as important as AuthN, but operational AuthZ policies today are far less clear  minimum requirements on running an AA server may be quite similar to running a CA  ‘There is no other large group of experts out there waiting to take this on’ – we don’t need a parallel I*TF  But: scaling the model is very, very different; …  Dave Kelsey will sort this out …

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – More to-do items  Repository of “good” and “bad” CP/CPS examples  boilerplate text repository  On software used  Activity ‘owner’: Jens Jensen  ‘profiling’ of various identity vetting options  Traditional F2F  Notary-public-supported verification  ‘Time-shifted via implicit RA/Agent anointments’ or ‘TTP’  One-Statement Certificate Policies (1SCP)  First 1SCPs should be there soon: ‘private key is held on a token’ ‘I am a Robot/automated client’

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – IGTF Release Process and Web  Release Process  Releases moved to (preferably) Monday or Tuesday  Documentation of the process still needed Use: mirror:  Web server updated  Room for some additional static services  Input and suggestions are very welcome!  Monitoring and alarms  Nagios: (guest/guest) (mirror at AIST)  PMA Distribution Warnings by 4 times/day

2008 APGridPMA ‘Taipei’ meeting – Apr David Groep – CAOPS-WG  Grid Certificate Profile is now published as GFD-C.125  Relying Party Defined NS Constraints  New draft out on GridForge  Out to RPs for comments and new requirements  Pending reactions (we got one from DavidCh already…)  Authentication Profile Template  Cleanup needed (ChristosT)  Fork off glossary in a separate document

Some dates for you to remember and schedule  May th EUGridPMA meeting, Copenhagen, DK (NBI)  June 2-6, 2008: OGF23, Barcelona, ES  September 15-19, 2008: OGF24, Singapore  Oct 6-8 (tentative), 2008: 14 th meeting, Lisbon, PT  January 2009: 15 th meeting, Nicosia, CY

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.