TERENA Certificate Service (TCS) 9 June 2011. Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up.

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Contrail and Federated Identity Management

NORDUnet Nordic Infrastructure for Research & Education Service Sharing at NORDUnet Lars Fischer TF-MSP Meeting Malta, 27 November 2014.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

A Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’ Sept 2009 Barcelona.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

Online Security Tuesday April 8, 2003 Maxence Crossley.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

EU NREN PKI Jan MeijerAARnet PKI / Access Federations Strategy Workshop 10 February 2010 Sydney.

Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.

Webinar “Operating the TCS shared portals” for NREN admins TCS shared portal project a/TCS_Portal_project Jan Meijer.

WebFTS as a first WLCG/HEP FIM pilot

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

The Inconvenient Truth about Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jean-Pierre Hubaux June 2011, WEIS’11.

Computer Science Public Key Management Lecture 5.

CNRI Handle System and its Applications

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio

John Dyer Business & Technology Strategist TERENA 10 February 2014 TF-MSP Meeting ACOnet, Vienna Aggregation of Demand Collaborative.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Networks ∙ Services ∙ People David Groep TCS TNC2015 Workshop TCS SAML demo background June 16, 2015 TCS PMA.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.

Proposal for a server certificate service Towards large-scale usage of affordable popup- free server certificates for the European Research & Educational.

Claudio Allocchio TERENA Technical Programme - Update General Assembly, 21 October 2005, Budapest 1 TERENA Technical Programme Update Claudio Allocchio.

David Groep Nikhef Amsterdam PDP & Grid TERENA Certificate Service Certificates4All! David Groep standing in for Licia Florio, TERENA, using material from.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

The UK Access Management Federation John Chapman Project Adviser – Becta.

NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.

AAI Developments AAI for e-infrastructures UK T0 workshop, Milton Hill Park October 2015

Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA

19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

EGEE is a project funded by the European Union under contract IST EGEE Summary NA2 Partners April

Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

AAI needs of the Distributed Computing Infrastructures - CLARIN Dieter Van Uytvanck Max Planck Institute for Psycholinguistics

TERENA Certificate Service (TCS) 2 August Slide 2 ›TCS is a competitively tendered bulk-buy contract between TERENA and Comodo Limited on behalf.

Licia Florio Poznan, 5 June SCS Proposal Investigates the possibility to set up a service that offers popup-free cheap server-certificates against.

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

GRID-FR French CA Alice de Bignicourt.

EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

TERENA Certificate Service (TCS) September SCS,TCS,TCS-II – the ten year road to simple unlimited certificates › Back in 2004 many NRENs had set-up.

WLCG Update Hannah Short, CERN Computer Security.

Federated Identity Management for Scientific Collaborations

Leveraging the IGTF authentication fabric for research

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

TERENA Certificate Service (TCS) 9 June 2011

Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up ’ problem). ›Purchasing certificates directly from commercial CAs is expensive in bulk. Background

Slide 3 ›Five types of certificate available: ›Server Certificate - for authenticating servers and establishing secure sessions with end clients. ›e-Science Server Certificate - for authenticating Grid hosts and services. These are IGTF compliant. ›Personal Certificate - for identifying individual users and securing communications. ›e-Science Personal Certificate - for identifying individual users accessing Grid services. These are IGTF compliant. ›Code-signing Certificates - for authenticating software distributed over the Internet. ›Comodo is also offering free EV certificates for a limited period. Certificate Types

Slide 4 NREN/CountrySPC SPC ACOnetAT  LITNETLT  - BELNETBE  UoMMT  - CARNetHR  --SURFnetNL  CyprusCY  UNINETTNO  CESNETCZ  -PSNCPL  UNICDK  -FCCNPT  -- FUNETFI  -RoEduNetRO  - RENATERFR  -AMRESRS  - GRNETGR  -ARNESSI  -- HUNGARNETHU  --RedIRISES  HEAnetIE  SUNETSE  GARRIT  -JANET(UK)UK  -- IUCCIL  - Participants

Delegated Responsibilities & Scaling

Built using contracts scales well to large numbers of organisations and users assurance requirements on subscribers ensure quality ID bound through legal contracts

Slide 7 ›Several NRENs decided to pool resources and operate common portal for personal certificates. ›Hosted on resilient servers at Tilburg University under contract to TERENA. ›Utilises Confusa software. ›Each NREN community needs to operate at least one IdP, but multiple IdPs are supported. ›Participants: ›ACOnet (AT), BELNET (BE), FUNET (FI), GARR (IT), RENATER (FR), SUNET (SE), SURFnet (NL), UNI-C (DK), UNINETT (NO) TCS Portal

Authenticating users via Subscriber and Federation National research-education federations provide the basis for authenticating users and obtaining key attributes like a persistent unique identifier and including assurance level via service entitlements User’s home organisation NREN or Federation Operator

Slide 9 ›Server Certificates ›Since 1 Jul ,710 (most JANET(UK) with 9,321 ) ›eScience Server Certificates ›Since 1 Oct (most PSNC with 16) ›Personal Certificates ›Since 5 Feb ,169 (most 499 with CESNET) ›eScience Personal Certificates ›Since 5 Feb (most 332 with UNINETT) ›Code-Signing Certificates ›Since 1 June (most 13 with PSNC) Statistics (1 Jul Dec 2010)

TCS eScience - global recognition Meets the IGTF requirements for long-term integrated credential services and thereby has global recognition by all major e-Infrastructures

Reach of the TCS Personal service The TCS portals – trustworthy credentials in 3 clicks and 2 minutes dark-blue: eScience Personal deployed