Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.

Slides:



Advertisements
Similar presentations
National Institute of Advanced Industrial Science and Technology Asia Pacific Grid PMA Yoshio Tanaka APGrid PMA, Chair Grid Technology Research Center,
Advertisements

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
MPI Forum Suggestions for Additions to the Voting rules March 2015.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
IGTF and SHA-2 David Kelsey TAGPMA meeting, SDSC Feb 2012.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
HOW TO CREATE AND SUBMIT AN IRB AMENDMENT 1 Institutional Review Board Health Sciences & Behavioral Sciences Nancy Adair Birk, Ph.D. IRB Education.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
The CA Distribution Process David Groep, July 2007.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
Updates from the EUGridPMA David Groep, July 16 st, 2007.
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
Distribution Repository Structure David Groep,
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA
11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
KEK GRID CA Takashi Sasaki Computing Research Center KEK.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
RPKI Certificate Policy Status Update Stephen Kent.
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
APGridPMA Update Eric Yen APGridPMA August, 2014.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
Jens’ N th soapbox Can’t be a PMA without a Soapbox Jens Jensen, RAL EU GridPMA, Switch, Zürich, May 2009.
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
For TC Handbook Subcommittee Chairs and Members January 24, 2016 Suzanne LeViseur Chris Ahne Training Leader Handbook Committee Chair Heather Kennedy Handbook.
NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.
Your university or experiment logo here IGTF CP/CPS Template Working Party Update II Jens Jensen EU GridPMA Lisbon 6-8 Oct 2008.
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
Jens' obligatory soap box Can't be a PMA without a SoapBox A random collection of Soapy things Nicosia, Jan 2009.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
Soapbox (S Series) Who, what, where, why, how Rome Soapbox, Jan 2013 Jens Jensen, Chief Soapbox Officer.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Updates from the EUGridPMA David Groep, Oct 17 st, 2007.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
DOEGrids Audit Report Michael Helm 1 Networking for the Future of Science Energy Sciences Network Lawrence Berkeley National Laboratory 10 May 2009.
David Kelsey CLRC/RAL, UK
Jens Jensen EU Grid PMA, Berlin Jan 2015
Solving Systems of Linear Equations in Three Variables
Classic X.509 AP updates (v4.1)
Updates of the APGrid PMA
UGRID CA Sergii Stirenko, Oleg Alienin
Tweaking the Certificate Lifecycle for the UK eScience CA
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau
Presentation transcript:

Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston

The Problem MINREQ Best Practice CA policy CA practice statement CA PRACTICE Check consistency

New Policies Usually written by novice CA mgr –Using bits from other CP/CPSes Accentuate the positive –All the good bits get copied around Eliminate the negative –All the bad bits get copied around

Problem Policies become inconsistent Dont satisfy minimal requirements Need many iterations with reviewer –Bad for CA manager –Bad for reviewer

Common Examples RA checking CRL –4.5.2 MUST at time of reliance –4.9.6 MUST at time of reliance –9.6.4: according to their satisfaction both confidential and not Flood protection at 1.2 metres on 1 st floor

Is it a big problem? We already cover half the world But there is another half

Proposed Solution? Working group on Template Profile –Jens, David G, Milan, Anders, Vinod, David O'C, Mike, Sergey, Hardi Get the best bits from policies Living document – but needs an editor Reviewers best to write/contrib Become an IGTF document

Status …er, not really started yet Amsterdam meeting Jan 2008

Piecing it together Easier to set up new CP/CPS –Too easy? Easier to get it right sooner –Often many, many, iterations are reqd –Greatly delays Accreditation

Operational Reviews TAGPMA are leading in this area –Template for operational review –But a reviewer still needs to read the CP/CPS!! –Quicker if many bits known to be good APGridPMA auditing for accreditation –Yoshios auditing procedure

Operational Reviews Highlight: –Which bits are canonical –Which bits are based on guides –Which bits are changed since previous version

Piecing it together Delaying Accreditation is bad –Reviewers are already overloaded –(Not necessarily with reviews but with real life jobs) –Time consuming for new CAs Get new CAs in early (PMAs) –Not after the policy is written

Pieceing it together Not aiming for machine parseable Or should we? –(Chadwick, Coghlan/OCallaghan) TAGPMA guide to writing CP/CPS

RFC 3647

What about existing CAs Leave alone, for now Some not satisfying minreqs Minreqs change, too –Mythical six months to update

Back on track…? Urgent changes - Aggressive option –Do it in six months or else Medium urgency –Address with next CP/CPS change –At least before next PMA presentation Lower urgency –Discuss at next presentation

Summary Template profile –Approved text for sections where it makes sense –Approved guidelines (cf TAGPMA) for other sections –Open bits –Get new CAs in early

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.