IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

Slides:



Advertisements
Similar presentations
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Advertisements

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien F2F Meeting 8 th March 2010.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
KISTI Grid CA Status Report KISTI Supercomputing Center Sangwan Kim APGridPMA Meeting Mar 8, 2010 Academia Sinica, Taipei, Taiwan.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
User Certificate Application: ASGCCA. Agenda Introduction ASGCCA User Responsibilities Certificate application form RA verify identity of users User generate.
IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
Academia Sinica Grid Computing Certification Authority (ASGCCA)
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.
European Grid Policy Management Authority. Event - 2/total Speaker Name – Coverage of the EUGridPMA Green: Countries with an accredited.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, th APGridPMA in Taipei.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
INFSO-RI Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
Lessons Learned from disaster recovery Jinny Chien April 20, th APGridPMA in Taipei.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.
Update of APGridPMA APGridPMA Meeting Academia Sinica, Taiwan 22 March,
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.
FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,
BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
IHEP Grid CA Status Report F2F Meeting 17 Mar Computing Centre, IHEP,CAS,China.
Self-Audit & Status Report for KEK GRID CA Hiroyuki Matsunaga KEK (High Energy Accelerator Research Organization), Computing Research Center APGridPMA.
PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
AEGIS Certification Authority
UGRID CA Sergii Stirenko, Oleg Alienin
HellasGrid CA & euGridPMA
جايگاه گواهی ديجيتالی در ايران
MaGrid CA Self audit and update
NATIONAL CENTRE FOR PHYSICS PK-Grid-CA
Emir Imamagić University Computing Centre (Srce)
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
KISTI CA Report Status & Self-Audit
BG.ACAD CA Self-audit report 2018
Presentation transcript:

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China

Outline IHEP Grid CA Overview Current status of CA operation Update status

IHEP Introduction IHEP——Institute of High Energy Physics, CAS, China The major institute conducts high energy physics experiments in China

IHEP Grid CA Introduction The IHEP CA is established and managed by IHEP Computing Center in Beijing and has been running since The IHEP CA is an accredited member of both EUGridPMA and APGridPMA. Web site ▶ CA certificate ▶ tml tml

IHEP Grid CA Introduction ▶ Person Certificate: C=CN/O=HEP/O=IHEP/OU=CC/CN=zhu wei ▶ Host Certificate: CN=CN/O=HEP/O=IHEP/OU=CC/CN= host/voms.ihep.ac.cn CRL Policy ▶ ▶ The lifetime of CRL is 30 days. ▶ CRL is reissued 7 days before expiration even if there have been no revocation. ▶ Last Update: Feb 09 08:32: GMT

Current status of CA operation Personal/Host/Service Certificate: Submit application form for verification, then complete online request procedure step by step. Establish a Specialized CA Room Only one person has the key to the CA room, and the other has the key to the CA Computer.

Current status of CA operation The following events are recorded and archived: ▶ All requests for certificates ▶ All issued certificates ▶ All requests for revocation ▶ All issued CRLs ▶ Login/logout/reboot of the CA machine ▶ All notifications sent by the CA ▶ Logs for data exchange between CA and RA Archives are stored in an offline media which is stored in a safe box. Only RA and CA operators can access them.

Current status of CA operation Staff structure RA OperatorCA Operator Authentication Accept request, communicate with CA Issue certificate Private key management helpdesk Security Officer

Update status Number of issued certificates Last update: Feb 10 09:18: GMT User Certificate Host Certificate Service Certificate Total VALID REVOKED EXPIRED IHEPPKUHKUBUAANJNUSEURSGS CNICTSINGHUACCNUSDUNNUNJUUSTC CooperationOrganizations Cooperation Organizations

Update status Due to a power supply maintenance for the whole computing room, the IHEP CA website is unavailable from Sep/15/ :30(CST) to Sep/17/ :00(CST). Some needed webservice port was unopened after the whole adjustment on the export firewall. The new portable hard drive replace the old one. Plans to change the CA room.

Thanks Thank you!