Public Key Activities in the Spanish Academic Network PKI-COORD (PKI Coordination for Europe) December 6, 2000. Amsterdam.

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

SSL Implementation Guide Onno W. Purbo

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

1 SURFnet PKI efforts TERENA PKI-COORD meeting 6 December 2000 Ton Verschuren – Innovation Manager - SURFnet.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Building Security into Your System Bill Major Gregory Ponto.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

PKI Activities at Virginia September 2000 Jim Jokl

KFKI CA József Kadlecsik KFKI RMKI

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

A Roaming Authentication Solution for Wifi using IPSec VPNs with client certificates Carlos Ribeiro Fernando Silva

Update on PKI Activities in the Spanish Academic Network PKI-COORD November 26, Amsterdam.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

Academia Sinica Grid Computing Certification Authority (ASGCCA)

Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Single Sign-On across Web Services Ernest Artiaga CERN - OpenLab Security Workshop – April 2004.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

Jimmy C. Tseng Assistant Professor of Electronic Commerce

Jens G Jensen UK e-Science Alternative CA software Jens G Jensen UK e-Science CA Rutherford Appleton Laboratory.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

11-Dec-00D.P.Kelsey, Certificates, WP6 meeting, Milan1 Certificates for DataGrid Testbed0 David Kelsey CLRC/RAL, UK

Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

Diego R. Lopez RedIRIS update Middleware activities at the South-western Border.

ICC eTerms Repository Supporting the PKI infrastructure and secure electronic commerce Janjaap Bos Dublin, June 2000.

Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director 8 May th EuGridPMA meeting, Germany.

PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.

FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n

QuoVadis Group Roman Brunner, Group CEO Update for EUGridPMA – May 12, 2009.

Public Key Infrastructure (PKI)

Secure Enterprise Technology Initiatives e-Provisioning Group

CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov

Presentation transcript:

Public Key Activities in the Spanish Academic Network PKI-COORD (PKI Coordination for Europe) December 6, Amsterdam

PKI Coordination for Europe - 2 December 6, 2000, Amsterdam Outline zIRIS-PCA yObjectives and Characteristics yHierarchy yPolicy yProcedures yLinks zPKCS#11 Library zPAPI yArchitecture yStatus yGoals

PKI Coordination for Europe - 3 December 6, 2000, Amsterdam IRIS-PCA: Objectives zExplore PK technologies zEstablish a hierarchical certification structure in the Spanish Research and Academic Network (RedIRIS constituency) zEstablish a common certification framework zShare applications and experiencies between the members of the community zPromote the use of open-source software

PKI Coordination for Europe - 4 December 6, 2000, Amsterdam IRIS-PCA: The Begginings zPKI activities were started at the end of 1997  GTI-PCA Working Group y7th WG meeting in November 2000 zIRIS-PCA is in production yStarted November 2000 yTwo organizations certified yNine organizations working on their own PKI (candidates to be incorporated)

PKI Coordination for Europe - 5 December 6, 2000, Amsterdam IRIS-PCA: Characteristics zScope: Root CAs of organizations under our constituency (Research and Acedmic institutions) zX509 v3 certificate format zRedIRIS operates the root CA ySoftware: openssl yOn dedicated, securified, off-line Linux box yCertificates available through HTTP (plus LDAP in the next future) zEach organization is free to establish its own CA and RA structure, CP and CPS yAt least as restrictive as the IRIS-PCA CP

PKI Coordination for Europe - 6 December 6, 2000, Amsterdam IRIS-PCA: Hierarchy IRIS-PCA Org-RootCA Org-SubCA Server certificate User certificate Other certificates Server certificate User certificate Other certificates

PKI Coordination for Europe - 7 December 6, 2000, Amsterdam IRIS-PCA: Policy zhttp:// (only Spanish version available) zAt the moment, no CP/CPS full compliance to standards (RFC 2527) zChapters on: yIRIS-PCA identity yScope yCertification tree yUse of the RAs ySecurity and privacy requirements yPoliciy and procedures for certificates yPolicy and procedures for revocations yValidity of the certificates yNaming conventions yCRL and certificate management yObligations and responsibilities

PKI Coordination for Europe - 8 December 6, 2000, Amsterdam IRIS-PCA: Procedures zThe candidate organization sends yBy yCertificate request (PKCS#10 or self-signed certificate formats) yBy certified postal mail yCertification policy yRequest document and legal agreement yFormal appointment to the technical contact replies yBy (to the organization technical contact) yCA certificate (PEM format), also published by HTTP yBy certified postal mail ySecret code for revocation

PKI Coordination for Europe - 9 December 6, 2000, Amsterdam IRIS-PCA: Links zIRIS-PCA Pilot pca/index.en.html zGTI-PCA Working Group zMailing list

PKI Coordination for Europe - 10 December 6, 2000, Amsterdam PKCS#11 Library zDeveloped by the University of Murcia for their internal PKI project yOpen to different formats and sizes of smart-cards yAvailable for Unix/Linux and Windows yThoroughly tested in an operational environment yAbout 10,000 users yAcces control, clock-in, facility reservation,... zThe aim of RedIRIS is to distribute the library under GPL yNegotiation is ongoing yConfiguration procedures and documentation necessary

PKI Coordination for Europe - 11 December 6, 2000, Amsterdam PAPI zWas initiated to solve the problems derived from access control based on IP-address filters zIts main objective is the provision of controlled access to information services with yA simple and transparent user interface yMaximum flexibility for yClients (universities and other centers inside the RedIRIS network) yInformation providers yUser ubiquity yUser privacy with respect to content providers zStarted with the collaboration of content providers and client organizations zLiaisons with other academic networks

PKI Coordination for Europe - 12 December 6, 2000, Amsterdam PAPI: Architecture

PKI Coordination for Europe - 13 December 6, 2000, Amsterdam PAPI: Status zFunctioning prototype yBased on Apache mod_perl and virtual servers yRunning from October yhttp:// zFirst real environment testbed available on mid-December yAccess to digital library services at a major university in Southern Spain yAbout 300 initial users y70,000 potential users ySuccessful initial tests

PKI Coordination for Europe - 14 December 6, 2000, Amsterdam PAPI: Short- and mid-term goals zOptimization of system modules based on performance measurements and user feedback yManagement facilities yImplementation of a set of basic authentication hooks (user- and group-based) zInstallation procedures and documentation set: dissemination yPAPI-on-a-box zHarmonization (standardization?) with similar projects yEssential to effectively involve content providers