The Americas Grid Policy Management Authority (TAGPMA) Derek Simmel, TAGPMA Chair June 23, 2015.

Slides:



Advertisements
Similar presentations
TAGPMA Update OGF28, 15 March 2010 David Kelsey Slides from Roger Impey With some recent updates from Scott Rea.
Advertisements

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Grid Computing in Higher Education (Scott Rea) EDUCAUSE PKI Deployment Forum Madison, WI - April 15, 2008.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Case Studies in Identity Management for Scientific Collaboration 2014 Technology Exchange Jim Basney CILogon This material is.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
Advanced Computing Services for Research Organisations Bob Jones Head of openlab IT dept CERN This document produced by Members of the Helix Nebula consortium.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
5 th APGrid PMA Meeting An Update from the TAGPMA Vinod Rebello Taipei, Taiwan 20th April 2009 The Americas Grid Policy Management Authority.
CAOPS-IGTF Session An Update from the TAGPMA Vinod Rebello given by Scott Rea OGF 25, Catania, Italy March 2, 2009 The Americas Grid Policy Management.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
TERENA TF-EMC2 Workshop David Groep,
Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign NCSA Two Factor CA Jim Basney
Updates from the EUGridPMA David Groep, July 16 st, 2007.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.
IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.
TAGPMA & the Bridge WG (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Activities and Applications Update - Chicago, IL.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Wrote by Jorge Gomes and presented by Bruno.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
E-science grid facility for Europe and Latin America Task TSA1.3 - Authentication Services and Policies Acheivements Jacques Alves da Silva.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
IOTA AP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure and SURFsara.
NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
TAGPMA Update Taipei, 8 March 2010 David Kelsey Slides from Roger Impey As shown at EUGridPMA, Dublin, 18 Jan 2010.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.
APGridPMA Update Eric Yen APGridPMA August, 2014.
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel 35 th EUGridPMA Meeting Amsterdam, Netherlands.
Identity Standards to Facilitate Interoperability in Federated Environments Scott Rea DigiCert, Inc In collaboration with Derek Simmel (PSC).
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n
15 th EUGridPMA Plenary Meeting Update from the TAGPMA Vinod Rebello Nicosia, Cyprus January 26 – 28, 2009 The Americas Grid Policy Management Authority.
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel (delivered by David [Groep|Kelsey]) 31 th EUGridPMA Meeting Tartu, Estonia May.
14 th EUGridPMA Meeting Update from TAGPMA Jim Basney Lisbon, Portugual October 6-8, 2008 The Americas Grid Policy Management Authority.
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel 27 th EUGridPMA Meeting Rome, Italy January 14-16, 2013.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
An Update from the TAGPMA Scott Rea EuGridPMA Mtg, Berlin, DE Sept 13, 2009 The Americas Grid Policy Management Authority.
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel, Scott Rea
16 th EUGridPMA Meeting An Update from the TAGPMA Vinod Rebello Zurich, Switzerland 11th May 2009 The Americas Grid Policy Management Authority.
The Americas Grid Policy Management Authority TAGPMA Update Derek Simmel (delivered by Alan Sill) 30 th EUGridPMA Meeting Abingdon, UK January 13, 2014.
TAGPMA Update Derek Simmel as kindly delivered by David Kelsey 10 th APGridPMA Meeting, Taipei, Taiwan February 28, 2012 The Americas Grid Policy Management.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
TAGPMA Update Riga, 19 April 2010 David Kelsey Input from Roger Impey & Scott Rea.
Derek Simmel TAGPMA Chair
Grids & PKI: TAGPMA & Bridges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL.
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
TAGPMA Update Derek Simmel, Scott Rea IGTF All-Hands Meeting
Presentation transcript:

The Americas Grid Policy Management Authority (TAGPMA) Derek Simmel, TAGPMA Chair June 23, 2015

2 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center TAGPMA Presentation Overview Background Community What is TAGPMA? IGTF Regional PMAs, Profiles and Processes TAGPMA Leadership, Members and CAs TAGPMA Meetings

3 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Background Public Key Infrastructure (PKI) –X.509 digital certificates data signed using a secure, cryptographic checksum typically used for identity credentials –hosts, services, people –Certificate Authorities (CAs) securely issue digital certificates –Registration Authorities (RAs) verify identity of end entities requesting certificates –Relying Parties (RPs) any person or organization that trusts a CA and depends (relies) upon the CA to issue certificates –Internet Protocols, e.g., SSL, TLS

4 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Background Grid / Cloud computing & Web Services –Distributed computing with standards-based interfaces for secure authentication and secure communications Open Grid Forum (OGF) Organization for the Advancement of Structured Information Standards (OASIS) World Wide Web Consortium Certificate Authority/Browser Forum Internet Engineering Task Force

5 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Community High Performance Computing (HPC) –primarily with the HPC computational science communities –National and international HPC cyberinfrastructures, e.g., European Grid Infrastructure (EGI) U.S. National Science Foundation (NSF) XSEDE Partnership for Advanced Computing in Europe (PRACE) U.S. NSF & DoE Open Science Grid Worldwide Large Hadron Collider (LHC) Grid (WLCG) High Throughput Computing (HTC) –cloud computing and high-scaling computing on collections of distributed nodes Grid/Cloud Distributed Computing & Storage National, Institutional and Commercial CAs

6 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Community - EGI

7 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Community - XSEDE

8 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Community - PRACE SystemTypeLocationProduction CURIEBull x86 clusterCEA, FranceMarch 2012 FERMIIBM BG/QCINECA, ItalyApril 2012 HornetCray XC40HLRS, GermanyNovember 2014 JUQUEENIBM BG/QJülich, GermanyJanuary 2013 MareNostrumIBM iDataPlexBSC, SpainJune 2013 SuperMUCIBM iDataPlexLRZ, GermanyApril 2012 PRACE Tier-0 Systems

9 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Community – OSG

10 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Community - WLCG Illustration courtesy Worldwide Large Hadron Collider Grid Tier-0 (CERN): Data recording Initial data reconstruction Data distribution Tier-1 (11 centres): Permanent storage Re-processing Analysis Tier-2 (~130 centres): Simulation End-user analysis

11 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center What is TAGPMA? The Americas Grid Policy Management Authority (TAGPMA) is one of three regional PMAs that comprise the Interoperable Global Trust Federation ( The purpose of IGTF is to establish and foster strong trust relationships among individuals and institutions worldwide so that trusted authentication and authorization of access by/to people, systems, and services can occur across the Internet Each regional PMA accredits authentication providers and registration authorities within its region IGTF maintains a distribution of trusted CA data that relying parties can download and use in their infrastructures to validate the credentials of users, systems and services that have credentials issued by one of the IGTF-accredited CAs (

12 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center IGTF Regional PMAs APGridPMA TAGPMA EUGridPMA

13 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center IGTF Accreditation Profiles Classic X.509 CA –Traditional CA operated with secured infrastructure –Classic CAs issue long-term certificates with lifetime up to 400 days –Subscriber identity vetting is face-to-face or equivalent – MICS: Member Integrated X.509 PKI Credential Services –Online CA that issues certificates based on pre-existing identity data maintained by a federation or large organization –Classic CAs issue long-term certificates with lifetime up to 400 days –

14 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center IGTF Accreditation Profiles continued SLCS: Short-Lived X.509 PKI Credential Services –Online CA that issues short-lived certificates based on pre-existing identity data maintained by a federation or large organization –SLCS CAs issue certificates with a lifetime of up to 1,000,000 seconds –Common example: MyProxy CAs – IOTA: Identifier-Only Trust Assurance –Online CA that issues certificates based on successful authentication to a federated identity management infrastructure –Traceability of issued certificates to subscribers may be limited –Common example: CILogon-Basic CA –

15 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center CA Accreditation Process Membership Application –Organization applies for membership as an AP –TAGPMA members vote to accept/decline membership Member requests accreditation of a CA –Member describes CA and desired CA Profile –A TAGPMA Mentor is assigned –Two TAGPMA member reviewers are assigned Reviewers examine CA Certificate Policy and Certification Practice Statement (CP/CPS) –Reviewers work with applicant to resolve issues –TAGPMA members vote to accept/decline CA Operational Review –Reviewers test operational aspects of CA –Upon successful completion of operational tests, CA is considered “TAGPMA accredited” CA operators prepare and submit CA certificate and data for IGTF distribution –A designated TAGPMA “trusted introducer” verifies CA certificate and related data, digitally signs file containing the CA certificate and data, and submits it to IGTF –IGTF adds the new CA certificate and data to a pre-release collection for testing, and upon successful testing adds it to the next scheduled public IGTF distribution –(optional) The CA operator applies to the TERENA Academic Certification Authority Repository (TACAR) to have their CA certificate added to the TACAR distribution. A designated TAGPMA “trusted introducer” verifies CA certificate and related data, digitally signs file containing the CA certificate and data, and submits it to TACAR for inclusion in the TACAR distribution.

16 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center TAGPMA Leadership Chair: Derek Simmel (PSC) Chair for Latin America: Ale Stolk (ULAGrid) –Coordinates activities with Spanish-speaking partners and members and leads TAGPMA Español meetings Vice Chair: Scott Rea (DigiCert + REBCA) Secretary: Ale Stolk Webmaster: Scott Rea

17 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center Current TAGPMA Members OrganizationCountryRespresentativeAP/RP DigiCertUSAScott Rea AP FNALUSAIrwin Gaines AP GridCanadaCanadaAndre Charbonneau AP IBDS ANSPBrazilGabriel von Winckler AP InCommonUSAJim Basney AP NCSAUSAJim Basney AP NERSCUSAJeff Porter AP NICSUSAVictor Hazlewood (Jason Charcalla) AP PSCUSADerek Simmel AP REUNAChileSandra Jaque AP SDSCUSAScott Sakai AP UFFBrazilVinod Rebello AP UNAMMexicoManuel Quintero (Jhonatan López) AP UNIANDESColombiaAndres Holguin AP UNLPArgentinaPaula Venosa (Alejandro Lara) AP ESNetUSADhiva Muruganantham RP OGFUSAAlan Sill RP OSGUSAJim Basney RP REBCAUSAScott Rea RP redCLARAChile/LACLuis A. Núñez RP ULAGridVenezuelaAlejandra Stolk RP WLCGSwitzerlandDave Kelsey RP XSEDEUSAJim Marsteller RP

18 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center TAGPMA Classic CAs (14) Argentina (UNLP): –/C=AR/O=e-Ciencia/OU=UNLP/L=CeSPI/CN=PKIGrid Brasil (ANSP, UFF): –/C=BR/O=ANSP/OU=ANSPGrid CA/CN=ANSPGrid CA –/C=BR/O=ICPEDU/O=UFF BrGrid CA/CN=UFF Brazilian Grid Certification Authority Canada (GridCanada): –/C=CA/O=Grid/CN=Grid Canada Certificate Authority Chile (REUNA): –/C=CL/O=REUNACA/CN=REUNA Certification Authority Colombia (UNIANDES): –/C=CO/O=Uniandes CA/O=UNIANDES/OU=DTI/CN=Uniandes CA Mexico (UNAM): –/C=MX/O=UNAMgrid/OU=UNAM/CN=CA

19 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center TAGPMA Classic CAs (14) continued U.S.A. (DigiCert, InCommon): –/DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert Grid Root CA /DC=DigiCert-Grid/DC=com/O=DigiCert Grid/CN=DigiCert Grid CA-1 G2 –/C=US/O=DigiCert Inc/OU= Assured ID Root CA /C=US/O=DigiCert Grid/OU= Grid Trust CA /C=US/O=DigiCert Grid/OU= Grid Trust CA G2 –[/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority] /C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA Venezuela (ULAGrid) – has suspended operations until further notice – removed from IGTF Distribution: –/C=VE/O=Grid/O=Universidad de Los Andes/OU=CeCalCULA/CN=ULAGrid Certification Authority

20 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center TAGPMA SLCS CAs (6) (All current TAGPMA SLCS CAs are in the U.S.A) FNAL: –/DC=gov/DC=fnal/O=Fermilab/OU=Certificate Authorities/CN=Kerberized CA HSM NCSA: –/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=MyProxy CA 2013 –/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=Two Factor CA 2013 NERSC: –/DC=net/DC=ES/OU=Certificate Authorities/CN=NERSC Online CA NICS – has suspended operations until further notice – removed from IGTF Distribution: –/DC=EDU/DC=TENNESSEE/DC=NICS/O=National Institute for Computational Sciences/CN=MyProxy PSC: –/C=US/O=Pittsburgh Supercomputing Center/CN=PSC MyProxy CA

21 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center TAGPMA MICS (2) and IOTA (1) CAs (All current TAGPMA MICS and IOTA CAs are in the U.S.A) MICS: –CILogon-Silver: /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1 –NCSA: /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=CACL IOTA: –CILogon-Basic: /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1

22 © 2010 Pittsburgh Supercomputing Center © 2015 Pittsburgh Supercomputing Center TAGPMA Meetings TAGPMA members meet monthly via video CERN Vidyo teleconference –2 nd Monday of each month –11:00am Eastern – Spanish language call –11:30am Eastern – English language call TAGPMA Face-to-face meetings –twice per year (once in Latin America, once in North America) –most recent F2F meeting was here at PSC in May 2015 –next F2F meeting is scheduled for Sept. 30 – Oct. 1, 2015 at UNAM, Mexico IGTF All-Hands meetings –once every 18 months – rotates among PMAs –most recent All-Hands meeting was hosted by APGridPMA at Academia Sinica in Taipei, Taiwan during March 2015 –next All-Hands meeting will be hosted by EUGridPMA in late 2016

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.