Distribution Repository Structure David Groep, 2005.03.15

Slides:



Advertisements
Similar presentations
Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
Advertisements

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
DESIGNING A PUBLIC KEY INFRASTRUCTURE
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Installing Linux softwares Sirak Kaewjamnong. 2 Software packets  When Linux developers create their software they typically bundle all the executable.
Linux Operations and Administration
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Deploying Experiments with Raven Scott Baker SB-Software John H. Hartman University of Arizona.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
Apache Web Server v. 2.2 Reference Manual Chapter 1 Compiling and Installing.
The CA Distribution Process David Groep, July 2007.
Yannick Patois – Datagrid Repository Presentation- 2001/11/21 - n° 1 Partner Logo DataGrid Software Repository presentation A short presentation of the.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.
Module 7 Active Directory and Account Management.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
TERENA TF-EMC2 Workshop David Groep,
AIP Backup & Restore Sunita Barve NCRA, Pune. AIP The latest version of DSpace 1.7.0, supports backup and restore of all its contents as a set of AIP.
Grid and NREN operational support Tony Genovese ATF team ESnet Lawrence Berkeley National Laboratory.
Module 5: Configuring Internet Explorer and Supporting Applications.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
05/29/2002Flavia Donno, INFN-Pisa1 Packaging and distribution issues Flavia Donno, INFN-Pisa EDG/WP8 EDT/WP4 joint meeting, 29 May 2002.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
E-infrastructure shared between Europe and Latin America Introduction to the tutorial for site managers Vanessa Hamar Universidad de Los.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Discussions on the Life Ray Portal and credential management David Groep, Oct 11 th, 2011.
EGI-InSPIRE RI EGI.eu European Grid Infrastructure EGI-InSPIRE RI Credential Validation Middleware Requests compiling.
L.T.E :: Learning Through Experimenting Using google-svn for MtM Docs Development Denis Thibault Version 3.2 Mar 12 th, 2009.
Updates from the European Side of the Pond David Groep, November 2006.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
Managed by UT-Battelle for the Department of Energy Kay Kasemir ORNL/SNS 2012, January 9-12 at NSRRC, Taiwan Control System Studio Training.
RedHat Package Management RPM and YUM in RedHat Enterprise, Fedora, Suse and Centos.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
12th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin.
Exchange Hybrid: Deployment, best practices, and what’s new
Application Cert Interop Project David Crowe PKI Forum, Jun 2001, Munich, Germany.
TACAR Updates version David Groep, NIKHEF. 9 th EUGridPMA ‘RAL’ meeting – Jan David Groep – TACAR Aims  Trusted and.
© 2007 Open Grid Forum CAOPS-WG RP Namespace Constraints Policy David Groep CAOPS-WG OGF20 May 8 th, 2007.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Improved X.509 Management Using PKCS11 Daniel Kouřil, Michal Procházka CESNET.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
APGridPMA Update Eric Yen APGridPMA August, 2014.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Setting Up a Repository.
QuoVadis Group Roman Brunner, Group CEO Update for EUGridPMA – May 12, 2009.
Introduction to Group Policy Lesson 7. Group Policy Group Policy is a method of controlling settings across your network. – Group Policy consists of user.
Updates from the EUGridPMA David Groep, Oct 17 st, 2007.
Managing User Desktops with Group Policy
Packaging and Deploying Windows Applications
AuthN and AuthZ in StoRM A short guide
COP 4343 Unix System Administration
Classic X.509 AP updates (v4.1)
Installation, Configuration, Examples of use
June 2011 David Front Weizmann Institute
AuthN Middleware Requests
Introduction to Group Policy
Presentation transcript:

Distribution Repository Structure David Groep,

IGF meeting, March David Groep – Distribution of trust anchors  The PMA distributes a set of trust anchors for the community of all accredited CAs  Although published via a secure web site, RPs are invited to cross-check the trust anchors against TACAR &c.  When using common auth profiles, RPs are likely to install all accredited authorities from all PMAs  Need simple, common mechanisms  Support both simple tar-based installs and RPM/yum/apt (and debian?)

IGF meeting, March David Groep – Distribution items  RPMs  one per CA  including meta-data like CRL URL  “policy” meta-RPMS for accredited authorities  tar balls  per CA  a combined tarball with configure/install script

IGF meeting, March David Groep – Current layout (one profile only) /distribution/current -> 0.27 /distribution/0.27/....../accredited/RPMS/ca_NAME noarch.../accredited/RPMS/ca_NAME noarch.../accredited/tgz/ca_NAME.tar.gz.../accredited/ /cabundle-eugridpma-accredited.tar.gz.../ca_policy_eugridpma noarch.rpm /distribution/0.27/headers/...

IGF meeting, March David Groep – Proposed structure (multiple profiles) /distribution/current -> eugridpma/1.0 /distribution/eugridpma/1.0/accredited/RPMS/....../accredited/RPMS/ca_NAME noarch.rpm.../accredited/RPMS/ca_policy_eugridpma-classic noarch.rpm.../accredited/RPMS/ca_policy_eugridpma-acs noarch.rpm.../accredited/tgz/ca_NAME.tar.gz.../accredited/tgz/cabundle-eugridpma-accredited.tar.gz * /distribution/eugridpma/1.0/headers/... /distribution/mirror/current/apgridpma/....../apgridpma/current/accredited/ca_policy_apgridpma-classic /distribution/mirror/current/tagpma/....../tagpma/current/accredited/ca_policy_tagpma-sips noarch... /distribution/mirror/current/eugridpma/current/... /distribution/mirror/current/igf/....../igf/current/accredited/RPMS/ca_policy_igf-classic noarch requires: ca_policy_eugridpma-classic requires: ca_policy_apgridpma-classic /distribution/mirror/current/headers/... * )./configure --prefix=/etc/security/grid --with-profile=acs make install

IGF meeting, March David Groep – Using the RPM repository  Having all PMA current repositories mirrored under one root allows YUM/APT updates from a single source  If the “current” is mirrored and old files removed, manual installation is also unambiguous  Mirroring ensures getting always the latest from every PMA  Install all “classic” CAs with a single yum –y install ca_policy_igf-classic  Have an “overall” policy file that includes all profiles: yum –y install ca_policy_igf

IGF meeting, March David Groep – RPM dependencies ca_policy_pma-classic-2.3 requires ca_authname = 2.3 ca_policy_pma-3.4 requires ca_policy_pma-classic = 3.4 ca_policy_pma-sips = 3.4 ca_policy_pma-acs = 3.4 ca_policy_igf-classic-1.0 requires ca_policy_eugridpma-classic [no version!] ca_policy_apgridpma-classic [no version!] ca_policy_tagpma-classic [no version!] ca_policy_igf-1.0 requires ca_policy_igf-classic = 1.0 ca_policy_igf-sips = 1.0 ca_policy_igf-acs = 1.0

IGF meeting, March David Groep – CA package contents  Required content  trust anchor: c_hash.0  CRL location:c_hash.crl_url  Namespace definition:c_hash.signing_policy  Optional content  CERT locationc_hash.ca_url  CA web pagec_hash.url  Package dependencies (RPM only)  for a hierarchical PKI the RPM name of the parent CA  Proposed content  metadatac_hash.doc with: alias, full name, AuthProfile, addresses, PDS, CP/CPS link, all as “attribute=value” pairs

IGF meeting, March David Groep – Tar/Configure based installation  RP will download three tarballs  Runs./configure three times  but same format for all:  –prefix=path [default: /etc/grid-security/certificates]  –with-profile=authprofilename [default: all profiles]

IGF meeting, March David Groep – Naming conventions  Each Authority will have an alias of 4-16 chars  Each PMA will have a shortname “eugridpma”, “apgridpma”, “tagpma”  Each profile will have a shortname for use in RPM specialisation and for the –with-profile= configure option  “classic”: traditional, secured PKI CAs  “sips”: Site Integrated Proxy Servers, kCAs  “acs”: secured Active Certs Stores, NERSC-style  “experimental”: testing and experimental authorities of any kind that need distribution  “test”: internal testing only

IGF meeting, March David Groep – Mirroring requirements  Each PMA will mirror all others & the IGF  web site / directory naming  Mirror frequency: once daily  also mirror yourself for consistency so “/distribution/mirror” will be same everywhere

IGF meeting, March David Groep – Implementation plan ……

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.