Grid Canada Certificate Authority Darcy Quesnel

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Public Key Infrastructure Ben Sangster February 23, 2006.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Public Key Infrastructure Ammar Hasayen ….

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

Module 9: Fundamentals of Securing Network Communication.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.

KFKI CA József Kadlecsik KFKI RMKI

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

A Brief Overview Andrew K. Bjerring President and CEO.

UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

Academia Sinica Grid Computing Certification Authority (ASGCCA)

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

INFSO-RI Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly

1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director 8 May th EuGridPMA meeting, Germany.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.

Gilda certificates. Certification Authority

PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.

TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM

HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.

FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

GRID-FR French CA Alice de Bignicourt.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;

CAISO Public Key Infrastructure: Supporting Secure ICCP Leslie DeAnda Senior Information Security Analyst, Information Security, CAISO EMS Users Group.

جايگاه گواهی ديجيتالی در ايران

The GENIUS Security Services

Emir Imamagić University Computing Centre (Srce)

KISTI CA Report Status & Self-Audit

Presentation transcript:

Grid Canada Certificate Authority Darcy Quesnel

About Grid Canada Project formed by an MOU between CANARIE, NRC, and C3.ca »C3.ca is the organization of the high performance computing sites in Canada »NRC is the federal lab system in Canada »CANARIE operates the Canadian research and education internet backbone (CAnet4) Develops and deploys infrastructure for use by grid-related projects in Canada

Project Drivers Customer-managed lightpaths »An OGSA-compliant way for users to provision end-to-end lightpaths NRC iHPC »Develop and deploy grid infrastructure within NRC »In support of multi-scale modelling » 50? in the future Atlas Canada »Wants to participate in Data Grid » 30? in the future

Challenges Right now »Canada is not the U.S. and it is not Europe (or even the U.K.) »No federal granting agency has yet identified grids as a “strategic direction” We hope that »Funded projects will see the benefits of having an explicit grid component »The NRC and CANARIE will increase their roles

GC CA Details CA Certificate Valid From: CA Certificate Valid Until: User Certificates: 13 Host/Service Certificates: 18 Revocations: 2 Based on the globus_simple_ca_bundle Issued to R&E end entities involved in grid activities Standard set of extensions

CA Requirements Compliance GC CA machine is dedicated, secure, and non-networked GC CA private key is »2048-bit length »Valid for 5 years »Passphrase protected User and host/service keys are »1024-bit length »Valid for 1 year »Linked to a specific person or host/service »Generated by the user

CA Requirements Compliance Namespace is “/C=CA/O=Grid/*” »Subject names have the form “/C=CA/O=Grid /OU= /CN= ” Published at is thehttp:// »CP/CPS »CRL »Public Key »Signing Policy All requests and responses ( ), certificates, and CRLs are archived

CA Requirements Differences RA is based on a small community »User certificates are granted to people I know or who can be vouched for by someone I know Host/service certificate requests are not signed by a user certificate »Host/service certificates are granted after I’ve talked to (or bugged) someone

Future Directions Develop scaleable RA infrastructure North American PMA »Why should EDG WP6 have to deal with me directly? Develop an XML schema for a CP/CPS »Useable by tools »Easier to create and change

Contact Information