0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

Slides:



Advertisements
Similar presentations
2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09: :20 # Participants: 26.
Advertisements

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.
The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
Academia Sinica Grid Computing Certification Authority (ASGCCA)
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
KEK GRID CA Takashi Sasaki Computing Research Center KEK.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.
The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
APGridPMA Update Eric Yen APGridPMA August, 2014.
Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.
QuoVadis accreditation with EuGridPMA Alessandro Usai
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
Self-Audit & Status Report for KEK GRID CA Hiroyuki Matsunaga KEK (High Energy Accelerator Research Organization), Computing Research Center APGridPMA.
PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
AEGIS Certification Authority
Updates of the APGrid PMA
UGRID CA Sergii Stirenko, Oleg Alienin
Guidelines for auditing Grid CAs
NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit
Organized by governmental sector (National Institute of information )
MaGrid CA Self audit and update
Emir Imamagić University Computing Centre (Srce)
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019
HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau
National Trust Platform
Presentation transcript:

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko

1 Outline Current status of NAREGI CA  Number of issued certificates  Update CP/CPS  Audits Compliance review report

2 Current status of NAREGI CA Number of issued certificates Number of issued certificates  server certificate : 1,350  client certificate : 110 NAREGI CA(NII) NAREGI (IMS,NII) Certificate User Hst administrator User adminstrator RA CA Repositor y CRL,Certificate information User Infomation Issue request Issue LCMP over SSL GlobusServer CA Operator UnicoreServer Certificate enrollment CA System Reception/Assessment HSM Distribute certificate NAREGI CA System Architecture SSL CA private key :Security officer Pass phrase :CA Operator

3 Update CP/CPS  NAREGI updated CPS to Ver2.1 on April 2 、 2007 Change Deleted : The account registration Section 2 and 3 in CPS describes only the identify of user information (Of course in face to face) Added : The rule of personal information use purpose To specify the rule to comply with the latest Classic Authentication Profile. Modified: User certificate validity period 12 months → 13 months TypeValidity Period Client certificate13 months(395days) Server Certificate Glubus server certificate13 months(395days) Unicore server certificate13 months(395days)

4 Audits  NAREGI CA is planning external audit. Auditor : KEK Iwamoto, Iida, Murakami, Ishikawa Support : AIST Tanaka Date : July 5,2007 ※ We will confirm Audit Guideline.

5 Compliance review report Section Classic Authentication ProfileNAREGI CA 3.1 Identity vetting rules ”The RA must ensure that the requestor is appropriately authorized by the owner of the FQDN or the responsible administrator of the machine to use the FQDN identifiers asserted in the certificate” The authorization procedure of FQDN owner was not clear in NAREGI CP/CPS. We added the following procedures ・ To confirm approval of a domain manager who is the responsible administrator ・ To Use WHOIS database for querying owners of the FQDN 4.2 Certificate Policy and Practice Statement Identification ”Whenever there is a change in the CP/CPS, the OID of the document must be changed. In the major changes, it must be announced to the accrediting PMA, and approved before signing any certificates under the new CP/CPS.” "In the currect NAREGI operation, for minor corrections such as misprints it is not done by requiring approval of the NAREGI PMA, instead it is done based on a decision of the security officer. In these cases, the minor version number will be updated, but a new OID will not be assigned.“ I believe it will be allowed to operate in this manner, but will it be a problem?

6 Classic Authentication ProfileNAREGI CA 8 Privacy and confidentiality -"As described “Update CPS” Changing CP/CPS to comply with the RFC3647 -It is not yet decided. Certificate profile -MUST/MUST NOT items are complying with the classic profile. SHOULD/SHOULD NOT items are the next page. We do not have a plan to change for the moment Compliance review report

7 SectionGrid Certificate Profile 0.22 NAREGI CA End-entity Certificate AddressThe attribute pkcs9 (“ Address”) SHOULD NOT be used in subject names. NAREGI use Address in subject names extendedKeyUsage The extendedKeyUsage (EKU) extension SHOULD be included in end-entity certificates. NAREGI do not use UKU subjectAlternativeName, issuerAlternativeName The subjectAlternativeName extension SHOULD be present for server certificates (including “host” and “service” certificates in the grid context), and, if present, MUST contain at least one FQDN in The dNSName attribute. NAREGI do not use subjectAlternativeName in server certificates. Compliance review report

8 END