Presentation is loading. Please wait.

Presentation is loading. Please wait.

FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.

Published bySarah Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification."— Presentation transcript:

1 FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification Authority Vinod Rebello Universidade Federal Fluminense TAGPMA Face-to-Face Meeting Rio de Janeiro, Brazil, 27-29.03.2006

2 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 2 Introduction Repository Name Spaces Certificate and CRL profiles LA Catch-all CA Structure End Entity Identification and Verification Process Certificate Issuance Security controls Audit/Archive procedures Compromise procedures Disaster recovery What’s next and future plans Presentation Outline

3 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 3 Introduction Repository Name Spaces Certificate and CRL profiles LA Catch-all CA Structure End Entity Identification and Verification Process Certificate Issuance Security controls Audit/Archive procedures Compromise procedures Disaster recovery What’s next and future plans Presentation Outline

4 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 4 Traditional X.509 Public Key Certification Authority which issues long-term credentials. CP/CPS follows the IETF’s RFC 3647 –Based on the CP/CPS of the Brazilian Grid (BrGrid) CA. –Version 0.3, OID 1.3.6.1.4.1.24839.2.1.10.2.1.0.3 Fully compliant with the IGTF Classic CA Profile, maintained by EUgridPMA. –The purpose is to issue certificates to support EGEE e-Science activities in the Latin American countries that have yet to establish IGTF accredited Grid CAs of their own. The LACa CA is not envisioned to be a long-term commitment, rather a temporary solution for end users in countries without appropriately accredited CAs. LACa CA Overview

5 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 5 Flexibility Expect the LACa CA to be a comparatively short term endeavour. Facilitate the transfer one or other of the CAs to another location if seen to be appropriate. Separate LACa and BrGrid policy issues –Differing legal questions –Vetting procedures –Operational procedures Why Two Separate CAs

6 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 6 Universidade Federal Fluminense (UFF), Niterói, Brazil –Instituto de Computação  Smart Grid Computing Laboratory Vinod Rebello (CA Manager) Daniela Vianna Jacques da Silva Carlos Cunha (Technical support) Rafael Pereira (Technical support)  Web repository: http://lac-ca.ic.uff.br/  Email: lac-ca@ic.uff.br LACa CA Operations

7 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 7 The certificate subject names obey the X.501 standard. Subject names start with the fixed component to which a variable component is appended to make it unique. –/O=LACaCA/C=country/O=organization/OU=organizational- unit/CN=subject-name  /O=LACaCA/C=BR/O=UFF/OU=IC/CN=John Smith –/O=LACaCA/C=country/O=organization/OU=organizational- unit/CN=host/host-dns-name  /O=LACaCA/C=BR/O=UFRJ/OU=IF/CN=host/ce.if.ufrj.br –/O=LACaCA/C=country/O=organization/OU=organizational- unit/CN=service/host-dns-name  /O=LACaCA/C=BR/O=UFF/OU=IC/CN=ldap/ca.ic.uff.br Name Space

8 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 8 If an organization or unit intends to requests a number of certificates, it is encouraged to setup a LACa CA RA For first time requests, the CA (when request is to become an RA) or the RA (in the case of a certificate request from end entity) must ascertain: –whether or not that the organization or organizational unit exists; –is entitled to request BrGrid certificates; and –obtain competent information on who is entitled to sign documents on behalf of that institution. Organization Identification

9 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 9 Verification of Affiliation The current relationship between the subscriber and the organization or unit mentioned in the subject name must be proved through: –a legally acceptable document; –an organization identity card; or –an official organization document stamped and signed by an official representative of that organization. The request may optionally be authorized through the digital signature of an official representative of the organization in possession of a valid LACa CA issued certificate. In special cases, an organization can provide the RA with access to official databases to verify the relationship.

10 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 10 Individuals are authenticated through the presentation of a valid identity document officially recognized under law of the country where the subscriber resides. The individual should present himself in person to a LACa CA RA for their identity to be verified. At that moment, the individual must present: –Proof of their current relationship with the organization(s) to be specified in the DN; –Identity document with photograph; and –A photocopy of this documentation to be archived by the RA. Identity Validation (1)

11 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 11 If, for example due to a subscriber’s geographical remote location, physical presence is not possible this presentation may be held by video conference. Exceptionally, the subscriber’s identity may be confirmed by a digitally signed email from another subscriber in possession of a valid LACa CA issued certificate. In either case, an authenticated photocopy of all identity documentation together with the subscriber’s notarized signature must be sent by mail/courier to the RA manager (or the CA Manager in the case of setting up an RA) prior to the meeting. Identity Validation (2)

12 FP6−2004−Infrastructures−6-SSA-026409 E-infrastructure shared between Europe and Latin America TAGPMA F2F Meeting, Rio de Janeiro, Brazil, 27-29.01.2006 12 The LACa CA is not operational nor is the repository online. The same CA management software and resources will be used to support both the BrGrid CA and LACa CA simultaneously. Given the similarities, aim to focus on the development of the BrGrid CA and implement the differences. Objective: fully operational and ready for “complete” accreditation by the next F2F TAGPMA meeting in July 2006. Current Status

Download ppt "FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
CAs, RAs & PMAs CAs, RAs & PMAs Roberto Cecchini INFN CA Manager EUIndiaGrid kick-off Trieste, 19/10/06.

CAs, RAs & PMAs CAs, RAs & PMAs Roberto Cecchini INFN CA Manager EUIndiaGrid kick-off Trieste, 19/10/06.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America Pilot Test-bed Operations and Support Work.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Pilot Test-bed Operations and Support Work.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Similar presentations

Ads by Google