Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jens Jensen EU Grid PMA, Berlin Jan 2015

Published byPhyllis Austin Modified over 6 years ago

Similar presentations

Presentation on theme: "Jens Jensen EU Grid PMA, Berlin Jan 2015"— Presentation transcript:

1 Jens Jensen EU Grid PMA, Berlin Jan 2015
UK e-Science CA update Jens Jensen EU Grid PMA, Berlin Jan 2015

2 Great Leap Forward - Overview
New CA code: CertWizard, caportal CertWizard meant to support workflow (unlike browsers) caportal: browser support via javascript 3x Command line client (& bulk) support One part of CA, CertSorcerer (IC), Manchester New CP/CPS – rewrite everything Except data protection Common Policy for all CAs Short CPS

3 Auto-checks your certificate status; rekey post expiry

4 Request and key generated in javascript and pasted into and out of files

5

6 Great Leap Forward - Overview
Modernise extensions (We had nsCertType and MD5-signed CRLs) Support post-expiry rekeying Re-engineer BC/DR Close off OpenCA-based code (old) For: Users, RAs, CA ops Address issues found in self audits (September 2009), January 2014 C/D were cert and CRL profile (GFD.225)

7 Great Leap Forward - Overview
Address HSM (lack of) support Expensive, no strong business case Considered buying new HSM 2A is generated in HSM, 2B is imported (Case for discontinuing 2A?) 2A online, 2B semi-online SARoNGS  IOTA SARoNGS is generated in HSM, too; may rekey Number of RAs non-decreasing

8 An opportunity to migrate certificates to JCS
JCS - Overview An opportunity to migrate certificates to JCS Online signing Certificate issuances becomes S.E.P. Not a takeover, but a collaboration between STFC and JANET to do it if it can be done

9 JISC (JANET) Certificate Service
JCS - Overview JISC (JANET) Certificate Service Migrate CA to JCS – if possible Need to support Personal certificates – how are users authenticated Host certificates – at a cost of £0/cert Service certificates – still needed? Robot certs – <10 distinct robots Need graceful migration DNs will change, though Discussions started 1 year ago

10 Timescale for full handover
JCS - Overview Timescale for full handover If successful, could terminate UK e-Science CA by ~Jan 2018 (estimate) JCS already active but not doing UK e-Science UK e-Science CA will continue as long as needed At least for the time being But lack of funding makes JCS attractive

11 Eventually should have UKAMF identity(?) Other methods
JCS – Identity Mgmt Eventually should have UKAMF identity(?) Need for CN and for personal Other methods Interim: use existing RAs? (and current identity papers) Will mean DN migration (subst root?) Need something different for hosts Will we use Moonshot at some point? Need a suitable COI defined (and trustrouter)

12 Investigating linking UK e-Science CA to JCS
JCS - Overview Investigating linking UK e-Science CA to JCS Trust/Link, CA’s API Continue support via CW, CAPortal Online signing (DNs will change?)

13 Stakeholder communication Migration
Issues Stakeholder communication GridPP (and other RPs), PMA, TAG, Migration Support all types of certificates Support existing interfaces Support bulk requests Processes change Changes of names (cf. RA migration discussion) Cost of obtaining certificates

14 Future Perspectives: Either Or (or in between)
Still running a CA by 2020… As long as GridPP needs it People migrating to JCS, or switch to federations? What is the role of SARoNGS? Everything handed over Terminated by (say) 2018 CA Emeritus…

15 Draft Timescale (Separate)

16 GridPP and DiRAC and bears, oh my Group management and authorisation
UK e-I Sec & AM WG GridPP and DiRAC and bears, oh my Shibboleth and Proxy and bears, oh my Group management and authorisation Documented by AC New bioinformatics – need AAI

17 September 2009

18

19

20

Download ppt "Jens Jensen EU Grid PMA, Berlin Jan 2015"

Similar presentations

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/
Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.

Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.

Author - Title- Date - n° 1 Partner Logo Authentication John Gordon GridPP 2 nd May 2002.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013.

CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept
Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.

Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.

On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI.

CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI.

Similar presentations

Ads by Google