Presentation is loading. Please wait.

Presentation is loading. Please wait.

CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013.

Published byLenard Cobb Modified over 9 years ago

Similar presentations

Presentation on theme: "CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013."— Presentation transcript:

1 CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013

2 Current Stuff Rather more shoestring without NGS –Implications for DR/BC and innovations Still pretty large, still alive, still running

3 People Jens Jensen – CA manager Dave Kelsey – ambassador extraordinary John Kewley – Support Suleman Tariq – admin Dave Meredith – CW code + 2-3 people doing day-to-day signing + the TAG

4 CertWizard Stuff Dave Meredith (code) Aims to replace browsers –Browsers are fickle in their X.509 support –Latest HTML5 might help, eventually –Needs Java. Macs not good at Java? Implementing bulk requests, RA ops

5 2013 so far Retired the old (2007) CA Certificate –Surprisingly complicated process… Perl scripts to CW –update by Robert Frank - full release soon –Imperial (Adam) Shib-2 compatible release of SARoNGS 12/04/2013GridPP 31 Imperial College5

6 2013 so far (ctd) New CA website: http://www.ngs.ac.uk/ukcahttp://www.ngs.ac.uk/ukca 12/04/2013GridPP 31 Imperial College6

7 12/04/2013GridPP 31 Imperial College7 New CA Portal with new RA interface, currently in use by many of our RAs https://portal.ca.grid-support.ac.uk/caportal 2013 so far (ctd)

8 2013/14 TODO Update client tools for SHA-2 (jglobus2) –MyProxyUploader part of CertWizard –GSI-SSHTERM Bulk requests (perl CLI script / CA REST server) Sign all certificates (user and host) with SHA2 from 1 Dec New CA Portal updates: certificate requests and renewals from browser 12/04/2013GridPP 31 Imperial College8

9 Roadmap Stuff Finalise “new” policy (unified) Multi-LoA: IOTA profile (< Classic) for SARoNGS and InCommon SHA2 Moonshot integration (pos via MyProxy) –Initially non-prod Redo DR/BC, cheaper

10 Roadmap Stuff – LoA Federated identities and other ext’l Background is JSPG portal policy Federation policies and VO agreements “strengthen” user’s credential –Towards a “cloud” login (on-demand)

11 Roadmap Stuff (potential) Key management service (a la MyProxy) Online signing? Moonshot: production service (expected) –More credential-with-LoA+AuZ than X.509+VOMS –Offer X.509 via conversion –Vision: may not need User CA –And at least not RAs, and paperwork Still need to support host certs (gateway?)

12 Roadmap Stuff (potential) Renewal of recently expired certificates –Protocol goes to great lengths to allow this If intermediate CA certs need SHA2: –Re-sign intermediate CA certificates (2A and 2B) – same DNs, same keys, different serials –No changes to EE certs –No change to Root cert

Download ppt "CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013."

Similar presentations

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
Technology on the NGS Pete Oliver NGS Operations Manager.

Technology on the NGS Pete Oliver NGS Operations Manager.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
CA Key 1 Created OCSP Cert 1 Client Cert 1 Client Cert 2 OCSP Cert 2 CA Key 2 Created CA Key 1 Expiration OCSP Cert 3 Client Cert.

CA Key 1 Created OCSP Cert 1 Client Cert 1 Client Cert 2 OCSP Cert 2 CA Key 2 Created CA Key 1 Expiration OCSP Cert 3 Client Cert.
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl

1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Similar presentations

Ads by Google