Presentation is loading. Please wait.

Presentation is loading. Please wait.

TERENA TF-EMC2 Workshop David Groep, 2004.11.04

Published byAubrey Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "TERENA TF-EMC2 Workshop David Groep, 2004.11.04"— Presentation transcript:

1 TERENA TF-EMC2 Workshop David Groep, 2004.11.04 http://www.eugridpma.org/

2 TF-EMC2 meeting, November 4 2004 - 2 David Groep – chair@eugridpma.org A PKI for Grids  PKI model fits the lack of hierarchical relations between users and resources in the Grid  Users can join collaborations (VOs), that are independent of both resources and home organisations  mainly unilateral trust relations (RP/subscriber -> CA) limited mutual trust (CA->CA within PMA)  Both users and services need a credential  Revocation:  of authZ via the VOs,  of AuthN via the CAs (latter only of the identity is compromised)

3 TF-EMC2 meeting, November 4 2004 - 3 David Groep – chair@eugridpma.org The EUGridPMA European Grid Authentication Policy Management Authority for e-Science  Coordinates authentication for people and services for European, national, and related Grid projects EGEE, DEISA, SEEGRID, LCG, …  PMA manages authentication guidelines policies  Trust domain for research and academic grids

4 TF-EMC2 meeting, November 4 2004 - 4 David Groep – chair@eugridpma.org Certificate Authority Coordination  Evolved from the CA Coordination Group in DataGrid, CrossGrid, LCG, …  collection of national and regional CAs  better local identity vetting  national legislation  all meet or exceed minimum requirements  identity checking (in-person, photo-ID)  physical security (signing key protection, storage)  naming (unique certificate names)  revocation (updated lists, retrieval)  Clearly defined accreditation procedure  Basic tools and distribution mechanisms

5 TF-EMC2 meeting, November 4 2004 - 5 David Groep – chair@eugridpma.org Accreditation process  Codification of procedures in a CP(S) for each CA  de facto lots of copy/paste, except for vetting sections  Peer-review process for evaluation  comments welcomed from all PMA members  two assigned referees  In-person appearance during the review meeting

6 TF-EMC2 meeting, November 4 2004 - 6 David Groep – chair@eugridpma.org Accredited Authorities  Everyone (almost) in Europe has a national CA  Green: CA Accredited  Yellow: being discussed Other Accredited CAs:  DoEGrids (US)  GridCanada  ASCCG (Taiwan)  ArmeSFO (Armenia)  CERN  Russia (HEP)  FNAL Service CA (US)  Israel  Pakistan

7 TF-EMC2 meeting, November 4 2004 - 7 David Groep – chair@eugridpma.org The Catch-All CAs Project-centric “catch all” Authorities  For those left out of the rain in EGEE  CNRS “catch-all” (Sophie Nicoud)  coverage for all EGEE partners  For the South-East European Region  regional catch-all CA  For LCG world-wide  DoeGrids CA (Tony Genovese & Mike Helm, ESnet)  Registration Authorities through Ian Neilson

8 TF-EMC2 meeting, November 4 2004 - 8 David Groep – chair@eugridpma.org Distribution RPM distribution to facilitate deployment projects  validation must be done via TACAR (or out-of-band means)  releases contain  CA root cert  CRL URL  CA URL  namespace-policy file (used by software for enforcement)  dependency information (for hierarchical PKIs)  meta-RPMs “ca_policy_eugridpma” for triggering dependencies in install software (yum/apt)  releases every ~ 4-12 weeks

9 TF-EMC2 meeting, November 4 2004 - 9 David Groep – chair@eugridpma.org Global interoperation  PMAs collaborate bilaterally in an interoperation framework: the International Grid Federation see www.gridpma.org Americas PMA being formed EUGridPMA APGridPMA

10 TF-EMC2 meeting, November 4 2004 - 10 David Groep – chair@eugridpma.org Commonality  Common services to all European eInfrastructure  EUGridPMA:  All EU Grid infrastructure FP6 programmes  CAs also cover inter-organisational national projects  TERENA TACAR provides the trust validation  Grid projects rely on TACAR to validate roots-of-trust  Minimum Requirements form bases of IGF  Coherency in AP modelled on EUGridPMA  Americas are planning to build an AMSGridPMA

11 TF-EMC2 meeting, November 4 2004 - 11 David Groep – chair@eugridpma.org Current topics of discussion  Continuing updates to minimum requirements as experience grows to comply better with evolving Grid middleware to comply with evolving industry standards  User key hygiene worries abound Can the user be trusted with key care? (hardly…)  Complexity for users, services the server-certificate service!  On-line CA methodologies Guidelines and Minimum Requirements Site-local solutions (SIPS) Active Certificate Stores (credential repositories, escrow services) CA-generated key pairs and ease-of-use

12 TF-EMC2 meeting, November 4 2004 - 12 David Groep – chair@eugridpma.org http://www.eugridpma.org/

Download ppt "TERENA TF-EMC2 Workshop David Groep, 2004.11.04"

Similar presentations

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Www.DOEGrids.org www.DOEGrids.org DOE’s PKI service for Grids www.DOEGrids.org Tony J. Genovese Malaga, Spain November 2003.

DOE’s PKI service for Grids Tony J. Genovese Malaga, Spain November 2003.
A responsibility based model EDG CA Managers Meeting June 13, 2003.

A responsibility based model EDG CA Managers Meeting June 13, 2003.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp://www.apgridpma.org/meetings/index.html Call for note takers!

4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep, 2005-11-29.

A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep,
National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney
Grid Security in EGEE/LCG ISGC 2005, Taipei, Taiwan 29 April 2005 David Kelsey CCLRC/RAL, UK

Grid Security in EGEE/LCG ISGC 2005, Taipei, Taiwan 29 April 2005 David Kelsey CCLRC/RAL, UK
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Policy Issues for Identity Management (and other attributes) EGI Technical.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK

Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.

Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.

13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.

Similar presentations

Ads by Google