Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Activities in the Spanish Academic Network PKI-COORD (PKI Coordination for Europe) December 6, 2000. Amsterdam.

Published byKristina Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Public Key Activities in the Spanish Academic Network PKI-COORD (PKI Coordination for Europe) December 6, 2000. Amsterdam."— Presentation transcript:

1 Public Key Activities in the Spanish Academic Network PKI-COORD (PKI Coordination for Europe) December 6, 2000. Amsterdam

2 PKI Coordination for Europe - 2 December 6, 2000, Amsterdam Outline zIRIS-PCA yObjectives and Characteristics yHierarchy yPolicy yProcedures yLinks zPKCS#11 Library zPAPI yArchitecture yStatus yGoals

3 PKI Coordination for Europe - 3 December 6, 2000, Amsterdam IRIS-PCA: Objectives zExplore PK technologies zEstablish a hierarchical certification structure in the Spanish Research and Academic Network (RedIRIS constituency) zEstablish a common certification framework zShare applications and experiencies between the members of the community zPromote the use of open-source software

4 PKI Coordination for Europe - 4 December 6, 2000, Amsterdam IRIS-PCA: The Begginings zPKI activities were started at the end of 1997  GTI-PCA Working Group y7th WG meeting in November 2000 zIRIS-PCA is in production yStarted November 2000 yTwo organizations certified yNine organizations working on their own PKI (candidates to be incorporated)

5 PKI Coordination for Europe - 5 December 6, 2000, Amsterdam IRIS-PCA: Characteristics zScope: Root CAs of organizations under our constituency (Research and Acedmic institutions) zX509 v3 certificate format zRedIRIS operates the root CA ySoftware: openssl yOn dedicated, securified, off-line Linux box yCertificates available through HTTP (plus LDAP in the next future) zEach organization is free to establish its own CA and RA structure, CP and CPS yAt least as restrictive as the IRIS-PCA CP

6 PKI Coordination for Europe - 6 December 6, 2000, Amsterdam IRIS-PCA: Hierarchy IRIS-PCA Org-RootCA Org-SubCA Server certificate User certificate Other certificates Server certificate User certificate Other certificates

7 PKI Coordination for Europe - 7 December 6, 2000, Amsterdam IRIS-PCA: Policy zhttp://www.rediris.es/cert/iris-pca/docs/politica.html (only Spanish version available)http://www.rediris.es/cert/iris-pca/docs/politica.html zAt the moment, no CP/CPS full compliance to standards (RFC 2527) zChapters on: yIRIS-PCA identity yScope yCertification tree yUse of the RAs ySecurity and privacy requirements yPoliciy and procedures for certificates yPolicy and procedures for revocations yValidity of the certificates yNaming conventions yCRL and certificate management yObligations and responsibilities

8 PKI Coordination for Europe - 8 December 6, 2000, Amsterdam IRIS-PCA: Procedures zThe candidate organization sends yBy e-mail (iris-pca@rediris.es)iris-pca@rediris.es yCertificate request (PKCS#10 or self-signed certificate formats) yBy certified postal mail yCertification policy yRequest document and legal agreement yFormal appointment to the technical contact zRA@RedIRIS replies yBy e-mail (to the organization technical contact) yCA certificate (PEM format), also published by HTTP yBy certified postal mail ySecret code for revocation

9 PKI Coordination for Europe - 9 December 6, 2000, Amsterdam IRIS-PCA: Links zIRIS-PCA Pilot http://www.rediris.es/cert/proyectos/iris- pca/index.en.html zGTI-PCA Working Group http://www.rediris.es/cert/iris-pca/gti-pca/ zMailing list GTI-PCA@listserv.rediris.es http://www.rediris.es/list/info/gti-pca.es.html ziris-pca@rediris.esiris-pca@rediris.es

10 PKI Coordination for Europe - 10 December 6, 2000, Amsterdam PKCS#11 Library zDeveloped by the University of Murcia for their internal PKI project yOpen to different formats and sizes of smart-cards yAvailable for Unix/Linux and Windows yThoroughly tested in an operational environment yAbout 10,000 users yAcces control, clock-in, facility reservation,... zThe aim of RedIRIS is to distribute the library under GPL yNegotiation is ongoing yConfiguration procedures and documentation necessary

11 PKI Coordination for Europe - 11 December 6, 2000, Amsterdam PAPI zWas initiated to solve the problems derived from access control based on IP-address filters zIts main objective is the provision of controlled access to information services with yA simple and transparent user interface yMaximum flexibility for yClients (universities and other centers inside the RedIRIS network) yInformation providers yUser ubiquity yUser privacy with respect to content providers zStarted with the collaboration of content providers and client organizations zLiaisons with other academic networks

12 PKI Coordination for Europe - 12 December 6, 2000, Amsterdam PAPI: Architecture

13 PKI Coordination for Europe - 13 December 6, 2000, Amsterdam PAPI: Status zFunctioning prototype yBased on Apache mod_perl and virtual servers yRunning from October yhttp://www.rediris.es/app/papi/http://www.rediris.es/app/papi/ zFirst real environment testbed available on mid-December yAccess to digital library services at a major university in Southern Spain yAbout 300 initial users y70,000 potential users ySuccessful initial tests

14 PKI Coordination for Europe - 14 December 6, 2000, Amsterdam PAPI: Short- and mid-term goals zOptimization of system modules based on performance measurements and user feedback yManagement facilities yImplementation of a set of basic authentication hooks (user- and group-based) zInstallation procedures and documentation set: dissemination yPAPI-on-a-box zHarmonization (standardization?) with similar projects yEssential to effectively involve content providers

Download ppt "Public Key Activities in the Spanish Academic Network PKI-COORD (PKI Coordination for Europe) December 6, 2000. Amsterdam."

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
1 SURFnet PKI efforts TERENA PKI-COORD meeting 6 December 2000 Ton Verschuren – Innovation Manager - SURFnet.

1 SURFnet PKI efforts TERENA PKI-COORD meeting 6 December 2000 Ton Verschuren – Innovation Manager - SURFnet.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:

Online AAI José A. Montenegro GISUM Group Security Information Section University of Malaga Malaga (Spain) Web:
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

Similar presentations

Ads by Google