Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distribution Repository Structure David Groep, 2005.03.15

Published byJanel Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "Distribution Repository Structure David Groep, 2005.03.15"— Presentation transcript:

1 Distribution Repository Structure David Groep, 2005.03.15 http://www.eugridpma.org/

2 IGF meeting, March 15 2005 - 2 David Groep – chair@eugridpma.org Distribution of trust anchors  The PMA distributes a set of trust anchors for the community of all accredited CAs  Although published via a secure web site, RPs are invited to cross-check the trust anchors against TACAR &c.  When using common auth profiles, RPs are likely to install all accredited authorities from all PMAs  Need simple, common mechanisms  Support both simple tar-based installs and RPM/yum/apt (and debian?)

3 IGF meeting, March 15 2005 - 3 David Groep – chair@eugridpma.org Distribution items  RPMs  one per CA  including meta-data like CRL URL  “policy” meta-RPMS for accredited authorities  tar balls  per CA  a combined tarball with configure/install script

4 IGF meeting, March 15 2005 - 4 David Groep – chair@eugridpma.org Current layout (one profile only) /distribution/current -> 0.27 /distribution/0.27/....../accredited/RPMS/ca_NAME1-0.27-1.noarch.../accredited/RPMS/ca_NAME2-0.27-1.noarch.../accredited/tgz/ca_NAME.tar.gz.../accredited/ /cabundle-eugridpma-accredited.tar.gz.../ca_policy_eugridpma-0.27-1.noarch.rpm /distribution/0.27/headers/...

5 IGF meeting, March 15 2005 - 5 David Groep – chair@eugridpma.org Proposed structure (multiple profiles) /distribution/current -> eugridpma/1.0 /distribution/eugridpma/1.0/accredited/RPMS/....../accredited/RPMS/ca_NAME-1.0-1.noarch.rpm.../accredited/RPMS/ca_policy_eugridpma-classic-1.0-1.noarch.rpm.../accredited/RPMS/ca_policy_eugridpma-acs-1.0-1.noarch.rpm.../accredited/tgz/ca_NAME.tar.gz.../accredited/tgz/cabundle-eugridpma-accredited.tar.gz * /distribution/eugridpma/1.0/headers/... /distribution/mirror/current/apgridpma/....../apgridpma/current/accredited/ca_policy_apgridpma-classic-0.3-.. /distribution/mirror/current/tagpma/....../tagpma/current/accredited/ca_policy_tagpma-sips-1.2-1.noarch... /distribution/mirror/current/eugridpma/current/... /distribution/mirror/current/igf/....../igf/current/accredited/RPMS/ca_policy_igf-classic-1.0-1.noarch requires: ca_policy_eugridpma-classic requires: ca_policy_apgridpma-classic /distribution/mirror/current/headers/... * )./configure --prefix=/etc/security/grid --with-profile=acs make install

6 IGF meeting, March 15 2005 - 6 David Groep – chair@eugridpma.org Using the RPM repository  Having all PMA current repositories mirrored under one root allows YUM/APT updates from a single source  If the “current” is mirrored and old files removed, manual installation is also unambiguous  Mirroring ensures getting always the latest from every PMA  Install all “classic” CAs with a single yum –y install ca_policy_igf-classic  Have an “overall” policy file that includes all profiles: yum –y install ca_policy_igf

7 IGF meeting, March 15 2005 - 7 David Groep – chair@eugridpma.org RPM dependencies ca_policy_pma-classic-2.3 requires ca_authname = 2.3 ca_policy_pma-3.4 requires ca_policy_pma-classic = 3.4 ca_policy_pma-sips = 3.4 ca_policy_pma-acs = 3.4 ca_policy_igf-classic-1.0 requires ca_policy_eugridpma-classic [no version!] ca_policy_apgridpma-classic [no version!] ca_policy_tagpma-classic [no version!] ca_policy_igf-1.0 requires ca_policy_igf-classic = 1.0 ca_policy_igf-sips = 1.0 ca_policy_igf-acs = 1.0

8 IGF meeting, March 15 2005 - 8 David Groep – chair@eugridpma.org CA package contents  Required content  trust anchor: c_hash.0  CRL location:c_hash.crl_url  Namespace definition:c_hash.signing_policy  Optional content  CERT locationc_hash.ca_url  CA web pagec_hash.url  Package dependencies (RPM only)  for a hierarchical PKI the RPM name of the parent CA  Proposed content  metadatac_hash.doc with: alias, full name, AuthProfile, email addresses, PDS, CP/CPS link, all as “attribute=value” pairs

9 IGF meeting, March 15 2005 - 9 David Groep – chair@eugridpma.org Tar/Configure based installation  RP will download three tarballs  Runs./configure three times  but same format for all:  –prefix=path [default: /etc/grid-security/certificates]  –with-profile=authprofilename [default: all profiles]

10 IGF meeting, March 15 2005 - 10 David Groep – chair@eugridpma.org Naming conventions  Each Authority will have an alias of 4-16 chars  Each PMA will have a shortname “eugridpma”, “apgridpma”, “tagpma”  Each profile will have a shortname for use in RPM specialisation and for the –with-profile= configure option  “classic”: traditional, secured PKI CAs  “sips”: Site Integrated Proxy Servers, kCAs  “acs”: secured Active Certs Stores, NERSC-style  “experimental”: testing and experimental authorities of any kind that need distribution  “test”: internal testing only

11 IGF meeting, March 15 2005 - 11 David Groep – chair@eugridpma.org Mirroring requirements  Each PMA will mirror all others & the IGF  web site / directory naming http://www.pmaname.org/distribution/mirror/  Mirror frequency: once daily  also mirror yourself for consistency so “/distribution/mirror” will be same everywhere

12 IGF meeting, March 15 2005 - 12 David Groep – chair@eugridpma.org Implementation plan ……

Download ppt "Distribution Repository Structure David Groep, 2005.03.15"

Similar presentations

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp://www.apgridpma.org/meetings/index.html Call for note takers!

4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
CVE-2008-0166, lessons learned and actions David Groep, Nov 7 nd, 2008.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Installing Linux softwares Sirak Kaewjamnong. 2 Software packets  When Linux developers create their software they typically bundle all the executable.

Installing Linux softwares Sirak Kaewjamnong. 2 Software packets  When Linux developers create their software they typically bundle all the executable.
Linux Operations and Administration

Linux Operations and Administration
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Deploying Experiments with Raven Scott Baker SB-Software John H. Hartman University of Arizona.

Deploying Experiments with Raven Scott Baker SB-Software John H. Hartman University of Arizona.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file www.gridpp.ac.uk grid “ping”

Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
Apache Web Server v. 2.2 Reference Manual Chapter 1 Compiling and Installing.

Apache Web Server v. 2.2 Reference Manual Chapter 1 Compiling and Installing.
The CA Distribution Process David Groep, July 2007.

The CA Distribution Process David Groep, July 2007.
Yannick Patois – Datagrid Repository Presentation- 2001/11/21 - n° 1 Partner Logo DataGrid Software Repository presentation A short presentation of the.

Yannick Patois – Datagrid Repository Presentation- 2001/11/21 - n° 1 Partner Logo DataGrid Software Repository presentation A short presentation of the.

Similar presentations

Ads by Google