Presentation is loading. Please wait.

Presentation is loading. Please wait.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

Published byMelinda Stevenson Modified over 8 years ago

Similar presentations

Presentation on theme: "Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )"— Presentation transcript:

1 Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

2 Agenda ASGCCA Introduce The user/host certificate request RA (Registration Authority) User Responsibilities VOMS VOMS procedure ASGC VOMS services

3 Introduction The ASGCCA locates at Academia Sinica Grid Computing Centre in Taiwan and has been running since July 2002. It is managed by Academia Sinica Grid Computing Centre It provides X.509 certificate to support the secure environment in grid computing. http://ca.grid.sinica.edu.tw

4 End Entity and Certificate Type End Entities: Users of Academia Sinica Grid Computing Centre Users of Domestic/International Grid-based Application/Projects Certificate Type User Certificate C=TW, O=AS, OU=GRID, CN=Joen Yi Jian Host Certificate C=TW, O=AS, OU=GRID, CN=ca.grid.sinica.edu.tw

5 Identification and Authentication User certificate: Subscriber must submit his/her application form sign with Request Authority’s signature via fax to ASGCCA Request Authority (RA) will contact applicant via face- to-face meeting Host certificate: Requests must be signed with a valid personal ASGCCA certificate RA will check the FQDN of the host before issuing certificate

6 Key Generation Private key is generated by browsers on the users’ machine. CA will never generate private key on user’s behalf. CA have no access to the users’ private key.

7 Key Restriction Key Length ASGCCA private key is 2048 bits User private key must have at least 1024 bits Host private key must has at least 1024 bits Pass phrase The pass phrase of CA’s private key is at least 15 characters The pass phrase of end entity’s private key is at minimum 8 characters. Protecting the pass phrase from others

8 Certificate Restriction Certificate Lifetime for ASGCCA certificate is five years user certificate is one year host certificate is one year User certificate should not be shared. The certificate issued by ASGCCA must not be used for financial transaction.

9 Certificate Revocation Circumstances for Revocation The entity’s private key is lost or suspected to be compromised. The information in the entity's certificate is suspected to be inaccurate. The entity terminate services. The entity violated its obligations.

10 CRL Policy CRL (Certificate Revocation List ) The lifetime of CRL is 30 days CRL is updated immediately after every revocation CRL is reissued 7 days before expiration even if there have been no revocations

11 Staff Contact Information Jinny Chien Phone: 886-2-2789-8008 Fax: 886-2-2789-6793 Email: asgcca@grid.sinica.edu.twasgcca@grid.sinica.edu.tw Mail Box: Nankang PO BOX 1-8 Taipei, Taiwan 11529 Address: 128, Sec. 2, Academic Rd., Nankang, Taipei, Taiwan 11529

12 Certificate Request Private Key encrypted on local disk Cert Request Public Key ID Cert User generates public/private key pair in browser. User sends public key to CA and shows RA proof of identity. CA signature links identity and public key in certificate. CA informs user. CA root certificate

13 User Certificate Request Applicant RA/CA staff CA server (Offline) CA website (Online) 1. Applicant download the application from ASGCCA website 2. RA staff confirms applicant’s identity in person 3. Applicant send the application from and fax it to CA manager 4. Applicant creates the CSR requests on CA website 5. CA manager issues the certificate on CA server (offline) and put it on CA website 6. CA manager sends the notification to applicant and applicant picks up new certificate

14 Host Certificate Request applicantCA website 1.Applicant gets his/her user certificate from CA manager 2.Applicant put the user certificate into the browser 3. Access the ASGCCA webpage and complete the online request 4. CA manager will issue the host certificate when received the FQDN CA manager

15 ASGCCA RA Qualification RA (Registration Authority) One RA per institute Permanent staff readily available on site Photo ID Work ID Officially recognized International/National ID Read CPCPS and agree to RA responsibilities

16 RA Responsibilities Verify user identities Assist users with CA service request and issues Inform CA if RA will leave their organization Recommend new RA Maintain RA activity records Used for RA auditing Inform CA when certificates needs to be revoked Certificate compromise User leaves institution Inform CA of changes to contact information of RA and users

17 http://ca.grid.sinica.edu.tw/general/RAresponsibility.html

18 ASGC RA contact http://ca.grid.sinica.edu.tw/contact.html

19 Walk Through Homepage http://ca.grid.sinica.edu.tw Apply for user certificate steps http://ca.grid.sinica.edu.tw/certificate/request/request_use r_cert.htmlhttp://ca.grid.sinica.edu.tw/certificate/request/request_use r_cert.html Apply for RA status steps http://ca.grid.sinica.edu.tw/certificate/request/request_ra. htmlhttp://ca.grid.sinica.edu.tw/certificate/request/request_ra. html Apply for host certificate steps http://ca.grid.sinica.edu.tw/certificate/request/request_hos t_cert.htmlhttp://ca.grid.sinica.edu.tw/certificate/request/request_hos t_cert.html

20 Apply for user certificate checklist Read and understand ASGCCA CP/CPS RA’s signature on application Fax the application and send an notify e-mail to asgcca@grid.sinica.edu.tw asgcca@grid.sinica.edu.tw Generate CSR file via CA websiteCA website

21 Request a user certificate The user application process User needs to fax to CA application form Photo copies of work and official ID User creates a CSR file on the CA web server For organization outside of Taiwan, select: “TW” for country “AP” for Organization The user’s private key will be stored in the browser Use the same machine to retrieve the certificate

22 Authentication, Authorisation and Security 22 User Responsibilities Keep your private key secure – on USB drive only Do not share your certificate with anyone. Please contact the CA or RA if there is any question of your certificate. Do not launch a delegation service for longer than your current task needs. If your certificate or delegated service is used by someone other than you, it cannot be proven that it was not you.

23 What is VOMS VOMS is a system to classify users that are part of a Virtual Organization (VO) on the base of a set of attributes that will be granted to them upon request and to include that information inside Globus-compatible proxy certificates. voms-proxy-init

24

25 The VOMS procedure Make sure you have a user certificate first. User must send a request to asgcvoms@twgrid.org. Provide the following items when requesting to join Twgrid or Apesci VO User name The date of request Country Which VO do you want to join (Twgrid or Apesci) The reason of join this VO Which site are you associated Please refer to the site information of APROC via http://goc.grid.sinica.edu.tw/gstat//AsiaPacific.html http://goc.grid.sinica.edu.tw/gstat//AsiaPacific.html VO manager will approval or deny the request. After complete, please go to the VOMS web page and fill in the registration information.

26 ASGC VOMS service Before you request a requirment, please read the AUP rule. AUP( Acceptable User Policy) Twgrid: https://voms.grid.sinica.edu.tw:8443/voms/twgrid Apesci : https://voms.grid.sinica.edu.tw:8443/voms/apesci VOMS service http://www.twgrid.org/aproc/services/vom

27 The End

Download ppt "Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )"

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.
User Certificate Application Guide Mason Hsiung. Visit start to request your user certificatehttp://ca.grid.sinica.edu.tw.

User Certificate Application Guide Mason Hsiung. Visit start to request your user certificatehttp://ca.grid.sinica.edu.tw.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien F2F Meeting 8 th March 2010.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien F2F Meeting 8 th March 2010.
UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

Similar presentations

Ads by Google