Presentation is loading. Please wait.

Presentation is loading. Please wait.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

Similar presentations


Presentation on theme: "TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir."— Presentation transcript:

1 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir Imamagic, Dobrisa Dobrenic, Miroslav Milinovic SRCE Miroslav Popovic FER Terena Networking Conference 2008

2 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Overview Motivation Short Lived Certificate Service OpenCA SLCS architecture OpenCA extensions RA application CRO NGI Future work Conclusions

3 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Motivation X509 certificates issues for end-users identity validation process heavy maintenance users mobility Many organizations and countries have established their own AAI

4 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Short-term certificate based on existing Identity Management System automatic identity validation lifetime – 1 million seconds (approx. 11 days) International Grid Trust Federation (IGTF) profile Bridge between AAIs and X509 certificates

5 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Croatian national academic AAI federation Distributed LDAP directories Several authentication mechanisms LDAP RADIUS web service (HTTPS/SOAP) Federation Web Service (FWS) web service interface

6 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI OpenCA Certificate Authority (CA) framework Open source Features web interface database backend Hardware Security Module (HSM) support

7 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI SLCS Architecture Register Get certificate AuthN & Get attributes AuthZ Issue certificate

8 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI OpenCA Extensions Public component extensions FWS-based authentication certificate request generation (FWS & RA Application) interaction with CA component extension CA component extension automatic certificate issuing SSL-based communication with Public

9 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI RA Application Registration Authority (RA) performs users authorization Web interface user request submission RA management interfaces Web service interface integration with public component

10 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI CRO NGI Croatian National Grid Infrastructure coordinated by SRCE permanent part in state budget Available for research and academia Grid middleware Globus Toolkit 2 & 4 based on X509 certificates Use case for SLCS

11 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Future Work IGTF accreditation Short Lived Credential Services Authentication profile Command line interface enable retrieval from grid UIs MICS implementation long-lived certificates relevant for long running applications

12 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Conclusions X509 certificates heavyweight for average users Organizational & national AAIs handle large number of users users are familiar with them SLCS important for wide adoption of X509-based infrastructures

13 TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Thank You! Questions?


Download ppt "TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir."

Similar presentations


Ads by Google