Presentation is loading. Please wait.

Presentation is loading. Please wait.

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

Published byGillian Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education."— Presentation transcript:

1 F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education

2 F. Guilleux, O. Salaün - CRU Institutional view CNRS INRIA CEA … Research institutions Universities (83) Engineer schools (80) Ministry in charge of Research and HE

3 F. Guilleux, O. Salaün - CRU What is the CRU CRU stands for « Comité Réseau des Universités » (network committee for French universities) We do NOT operate a national academic network (=> Renater) The CRU is responsible for coordinating actions among universities and between universities and the ministry

4 F. Guilleux, O. Salaün - CRU Middleware activities Authentication & Authorization Infrastructure Directories Sympa PKI

5 F. Guilleux, O. Salaün - CRU AAI French ministry urges universities to set up digital working environments (Virtual campuses): –National working group dealing with A&A has published “recommendations” in 2003 –Most universities chose Uportal and CAS mainly for its proxy capabilities The CRU will shortly start an AAI based on Shibboleth

6 F. Guilleux, O. Salaün - CRU Directories Higher Education working group defining a common LDAP schema and naming Inheritance from EduPerson No course data definition yet Connectors to allow the provisioning are being developed

7 F. Guilleux, O. Salaün - CRU AuthN AuthZ List members List definition List owners LDAP SQL Lists LDAP SQL Lists XML LDAP Shibboleth LDAP X509 CAS Shibb Sympa services SOAP RSS Sympa middleware connections

8 F. Guilleux, O. Salaün - CRU PKI / general overview Started in 2000 Technically and administratively operated by the CRU Delivers X.509 certificates for: –People (web authentication and electronic signature in a few cases) –Servers (HTTPS, IMAPS, LDAPS…)

9 F. Guilleux, O. Salaün - CRU Hierarchy Root CA user CA enhanced user CA server CA Private key stored on PKCS#11 device

10 F. Guilleux, O. Salaün - CRU PKI / Logical structure CA National RA Local RA Local RA Local RA CRU volunteer universities user certificate for any employee user certificate for any employee user certificate for any employee server certificate user certificate for : security officers local software providers RA operators

11 F. Guilleux, O. Salaün - CRU PKI / Figures 500 valid user certificates for: –Security officers –Local software providers –RA operators Currently only 30 valid user certificates delivered by 10 local RAs (since this summer) 500 valid server certificates for 90 different universities

12 F. Guilleux, O. Salaün - CRU PKI / what we have learnt… User and server certificates use the same technology but constraints are actually different Server certificates: –More and more used by French universities –Main problem: the “popup problem” –Easy to deliver: Requested by official security officers Server identity checked against a HiEd list of hostname administred by universities

13 F. Guilleux, O. Salaün - CRU PKI / what we have learnt… User certificates: –Costly registration and revocation processes –Lot of support because of: Poor and various certificate implementations in web browsers Average users don’t understand PKI concepts (CAs, CRL, cert vs private key, …) –Need of PKCS#11 devices for mobility secure storage of private keys –Too much legal constraints to allow a safe use of electronic signature

Download ppt "F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education."

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Similar presentations

Ads by Google