Presentation is loading. Please wait.

Presentation is loading. Please wait.

Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.

Published byBlake Manning Modified over 10 years ago

Similar presentations

Presentation on theme: "Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston."— Presentation transcript:

1 Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston

2 The Problem MINREQ Best Practice CA policy CA practice statement CA PRACTICE Check consistency

3 New Policies Usually written by novice CA mgr –Using bits from other CP/CPSes Accentuate the positive –All the good bits get copied around Eliminate the negative –All the bad bits get copied around

4 Problem Policies become inconsistent Dont satisfy minimal requirements Need many iterations with reviewer –Bad for CA manager –Bad for reviewer

5 Common Examples RA checking CRL –4.5.2 MUST at time of reliance –4.9.6 MUST at time of reliance –9.6.4: according to their satisfaction Email both confidential and not Flood protection at 1.2 metres on 1 st floor

6 Is it a big problem? We already cover half the world But there is another half

7 Proposed Solution? Working group on Template Profile –Jens, David G, Milan, Anders, Vinod, David O'C, Mike, Sergey, Hardi Get the best bits from policies Living document – but needs an editor Reviewers best to write/contrib Become an IGTF document

8 Status …er, not really started yet Amsterdam meeting Jan 2008

9 Piecing it together Easier to set up new CP/CPS –Too easy? Easier to get it right sooner –Often many, many, iterations are reqd –Greatly delays Accreditation

10 Operational Reviews TAGPMA are leading in this area –Template for operational review –But a reviewer still needs to read the CP/CPS!! –Quicker if many bits known to be good APGridPMA auditing for accreditation –Yoshios auditing procedure

11 Operational Reviews Highlight: –Which bits are canonical –Which bits are based on guides –Which bits are changed since previous version

12 Piecing it together Delaying Accreditation is bad –Reviewers are already overloaded –(Not necessarily with reviews but with real life jobs) –Time consuming for new CAs Get new CAs in early (PMAs) –Not after the policy is written

13 Pieceing it together Not aiming for machine parseable Or should we? –(Chadwick, Coghlan/OCallaghan) TAGPMA guide to writing CP/CPS

14 RFC 3647

15 What about existing CAs Leave alone, for now Some not satisfying minreqs Minreqs change, too –Mythical six months to update

16 Back on track…? Urgent changes - Aggressive option –Do it in six months or else Medium urgency –Address with next CP/CPS change –At least before next PMA presentation Lower urgency –Discuss at next presentation

17 Summary Template profile –Approved text for sections where it makes sense –Approved guidelines (cf TAGPMA) for other sections –Open bits –Get new CAs in early

Download ppt "Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston."

Similar presentations

National Institute of Advanced Industrial Science and Technology Asia Pacific Grid PMA Yoshio Tanaka APGrid PMA, Chair Grid Technology Research Center,

National Institute of Advanced Industrial Science and Technology Asia Pacific Grid PMA Yoshio Tanaka APGrid PMA, Chair Grid Technology Research Center,
Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May 9 2007 CAOPS-WG session #2.

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
MPI Forum Suggestions for Additions to the Voting rules March 2015.

MPI Forum Suggestions for Additions to the Voting rules March 2015.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
IGTF and SHA-2 David Kelsey TAGPMA meeting, SDSC Feb 2012.

IGTF and SHA-2 David Kelsey TAGPMA meeting, SDSC Feb 2012.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
CVE-2008-0166, lessons learned and actions David Groep, Nov 7 nd, 2008.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
HOW TO CREATE AND SUBMIT AN IRB AMENDMENT 1 Institutional Review Board Health Sciences & Behavioral Sciences 2009-2010 Nancy Adair Birk, Ph.D. IRB Education.

HOW TO CREATE AND SUBMIT AN IRB AMENDMENT 1 Institutional Review Board Health Sciences & Behavioral Sciences Nancy Adair Birk, Ph.D. IRB Education.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.

On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
The CA Distribution Process David Groep, July 2007.

The CA Distribution Process David Groep, July 2007.

Similar presentations

Ads by Google