Presentation is loading. Please wait.

Presentation is loading. Please wait.

Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.

Similar presentations

Presentation on theme: "Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston."— Presentation transcript:

1 Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston

2 The Problem MINREQ Best Practice CA policy CA practice statement CA PRACTICE Check consistency

3 New Policies Usually written by novice CA mgr –Using bits from other CP/CPSes Accentuate the positive –All the good bits get copied around Eliminate the negative –All the bad bits get copied around

4 Problem Policies become inconsistent Dont satisfy minimal requirements Need many iterations with reviewer –Bad for CA manager –Bad for reviewer

5 Common Examples RA checking CRL –4.5.2 MUST at time of reliance –4.9.6 MUST at time of reliance –9.6.4: according to their satisfaction Email both confidential and not Flood protection at 1.2 metres on 1 st floor

6 Is it a big problem? We already cover half the world But there is another half

7 Proposed Solution? Working group on Template Profile –Jens, David G, Milan, Anders, Vinod, David O'C, Mike, Sergey, Hardi Get the best bits from policies Living document – but needs an editor Reviewers best to write/contrib Become an IGTF document

8 Status …er, not really started yet Amsterdam meeting Jan 2008

9 Piecing it together Easier to set up new CP/CPS –Too easy? Easier to get it right sooner –Often many, many, iterations are reqd –Greatly delays Accreditation

10 Operational Reviews TAGPMA are leading in this area –Template for operational review –But a reviewer still needs to read the CP/CPS!! –Quicker if many bits known to be good APGridPMA auditing for accreditation –Yoshios auditing procedure

11 Operational Reviews Highlight: –Which bits are canonical –Which bits are based on guides –Which bits are changed since previous version

12 Piecing it together Delaying Accreditation is bad –Reviewers are already overloaded –(Not necessarily with reviews but with real life jobs) –Time consuming for new CAs Get new CAs in early (PMAs) –Not after the policy is written

13 Pieceing it together Not aiming for machine parseable Or should we? –(Chadwick, Coghlan/OCallaghan) TAGPMA guide to writing CP/CPS

14 RFC 3647

15 What about existing CAs Leave alone, for now Some not satisfying minreqs Minreqs change, too –Mythical six months to update

16 Back on track…? Urgent changes - Aggressive option –Do it in six months or else Medium urgency –Address with next CP/CPS change –At least before next PMA presentation Lower urgency –Discuss at next presentation

17 Summary Template profile –Approved text for sections where it makes sense –Approved guidelines (cf TAGPMA) for other sections –Open bits –Get new CAs in early

Download ppt "Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston."

Similar presentations

Ads by Google