Presentation is loading. Please wait.

Presentation is loading. Please wait.

Updates from the EUGridPMA David Groep, July 16 st, 2007.

Similar presentations


Presentation on theme: "Updates from the EUGridPMA David Groep, July 16 st, 2007."— Presentation transcript:

1 Updates from the EUGridPMA David Groep, July 16 st, 2007

2 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 2 David Groep – davidg@eugridpma.org Outline  EUGridPMA: new CAs and profiles  Istanbul discussions  Re-reviewing process

3 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 3 David Groep – davidg@eugridpma.org Green: EMEA countries with an Accredited Authority  24 of 27 EU member states (all except LU, MT, RO)  + AM, CH, HR, IL, IS, NO, PK, RS, RU, TR Other Accredited Authorities:  DoEGrids (.us), GridCanada (.ca), CERN, SEE catch-all EUGridPMA members and applicants

4 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 4 David Groep – davidg@eugridpma.org Membership by type  Under “Classic X.509 secured infrastructure” authorities  accredited: 40 (recent additions: Serbia in 1.14)  active applicants: 6 (Romania, Morocco, Ukraine, FYROM, Iran, Latvia)  Under “SLCS”  accredited: 1 (SWITCHaai)  Major relying parties  EGEE, DEISA, SEE-GRID, LCG, OSG, TERENA

5 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 5 David Groep – davidg@eugridpma.org Developments in Europe  Robots or automated clients  have been proposed in 2002 by Mike Helm et al.  Introduced in the UK in 2006, in NL in 2007  see http://ca.dutchgrid.nl/info/etokens for examples for tokens  Why?  monitoring use case (classic one) for functional tests  portals and web sites with ‘canned’ jobs, just like the cgi-bin use case  automated tasks (data movers, &c)  use of automated clients needs quite some policy changes, but having secure hardware tokens is a good ingredient

6 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 6 David Groep – davidg@eugridpma.org Other (non-) contentious issues discussed in TR  CRLs for compromised CAs  non-repudiation bit in keyUsage  and how that relates to email signing  the Meaning of Locality  and why to use O if you can  objectSigning bits  should we also address who is allowed to get this bit?  should the organisation be involved (Milan)?  or does it only asserts that the code was signed by this user, as is done in the UK, NL, AT and so better keep as is?  auditable traceability in ID vetting and alternative solutions  the meaning of SHOULD

7 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 7 David Groep – davidg@eugridpma.org Self-Auditing  all members should do a self-audit at least once a year, based on the audit guidelines document, which reflects the latest state of the minimum requirements.  To aid in the self-review, the document will be complemented with some examples, and with input from the "Operational Review" spreadsheet that has been very successful in teh TAGPMA. We can work on this during the coming months.  at least once every two years, the results of the self-audit, together with all supporting documentation, should be submitted to two independent peer reviewers endorsed by the PMA  the reviewers should independently verify the self-audit, and rate the issues on the scale A to D, and iterate with the authority under review to reach a final conclusion.  This conclusion is open for the PMA.  the Authority should make a plan to address the issues found in the review, and correct all issues on which Advice ("D") was given.  the reviewers and the PMA verify that these changes are implemented in a 6- month time frame  if, after six (6) month, for some very unlikely reason, the issues are still not corrected, the PMA will discuss the issue in the next plenary meeting. This discussion will include considering withdrawing the CA certificate from the distribution.  The results of this entire process will be private to the PMA. Only in case that an authority is actually withdrawn would it be made public.

8 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 8 David Groep – davidg@eugridpma.org Showing up  Also, please keep in mind that still we would like each CA to send representative to the plenary meeting at least once every 1-2 years. Otherwise, after two years, the PMA will similarly discuss this. And, of course, everyone should be willing to act as a reviewer at least once a year :-)

9 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 9 David Groep – davidg@eugridpma.org Internal status table

10 Some dates for you to remember and schedule  September 4-5, 2007 TF-EMC2 meeting, Prague, CZ  September 19-21, 2007 11 th EUGridPMA meeting, Thessaloniki, GR  October 15-19 – OGF 21 CAOPS, IGTF, …, Seattle (WA), USA  November 29-30 NREN-Grid Workshop on Identity Federation, Malaga, ES  January 14-16, 2007 12 th EUGridPMA meeting, Amsterdam, NL


Download ppt "Updates from the EUGridPMA David Groep, July 16 st, 2007."

Similar presentations


Ads by Google