29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

Slides:



Advertisements
Similar presentations
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Advertisements

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
PKI Activities at Virginia September 2000 Jim Jokl
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
Academia Sinica Grid Computing Certification Authority (ASGCCA)
KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.
National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.
KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
HPC Team 1 HKU CA Status Report 5th F2F meeting, Sep. 16, 2008 Frankie Cheung Computer Centre The University of Hong Kong.
MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
APGridPMA Update Eric Yen APGridPMA August, 2014.
Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.
FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,
BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.
QuoVadis accreditation with EuGridPMA Alessandro Usai
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
IHEP Grid CA Status Report F2F Meeting 17 Mar Computing Centre, IHEP,CAS,China.
TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI
H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, January, 2011 Ghassan SABA Houssam ABED
Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.
IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani
© 2007 Open Grid Forum Authentication Service Profile Christos Kanellopoulos 14 th EUGridPMA, Lisbon, PT October 7 th, 2008.
PRACE user authentication and vetting Vincent RIBAILLIER, 29 th EUGridPMA meeting, Bucharest, September 9 th, 2013.
Self-Audit & Status Report for KEK GRID CA Hiroyuki Matsunaga KEK (High Energy Accelerator Research Organization), Computing Research Center APGridPMA.
26-28 January 2009 – Nicosia, EUGridPMA CALG CP/CPS updates Dana Ludviga LatGrid CA, SigmaNet, IMCS UL.
PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
Jens Jensen EU Grid PMA, Berlin Jan 2015
AEGIS Certification Authority
Classic X.509 AP updates (v4.1)
UGRID CA Sergii Stirenko, Oleg Alienin
Guidelines for auditing Grid CAs
HellasGrid CA & euGridPMA
Organized by governmental sector (National Institute of information )
CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov
MaGrid CA Self audit and update
Emir Imamagić University Computing Centre (Srce)
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019
HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau
KISTI CA Report Status & Self-Audit
BG.ACAD CA Self-audit report 2018
Presentation transcript:

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre

Overview Approved June 2007 Issues certificates to Serbian GRID community CP/CPS and root cert updated January 2009 to reflect TLD change to version 1.2 Current CP/CPS version: 1.3 (updated after last self audit) 29 th EUGridPMA meeting, September 2013, Bucharest

CA operation CA operated by the staff of 1 Current RA’s Online web interface operated on main web server Offline certs signing SimplePKI software Security 29 th EUGridPMA meeting, September 2013, Bucharest

Self Audit AEGIS CA Dublin self audit C – 2 B – 3 X – 1 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit – CP/CPS 4. - B Whenever there is a change in the CP/CPS the O.I.D. of the document must change and the major changes must be announced to the responsible PMA and approved before signing any certificates under the new CP/CPS. Practice: Every change is announced to the PMA, but this procedure is not documented in CP/CPS Resolution: CP/CPS now states that every change must be approved by the EUGridPMA. 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit – EE certificates/keys B Each host certificate must be linked to a single network entity. Practice: CP/CPS does not describe how each host certificate is linked to a single entity. Resolution: CP/CPS now requires that each host certificate is linked to a single network entity. 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit – EE certificates/keys 41. / X The authority shall issue X.509 certificates to end entities based on cryptographic data generated by the applicant, or based on cryptographic data that is be held only by the applicant on a secure hardware token. Practice: We do not have support for hardware tokens Resolution: No action as we don’t use hardware tokens. 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit – Audits B Every CA must perform operational audits of the CA/RA staff at least once per year. Practice: We do not have an auditing manual and do not audit RA’s. Resolution: Added the statement that RA’s once per year to the CP/CPS. Short outlines of the audit procedures will also be added. 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit – Privacy C Accredited CAs must define a privacy and data release policy compliant with the relevant national legislation. The CA is responsible for recording, at the time of validation, sufficient information regarding the subscribers to identify the subscriber. The CA is not required to release such information unless provided by a valid legal request according to national laws applicable to that CA. 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit – Privacy Practice: CP/CPS does not define data release policy because there was no law defining this at the time of writing the original CP\CPS. Resolution: Added the statement that AEGIS CA will release private information on judicial order. 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit – RA 8. - C The CP/CPS should describe how the RA or CA is informed of changes that may affect the status of the certificate. Practice: CP/CPS does not define this Resolution: The procedure is defined in CP/CPS. 18 th EUGridPMA meeting, Jan 2010, Dublin

Self Audit Guidelines for auditing Grid CA’s v1.0 from February 17 th C – 1 29 th EUGridPMA meeting, September 2013, Bucharest

37. (C) The end entity certificate extensions compliance with Grid Certificate Profile as defined by GFD.125. –The policyidentifier must include the OID or Authentication Profile uncer which the CA was accredited. Practice: Our EE certs don’t have Classic AP OID, only CP/CPS OID and distributuion points. Solution: Classic AP OID will be added to EE certs. 29 th EUGridPMA meeting, September 2013, Bucharest

Self Audit – Conclusion Implement changes to the CP/CPS –Changes from self audit –Changes suggested from reviewers –Revise and update the whole CP/CPS to the new classic AP 29 th EUGridPMA meeting, September 2013, Bucharest

Questions ? Suggestions… 29 th EUGridPMA meeting, September 2013, Bucharest

Thank you! 29 th EUGridPMA meeting, September 2013, Bucharest

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.