TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir Imamagic, Dobrisa Dobrenic, Miroslav Milinovic SRCE Miroslav Popovic FER Terena Networking Conference 2008
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Overview Motivation Short Lived Certificate Service OpenCA SLCS architecture OpenCA extensions RA application CRO NGI Future work Conclusions
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Motivation X509 certificates issues for end-users identity validation process heavy maintenance users mobility Many organizations and countries have established their own AAI
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Short-term certificate based on existing Identity Management System automatic identity validation lifetime – 1 million seconds (approx. 11 days) International Grid Trust Federation (IGTF) profile Bridge between AAIs and X509 certificates
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Croatian national academic AAI federation Distributed LDAP directories Several authentication mechanisms LDAP RADIUS web service (HTTPS/SOAP) Federation Web Service (FWS) web service interface
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI OpenCA Certificate Authority (CA) framework Open source Features web interface database backend Hardware Security Module (HSM) support
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI SLCS Architecture Register Get certificate AuthN & Get attributes AuthZ Issue certificate
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI OpenCA Extensions Public component extensions FWS-based authentication certificate request generation (FWS & RA Application) interaction with CA component extension CA component extension automatic certificate issuing SSL-based communication with Public
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI RA Application Registration Authority (RA) performs users authorization Web interface user request submission RA management interfaces Web service interface integration with public component
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI CRO NGI Croatian National Grid Infrastructure coordinated by SRCE permanent part in state budget Available for research and academia Grid middleware Globus Toolkit 2 & 4 based on X509 certificates Use case for SLCS
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Future Work IGTF accreditation Short Lived Credential Services Authentication profile Command line interface enable retrieval from grid UIs MICS implementation long-lived certificates relevant for long running applications
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Conclusions X509 certificates heavyweight for average users Organizational & national AAIs handle large number of users users are familiar with them SLCS important for wide adoption of X509-based infrastructures
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Thank You! Questions?