F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

Slides:



Advertisements
Similar presentations
Introduction of Grid Security
Advertisements

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Deploying and Managing Active Directory Certificate Services
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Report on Attribute Certificates By Ganesh Godavari.
Lecture 23 Internet Authentication Applications
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
CNI Fall 1998 Access Management Requirements and Approaches Joan Gargano California Digital Library
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Security+ Guide to Network Security Fundamentals, Fourth Edition
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.
Configuring Directory Certificate Services Lesson 13.
High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.
Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.
PKI Activities at Virginia September 2000 Jim Jokl
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Public Key Infrastructure. A PKI: 1. binds public keys to entities 2. enables other entities to verify public key bindings 3. provides services for management.
TAG Presentation 18th May 2004 Paul Butler
An authorization service for Virtual Organizations (VO)
TAG Presentation 18th May 2004 Paul Butler
The French federation Eurocamp 2007 Helsinki
جايگاه گواهی ديجيتالی در ايران
Install AD Certificate Services
Presentation transcript:

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education

F. Guilleux, O. Salaün - CRU Institutional view CNRS INRIA CEA … Research institutions Universities (83) Engineer schools (80) Ministry in charge of Research and HE

F. Guilleux, O. Salaün - CRU What is the CRU CRU stands for « Comité Réseau des Universités » (network committee for French universities) We do NOT operate a national academic network (=> Renater) The CRU is responsible for coordinating actions among universities and between universities and the ministry

F. Guilleux, O. Salaün - CRU Middleware activities Authentication & Authorization Infrastructure Directories Sympa PKI

F. Guilleux, O. Salaün - CRU AAI French ministry urges universities to set up digital working environments (Virtual campuses): –National working group dealing with A&A has published “recommendations” in 2003 –Most universities chose Uportal and CAS mainly for its proxy capabilities The CRU will shortly start an AAI based on Shibboleth

F. Guilleux, O. Salaün - CRU Directories Higher Education working group defining a common LDAP schema and naming Inheritance from EduPerson No course data definition yet Connectors to allow the provisioning are being developed

F. Guilleux, O. Salaün - CRU AuthN AuthZ List members List definition List owners LDAP SQL Lists LDAP SQL Lists XML LDAP Shibboleth LDAP X509 CAS Shibb Sympa services SOAP RSS Sympa middleware connections

F. Guilleux, O. Salaün - CRU PKI / general overview Started in 2000 Technically and administratively operated by the CRU Delivers X.509 certificates for: –People (web authentication and electronic signature in a few cases) –Servers (HTTPS, IMAPS, LDAPS…)

F. Guilleux, O. Salaün - CRU Hierarchy Root CA user CA enhanced user CA server CA Private key stored on PKCS#11 device

F. Guilleux, O. Salaün - CRU PKI / Logical structure CA National RA Local RA Local RA Local RA CRU volunteer universities user certificate for any employee user certificate for any employee user certificate for any employee server certificate user certificate for : security officers local software providers RA operators

F. Guilleux, O. Salaün - CRU PKI / Figures 500 valid user certificates for: –Security officers –Local software providers –RA operators Currently only 30 valid user certificates delivered by 10 local RAs (since this summer) 500 valid server certificates for 90 different universities

F. Guilleux, O. Salaün - CRU PKI / what we have learnt… User and server certificates use the same technology but constraints are actually different Server certificates: –More and more used by French universities –Main problem: the “popup problem” –Easy to deliver: Requested by official security officers Server identity checked against a HiEd list of hostname administred by universities

F. Guilleux, O. Salaün - CRU PKI / what we have learnt… User certificates: –Costly registration and revocation processes –Lot of support because of: Poor and various certificate implementations in web browsers Average users don’t understand PKI concepts (CAs, CRL, cert vs private key, …) –Need of PKCS#11 devices for mobility secure storage of private keys –Too much legal constraints to allow a safe use of electronic signature

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.