Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.

Slides:

Advertisements

Similar presentations

UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and.

Advertisements

Introduction of Grid Security

© S.J. Coles 2006 Usability WS, NeSC Jan 06 Experiences in deploying a useable Grid-enabled service for the National Crystallography Service Simon J. Coles.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.

Public Key Infrastructure Ben Sangster February 23, 2006.

PKI Administration Using EJBCA and OpenCA

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

2015/6/21 UPKI project update Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.

Grid security in NAREGI project NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e- Science.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo

Grid security in NAREGI project July 19, 2006 National Institute of Informatics, Japan Shinichi Mineo APAN Grid-Middleware Workshop 2006.

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

Module 9: Fundamentals of Securing Network Communication.

Using NMI Components in MGRID: A Campus Grid Infrastructure Andy Adamson Center for Information Technology Integration University of Michigan, USA.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

User Certificate Application: ASGCCA. Agenda Introduction ASGCCA User Responsibilities Certificate application form RA verify identity of users User generate.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

09/02 ID099-1 September 9, 2002Grid Technology Panel Patrick Dreher Technical Panel Discussion: Progress in Developing a Web Services Data Analysis Grid.

Academia Sinica Grid Computing Certification Authority (ASGCCA)

National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Presented by Scientific Annotation Middleware Software infrastructure to support rich scientific records and the processes that produce them Jens Schwidder.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

1 UPKI-Federation based on Shibboleth National Institute of Informatics Motonori Nakamura Toshiyuki Kataoka, Kyoto University Yasuo Okabe.

Presented by Jens Schwidder Tara D. Gibson James D. Myers Computing & Computational Sciences Directorate Oak Ridge National Laboratory Scientific Annotation.

National Institute of Advanced Industrial Science and Technology APGrid PMA: Stauts Yoshio Tanaka Grid Technology Research Center,

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Welcome to the Grid Middleware Workshop ☆ Joint workshop of Grid WG and Middleware WG Middleware Working Group at a glance 20 th APAN (Taipei, Aug. 2005)

KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.

UPKI Activities - July NII & UPKI Initiative Hideaki Sone, Tohoku University.

National Institute of Advanced Industrial Science and Technology GGF12 Workshop on Operational Security for the Grid Cross-site authentication and access.

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers

APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

The Roadmap of NAREGI Security Services Masataka Kanamori NAREGI WP

PARALLEL AND DISTRIBUTED PROGRAMMING MODELS U. Jhashuva 1 Asst. Prof Dept. of CSE om.

APGridPMA Update Eric Yen APGridPMA August, 2014.

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Guidelines for auditing Grid CAs

NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit

Presentation transcript:

Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore

2 OUTLINE NAREGI & UPKI projects NAREGI Certification Service NAREGI-CA for Grid middleware Enhancement in UPKI Future Plan

NAREGI & UPKI projects

4 ● Publication of scientific results from academia Human Resource Development and strong organization NAREGI Middleware Virtual Organization For science CyberScience Infrastructure for Advanced Science (by NII) CyberScience Infrastructure for Advanced Science (by NII) To Innovate Academia and Industry UPKI ★ ★ ★ ★ ★ ★ ★ ☆ Super-sinet: a next generation network infrastructure supported by NII and 7 National Computer Centers Cyber Science Infrastructure 北海道大学東北大学東京大学ＮＩＩＮＩＩ名古屋大学京都大学大阪大学九州大学（東京工業大学、早稲田大学、高エネルギー加速器研究機構等） Scientific Repository Industry Liaison and Social Benefit Global Contribution

NAREGI-CA Certification Service

6 NAREGI Certification Service CA Software (NAREGI-CA) Policy Management Management(NAREGI-PMA) Operation (NAREGI CA) - CP/CPS -Satisfy APGrid minimum requirement minimum requirement - CA/RA - UI (Character, Web) - Operation of CA - Authorized by the APGrid PMA Production Level CA PMA Production Level CA

NAREGI-CA for Grid middleware

8 Free Software under the NAREGI intellectual property management rules (Apache ver2.0)Free Software under the NAREGI intellectual property management rules (Apache ver2.0) Current versionCurrent version –Ver2.0 released in May included in NAREGI Grid Middleware Beta Distribution recordsDistribution records –129 downloads ( 31 of Ver2.0) Research collaborationResearch collaboration –Audit of CA :AIST, Japan –PMA for international cooperation : APGRID User SitesUser Sites –NAREGI, AIST, Several Universities Distribution & User Sites

9 License ID management – –Transfer authentication responsibility to Local RA Grid operation extensions – –Assistance of Grid-mapfile creation Dual interfaces for certificate request – –Web & command line enrollment CA/RA architecture – –Independent Registration Authority (RA) Server – –Practical CP/CPS Template NAREGI-CA Software Features

10 NAREGI-CA Architecture RA (Registration Authority) CA (Certificate Authority) Local RA (Site Administrator) End User &Host Administrator Site Administrator ① Get License ID ② Authorize to pass License ID ④ Pass License ID & Public Key ⑦ Get Certificate ⑤ Send CSR ⑥ Issue Certificate ③ Generate a Key Pair ⑧ Get Grid Map file

Enhancement in UPKI

12 UPKI Three Layer Architecture

-Each university will start to install NAREGI-CA and operate CA to be a grid site. -Those grid sites will be operated in the PKI layer of UPKI three layer architecture. -Reduced burden of CA operation is necessary for actual operation in universities. -Efficient operation by interconnecting PKI layers is needed. Objective

Enhancement in UPKI Enhancement for actual operation of CA/RA at universities; 1.To split and delegate RA. 2.To provide staffs/students means to apply by themselves. 3.To issue grid certificate by identification of campus certificate.

1.To split and delegate RA. -Created RA/LRA operator authorities split from RA administrator authorities. -Secure delegation by using IC card. -Delegation to hierarchized institutions in universities for actual operation. 2.To provide staffs/students means to apply by themselves. -Easy application of registration, issuance, and revocation from the web. -Secure application by using challenge PIN. -Reduced burden of RA operation. Enhancement in UPKI

16 CA Administrator CARA RA Administrator IC Card Enhanced Procedure To Issue Certificate CA Administrator RA Administrator RA Operator User License ID Issue Certificate RACA Apply Identify Approve Issue Certificate Application Server (web) Management Server (web) Delegate Challenge PIN License ID Local RA User Identify Apply License ID

3.To issue grid certificate by identification of campus certificate. -Cooperation of Grid CA and Campus CA. -Reduced burden of RA operation. -Any certificate can be issued for other AP. Enhancement in UPKI

18 CampusCA Issue Certificate Campus PKI Grid PKI NAREGI CA Super Computer Grid System Super Computer Issue Certificate Request Certificate (Use IC Card as credential) LDAP NAREGI RA IC Card Certificate for Grid System Access User Campus-Grid PKI Federation

Future Plan

-Release schedule -Enhanced features will be released in Autumn this year. -Usability improvement -Create and distribute Start-Up Package for Campus CA/RA including CP/CPS templates for certain application, such as wireless LAN authentication and authorization. 5. Future Plan