Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Slides:

Advertisements

Similar presentations

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.

Advertisements

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

Academia Sinica Grid Computing Certification Authority (ASGCCA)

KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

European Grid Policy Management Authority. Event - 2/total Speaker Name – Coverage of the EUGridPMA Green: Countries with an accredited.

National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, th APGridPMA in Taipei.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Secure hardware tokens David Groep DutchGrid CA. DutchGrid CA requirements Need for automated clients –from the bioinformatics domain (NBIC BioRange/BioAssist)

KEK GRID CA updates Takashi Sasaki Computing Research Center KEK.

Secure hardware tokens David Groep DutchGrid CA. DutchGrid CA requirements Need for automated clients –from the bioinformatics domain (NBIC BioRange/BioAssist)

2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

KEK GRID CA Takashi Sasaki Computing Research Center KEK.

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.

Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.

TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM

HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.

FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,

BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.

QuoVadis accreditation with EuGridPMA Alessandro Usai

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

GRID-FR French CA Alice de Bignicourt.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;

IGTF Risk Assessment Team 5/11/091.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

IHEP Grid CA Status Report F2F Meeting 17 Mar Computing Centre, IHEP,CAS,China.

IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani

PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.

IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.

AEGIS Certification Authority

UGRID CA Sergii Stirenko, Oleg Alienin

MaGrid CA Self audit and update

Emir Imamagić University Computing Centre (Srce)

Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau

MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019

HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau

KISTI CA Report Status & Self-Audit

BG.ACAD CA Self-audit report 2018

Presentation transcript:

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS

Sam Morrison APAC CA – APGridPMA - ISGC2010 Info APAC Certification Authority – Classic CA Profile – Accredited Feb 2006 – Lifetime 10 years – Expires 2016 – Now run by ARCS, CA Location - Melbourne AUS Software – OpenCA (old version)

Sam Morrison APAC CA – APGridPMA - ISGC2010 Status People – 3 CA Staff (Sam, Andy, Russell) – 47 RA Operators Issued (to date) – 942 User – 1294 Host

Sam Morrison APAC CA – APGridPMA - ISGC2010 Current Valid Certificates User : 179 Web Server : 329 RA Operators: 37 Total 544 (2 CA Operators)

Sam Morrison APAC CA – APGridPMA - ISGC2010 Issuing Trend

Sam Morrison APAC CA – APGridPMA - ISGC2010 Self Audit Using guidelines for Auditing Grid CAs version 1.0

Sam Morrison APAC CA – APGridPMA - ISGC B The profile of the end entity certificates must also comply with the current IGTF and OGF certificate profile guidelines before being included in any distribution of certificates. – CPS wasn't changed to show changes to End Entity certs in relation to extra OIDs – Certificates were changed just not reflected in CPS

Sam Morrison APAC CA – APGridPMA - ISGC2010 B - 56 A list of CA and RA personal should be maintained and verified at least once per year. CA Staff have changed – Manager changed from David Bannon to myself. (section 1.3) RA Operator list needs to be verified more frequently

Sam Morrison APAC CA – APGridPMA - ISGC C The message digests of the certificates and CRLs must be generated by a trustworthy mechanism, like SHA1 (in particular, MD5 must not be used). – Still using MD5 (1 of a couple Cas still out there) – Still working on modifying software to deal with this.

Sam Morrison APAC CA – APGridPMA - ISGC D The pass phrase of the encrypted private key must also be kept on off-line media, separated from the encrypted private keys and guarded in a secure location where only the authorised personnel of the CA have access. Alternatively, another documented procedure that is equally secure may be used. – Wasn't the case. (Was destroyed when we replaced safes) – Is now back in place

Sam Morrison APAC CA – APGridPMA - ISGC2010 X - 8 The CP/CPS documents should be structured as defined in RFC – Still use 2527 – No plan to change

Sam Morrison APAC CA – APGridPMA - ISGC2010 X - 49 Certificates associated with a private key residing solely on hardware token may be renewed for a validity period of up to 5 years (for equivalent RSA key lengths of 2048 bits) or 3 years (for equivalent RSA key lengths of 1024 bits). – Don't provide specific support for hardware tokens

Sam Morrison APAC CA – APGridPMA - ISGC2010 Self Audit Summary 71 As 2 Bs 1 C 1 D 2 Xs

Sam Morrison APAC CA – APGridPMA - ISGC2010 Updated CPS - V – Change APAC to ARCS 1.3 – Change manager to Sam Morrison, Change APAC to ARCS 1.4 – Change contact – Add New OIDs to certificate extentions