UPKI Activities - July NII & UPKI Initiative Hideaki Sone, Tohoku University
UPKI Plan in FY2008 (April-March) UPKI WG in NII –in collaboration with universities and “ac.jp” institutes Public PKI Layer –Server Certificate Project –Client Certificate (Study) Campus PKI Layer –Federation between Campus PKIs –Promotion of Campus PKI –R&D of Applications for Campus PKI Grid PKI –Cooperation with GOC (Grid Op Ctr)
Univ DB Univ NII CiN ii E-Journals Univ DB NII IdP Hosting IdP Univ IdP Server Certificate Time Certificate WTCA Public PKI Layer Campus PKI Layer Grid PKI Layer Client Certificate (study) Univ DB Grid CA IdP federationIdP Federation Cert DB Federation with Univs Certificate Content certification AuthN by Univ DB Grid Certificate Use in applications Federation in LAN Access Foregn Universities Int’l Fed’n Domestic Grid sites Foreign e-Jounals Federation Foreign Grid Sites Grid Operation Job entry Collaborating Campus PKI in FY2008
Promotion of Campus PKI (AAI) Working groups (Chair: NII Open-House, events, Seminars, caravan, lectures Collaboration with academic/research meetings –TERENA (REFEDS, TNC, etc.) –SWITCH (Shibboleth Fests) –APAN Middleware WG (-2008)
Federation between Campus PKIs “UPKI-Fedration” Trial of Federating SSO over Shibboleth –Mixture of PKI + ID/PW auth. –IdP’s + SP’s in universities (+NII) –Automatic redirection –Mgmt policies for Japanese Univs –Start UPKI-Fed in 2009
Activities for “UPKI-Fedration” 2006 –Study of Shibboleth1.3, SAML –UPKI members visited SWITCH to learn SWITCH AAI. –NII invited Mr. Nate Klingenstein from Internet2 to support UPKI-Fed plan. –Development of Shib-PKI (DS Plug-in). –Development of Testbed including Shib-PKI Plug-in. –Overall Plan and Initial Policy Draft for UPKI-Fed
Server Certificate Project Trial (-- FY2009) –Practical study on various cases Fault certificate (cancel & re-issue) Procedure for renewal (after expiration) Virtual hosts, Mass (bulk) application (450) –Audit –Policies (CP, CPS, etc.) and models 62 institutes, 492 certificates –Feedback, Survey
Number of Server Certificates
R&D of Applications for Campus PKI Network Access Roaming –eduroam (Operation, Promotion, R&D) –Roaming with Commercial ISPs –Next Generation 1300 High-Edu’s in Japan, Access Ctrl, VPN, etc. UPKI Specifications (Std of Recmdn) –Sample CP/CPS guidelines Time Cert., SSO, roaming VPN over SINET3 S/MIME repository servers
UPKI Website –(Japanese literacy required)