Presentation is loading. Please wait.

Presentation is loading. Please wait.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

Published byFlora Townsend Modified over 7 years ago

Similar presentations

Presentation on theme: "29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre."— Presentation transcript:

1 29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre

2 Overview Approved June 2007 Issues certificates to Serbian GRID community https://aegis-ca.rcub.bg.ac.rs CP/CPS and root cert updated January 2009 to reflect TLD change to version 1.2 Current CP/CPS version: 1.3 (updated after last self audit) 29 th EUGridPMA meeting, September 2013, Bucharest

3 CA operation CA operated by the staff of 1 Current RA’s Online web interface operated on main web server Offline certs signing SimplePKI software Security 29 th EUGridPMA meeting, September 2013, Bucharest

4 Self Audit AEGIS CA Dublin self audit C – 2 B – 3 X – 1 18 th EUGridPMA meeting, Jan 2010, Dublin

5 Self Audit – CP/CPS 4. - B Whenever there is a change in the CP/CPS the O.I.D. of the document must change and the major changes must be announced to the responsible PMA and approved before signing any certificates under the new CP/CPS. Practice: Every change is announced to the PMA, but this procedure is not documented in CP/CPS Resolution: CP/CPS now states that every change must be approved by the EUGridPMA. 18 th EUGridPMA meeting, Jan 2010, Dublin

6 Self Audit – EE certificates/keys 40. - B Each host certificate must be linked to a single network entity. Practice: CP/CPS does not describe how each host certificate is linked to a single entity. Resolution: CP/CPS now requires that each host certificate is linked to a single network entity. 18 th EUGridPMA meeting, Jan 2010, Dublin

7 Self Audit – EE certificates/keys 41. / 49. - X The authority shall issue X.509 certificates to end entities based on cryptographic data generated by the applicant, or based on cryptographic data that is be held only by the applicant on a secure hardware token. Practice: We do not have support for hardware tokens Resolution: No action as we don’t use hardware tokens. 18 th EUGridPMA meeting, Jan 2010, Dublin

8 Self Audit – Audits 53. - B Every CA must perform operational audits of the CA/RA staff at least once per year. Practice: We do not have an auditing manual and do not audit RA’s. Resolution: Added the statement that RA’s once per year to the CP/CPS. Short outlines of the audit procedures will also be added. 18 th EUGridPMA meeting, Jan 2010, Dublin

9 Self Audit – Privacy 61. - C Accredited CAs must define a privacy and data release policy compliant with the relevant national legislation. The CA is responsible for recording, at the time of validation, sufficient information regarding the subscribers to identify the subscriber. The CA is not required to release such information unless provided by a valid legal request according to national laws applicable to that CA. 18 th EUGridPMA meeting, Jan 2010, Dublin

10 Self Audit – Privacy Practice: CP/CPS does not define data release policy because there was no law defining this at the time of writing the original CP\CPS. Resolution: Added the statement that AEGIS CA will release private information on judicial order. 18 th EUGridPMA meeting, Jan 2010, Dublin

11 Self Audit – RA 8. - C The CP/CPS should describe how the RA or CA is informed of changes that may affect the status of the certificate. Practice: CP/CPS does not define this Resolution: The procedure is defined in CP/CPS. 18 th EUGridPMA meeting, Jan 2010, Dublin

12 Self Audit Guidelines for auditing Grid CA’s v1.0 from February 17 th 2009. C – 1 29 th EUGridPMA meeting, September 2013, Bucharest

13 37. (C) The end entity certificate extensions compliance with Grid Certificate Profile as defined by GFD.125. –The policyidentifier must include the OID or Authentication Profile uncer which the CA was accredited. Practice: Our EE certs don’t have Classic AP OID, only CP/CPS OID and distributuion points. Solution: Classic AP OID will be added to EE certs. 29 th EUGridPMA meeting, September 2013, Bucharest

14 Self Audit – Conclusion Implement changes to the CP/CPS –Changes from self audit –Changes suggested from reviewers –Revise and update the whole CP/CPS to the new classic AP 29 th EUGridPMA meeting, September 2013, Bucharest

15 Questions ? Suggestions… 29 th EUGridPMA meeting, September 2013, Bucharest

16 Thank you! 29 th EUGridPMA meeting, September 2013, Bucharest

Download ppt "29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre."

Similar presentations

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
PKI Activities at Virginia September 2000 Jim Jokl

PKI Activities at Virginia September 2000 Jim Jokl
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr. 2009 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.
Academia Sinica Grid Computing Certification Authority (ASGCCA)

Academia Sinica Grid Computing Certification Authority (ASGCCA)

Similar presentations

Ads by Google