Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grids & PKI: TAGPMA & Bridges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL.

Published byCaroline Brittany Palmer Modified over 6 years ago

Similar presentations

Presentation on theme: "Grids & PKI: TAGPMA & Bridges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL."— Presentation transcript:

1 Grids & PKI: TAGPMA & Bridges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec PKI Implementers Workshop - Chicago, IL

2 International Grid Trust Federation
IGTF Purpose: Manage authentication services for global computational grids via policy and procedures IGTF goal: harmonize and synchronize member PMAs policies to establish and maintain global trust relationships IGTF members: 3 regional Policy Management Authorities EUgridPMA APgridPMA TAGPMA

3 IGTF

4 IGTF general Architecture
The member PMAs are responsible for accrediting authorities that issue identity assertions. The IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class of identity assertions and assertion providers. The management and continued evolution of an AP is assigned by the IGTF to a specific member PMA. Proposed changes to an AP will be circulated by the chair of the PMA managing the AP to all chairs of the IGTF member PMAs. Each of the PMAs will accredit credential-issuing authorities and document the accreditation policy and procedures. Any changes to the policy and practices of a credential-issuing authority after accreditation will void the accreditation unless the changes have been approved by the accrediting PMA prior to their taking effect.

5 EUGridPMA members and applicants
Green: EMEA countries with an Accredited Authority 23 of 25 EU member states (all except LU, MT) + AM, CH, HR, IL, IS, NO, PK, RU, TR Other Accredited Authorities: DoEGrids (.us), GridCanada (.ca), CERN, SEE catch-all

6 EUgridPMA Membership Under “Classic X.509 secured infrastructure” authorities accredited: 38 (recent additions: CERN-IT/IS, SRCE) active applicants: 4 (Serbia, Bulgaria, Romania, Morocco) Under “SLCS” accredited: 0 active applicants: 1 (SWITCH-aai) Under MICS draft none yet of course, but actually CERN-IS would be a good match for MICS as well Major relying parties EGEE, DEISA, SEE-GRID, LCG, TERENA

7 Map of the APGrid PMA General Membership U. Hong Kong (China)
U. Hyderabad (India) Osaka U. (Japan) USM (Malaysia) Ex-officio Membership APAC (Australia) CNIC/SDG, IHEP (China) AIST, KEK, NAREGI (Japan) KISTI (Korea) NGO (Singapore) ASGCC, NCHC (Taiwan) NECTEC, ThaiGrid (Thailand) PRAGMA/UCSD (USA)

8 APgridPMA Membership 9 Accredited CAs In operation
AIST (Japan) APAC (Australia) ASGCC (Taiwan) CNIC (China) IHEP (China) KEK (Japan) NAREGI (Japan) Will be in operation NCHC (Taiwan) NECTEC (Thailand) 1 CA under review NGO (Singapore) Will be re-accredited KISTI (Korea) Planning PRAGMA (USA) ThaiGrid (Thailand) General membership Osaka U. (Japan) U. Hong Kong (China) U. Hyderabad (India) USM (Malaysia)

9 TAGPMA

10 TAGPMA Membership Accredited Relying Parties In Review Argentina UNLP
Brazilian Grid CA CANARIE (Canada)* DOEGrids* EELA LA Catch all Grid CA ESnet/DOE Office Science* REUNA Chilean CA TACC – Root In Review FNAL Mexico UNAM NCSA – Classic/SLCS Purdue University TACC – Classic/SLCS Venezuela Virginia USHER Relying Parties Dartmouth/HEBCA EELA OSG SDSC SLAC TeraGrid TheGrid LCG *Accredited by EUgridPMA

11 Recent Mapping Exercises
Federal Bridge CA (FBCA) General Profile against IGTF Classic Profile Federal Citizen & Commerce Certificate CA (C-4) against IGTF Classic Profile IGTF Classic Profile against C-4

12 Mapping Designations Seven (7) designations used to characterize the equivalency Exceeds - The ENTITY CP policy provides a higher level of assurance/security than the Federal CP requirement Equivalent - The ENTITY CP policy provides exactly the same assurance/security as the Federal CP requirement. Comparable - The ENTITY CP contains dissimilar policy contents, but provides a comparable level of assurance to meet the security to the Federal CP requirement. Partial - The ENTITY CP contains policy that is comparable, but it does not address the entire Federal CP requirement. Not Comparable - The ENTITY CP contains dissimilar policy contents, which provides a lower level of assurance/security than the Federal CP requirement. Missing - The ENTITY CP does not contain policy contents that can be compared to the Federal CP requirement in any way. N/A – Not Applicable to ENTITY CP or required for FBCA cross certification.

13 Mapping Results C-4 against IGTF Classic Profile
30 policy points evaluated 14 Comparable designations 12 Partial designations 3 Not Comparable designations 1 Not Applicable designation

14 Mapping Results FBCA General against IGTF Classic Profile
Basic LOA used for Comparisons 136 policy points evaluated 22 Comparable designations 33 Partial designations 12 Not Comparable designations 65 Missing designations 3 Not Applicable designations

15 Mapping Results IGTF Classic Profile against C-4
30 policy points evaluated 19 Comparable designations 1 Partial designation 10 Exceeds designations

16 Proposed Inter-federations CA-2 CA-1 HE BR AusCert CAUDIT PKI CA-n NIH
HE JP FBCA Cross-cert Cross-certs C-4 DST ACES Texas Dartmouth HEBCA Cross-certs IGTF Wisconsin UVA Univ-N USHER CertiPath SAFE CA-4 Other Bridges CA-1 CA-2 CA-3

17 FPKI High HEBCA/USHER Medium Hardware CBP High Medium Software CBP Medium Basic Basic Rudimentary Rudimentary IGTF C-4 Classic Ca SAML Foundation MICS SLCS Username/Password Username/Password

18 For More Information IGTF Website: http://www.gridpma.org/
TAGPMA Website: Scott Rea -

Download ppt "Grids & PKI: TAGPMA & Bridges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL."

Similar presentations

National Institute of Advanced Industrial Science and Technology Asia Pacific Grid PMA Yoshio Tanaka APGrid PMA, Chair Grid Technology Research Center,

National Institute of Advanced Industrial Science and Technology Asia Pacific Grid PMA Yoshio Tanaka APGrid PMA, Chair Grid Technology Research Center,
2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09:00 - 17:20 # Participants: 26.

2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09: :20 # Participants: 26.
Cindy Zheng, SC2006, 11/12/2006 Cindy Zheng PRAGMA Grid Testbed Coordinator P acific R im A pplication and G rid M iddleware A ssembly San Diego Supercomputer.

Cindy Zheng, SC2006, 11/12/2006 Cindy Zheng PRAGMA Grid Testbed Coordinator P acific R im A pplication and G rid M iddleware A ssembly San Diego Supercomputer.
Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.

Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May 9 2007 CAOPS-WG session #2.

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
TAGPMA Update OGF28, 15 March 2010 David Kelsey Slides from Roger Impey With some recent updates from Scott Rea.

TAGPMA Update OGF28, 15 March 2010 David Kelsey Slides from Roger Impey With some recent updates from Scott Rea.
10 th EUGridPMA Meeting graciously hosted by ULAKBIM Istanbul, TR.

10 th EUGridPMA Meeting graciously hosted by ULAKBIM Istanbul, TR.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Grid Computing in Higher Education (Scott Rea) EDUCAUSE PKI Deployment Forum Madison, WI - April 15, 2008.

Grid Computing in Higher Education (Scott Rea) EDUCAUSE PKI Deployment Forum Madison, WI - April 15, 2008.
Higher Education Bridge CA (HEBCA) – What’s Relevant, What’s Next? (Scott Rea) Fed/Ed December 2006.

Higher Education Bridge CA (HEBCA) – What’s Relevant, What’s Next? (Scott Rea) Fed/Ed December 2006.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp://www.apgridpma.org/meetings/index.html Call for note takers!

4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
Higher Education PKIs (Scott Rea) Boulder CO November 15, 2007.

Higher Education PKIs (Scott Rea) Boulder CO November 15, 2007.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.
2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 Wireless LAN SSID: PRAGMA11 Wep key: PRAGMA11JAPAN.

2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 Wireless LAN SSID: PRAGMA11 Wep key: PRAGMA11JAPAN.
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Policy Issues for Identity Management (and other attributes) EGI Technical.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.

Similar presentations

Ads by Google