Presentation is loading. Please wait.

Presentation is loading. Please wait.

HellasGrid CA & euGridPMA

Published byDominick Morgan Modified over 5 years ago

Similar presentations

Presentation on theme: "HellasGrid CA & euGridPMA"— Presentation transcript:

1 HellasGrid CA & euGridPMA
EGEE 3rd Parties Induction Course May 28, Demokritos, Athens Kanellopoulos Christos HellasGrid CA Manager

2 PKI and Grids The primary needs for a grid security infrastructure are: Secure communication (authenticated and perhaps confidential) between the grid elements. Support security across organizational boundaries Single Sign On, including delegation of credentials Central concept in the GSI authentication is the Certification Authority and the Certificate

3 Grid Certificate is encoded in the X.509 certificate format
Includes 4 primary pieces of information: A subject name The public key The identity of the CA The digital signature of the named CA Is nothing more than a “passport”. Important: The certificate is used only to authenticate (identify) entities on the Grid.

4 Grid CA The CA is a trusted 3rd party that is used to certify the link between the public key and the subject in the certificate. is usually a CA at national level Its purpose is to sign certificates for individual who are to access Grid resources, hosts or services In order for a Grid CA to be accepted with the current Globus based european infrastructure, it must be first accredited by the euGridPMA

5 CACG and euGridPMA CACG was established by the FP5 projects DataGrid & CrossGrid and included other project worldwide as a need to facilitate the deployment of international testbeds for Grid computing by having a commonly recognized way to assert identities. The group was chartered to: Coordinate the CA infrastructure for CrossGrid and DataGrid. Make recommendation to relying parties within the programs regarding the acceptance of the certificates issued by the participating CAs

6 euGridPMA 23 members from 22 different countries
evolution of CACG to a panEuropean body of Grid CA managers, endorsed by the eIRG (thanks much to the efforts of GRNET). 23 members from 22 different countries The PMA is responsible to: Define and issue minimum requirements and best practice documents; these minimum requirements may govern any aspect of the certificate issuance Maintain and revise these documents Accredit authorities in respect to the minimum requirements Be primarily concerned with Grid communities in Europe and their external partners Foster trust relations for authentication purposes within the context of interorganizational resource sharing.

7 HellasGrid CA (http://pki. physics. auth. gr/hellasgrid-ca - http://ca
Was created during the 1st quarter 2002 On May 2002 started the procedure of acceptance by the CACG Acceptance on October 2002 after a 5 month review. From the beginning the scope was to serve any grid projects within Greece in need for certificates Active participation in euGridPMA and GGF CA-Ops WG.

8 HellasGrid Certificates
Entities involved in the certificate life cycle: CA: Certification Authority. It’s purpose is to sign certificates, revoke certificates, renew certificates, issue crls, operate repository, operate ca web site, maintain and revise the HellasGrid CP/CPS RA: Authenticate user requests (certificate requests, revocation requests, renewal requests), communicate directly with the user, forward authenticated requests to the CA, keep a log of each action taken. End entities: certificate, renewal, revocation requests, accept and follow the CP/CPS guidelines

9 HellasGrid Certificate Issuance
Current situation: AUTH provides both CA and the RA for the whole Greece. (the users communicate directly with the CA CrossGrid DEMO CrossGrid AUTH HellasGrid CA EGEE GRNET GridLab NTUA

10 HellasGrid Certificate Issuance
The service is operational for more than 2 years … But there are drawbacks: A lot of bureaucracy is involved Does not scale!

11 Distributed RA scheme Create distributed RAs that will serve all the locations At least 1 area of: Crete Patra Aegean Athens Ioannina Thessaloniki 1 RA at each Institute as user base grows. CA Crete Athens Aegean RA RA RA

12 Distributed RA scheme CA Helpdesk RA RA RA Crete Athens Aegean
Create distributed RAs that will serve all the locations At least 1 area of: Crete Patra Aegean Athens Ioannina Thessaloniki 1 RA at each Institute as user base grows. CA Helpdesk Crete Athens Aegean RA RA RA

13 HellasGrid CA Changes Revise the CP/CPS to reflect the new structure Update the ca site to facilitate the need for secure CA-RA communications setup of mailing lists for: Coordination of the RAs End users

14 The End. Questions?

Download ppt "HellasGrid CA & euGridPMA"

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.

Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
TERENA TF-EMC2 Workshop David Groep, 2004.11.04

TERENA TF-EMC2 Workshop David Groep,

Similar presentations

Ads by Google