Presentation is loading. Please wait.

Presentation is loading. Please wait.

Organized by governmental sector (National Institute of information )

Published byTyrone Short Modified over 5 years ago

Similar presentations

Presentation on theme: "Organized by governmental sector (National Institute of information )"— Presentation transcript:

1 What is needed on Grid PKI? (Naregi: National Research grid Initiative in JAPAN)
Organized by governmental sector (National Institute of information ) Naregi PKI service Start this march (Currently) Single PKI domain architecture Issue certificates for Globus and Unicore separately. Initially based on GGF CP/CPS references (GFD-C.16 June 1,2003 ) Issues Different policy but user requests “common one certificate” Globus and Unicore Different organization (multiple PKI domain ) Different identification and authentication policy to issue the certificate Certificate Profile CA certificate Globus certificate Unicore Certificate

2 Unicore vs. Globus UNICORE (GFD.18 An Analysis of the UNICORE Security Model) authenticate users, UNICORE Gateways, the NJS (for distributing sub- sign jobs, and sign software Globus PKI is used for user authentication through proxy certs. PKI architecture UNICORE PKI is initially designed one PKI domain containing single CA and multiple RAs U-CA G-CA U&G U Cert U&G G CA End Entity

3 Issue : Keyusage? GGF Certificate Policy Model(June 1,2003)
Applicability : “to promote wide use of public key certificates in many different application” S/MIME, IPSec, SSL/TLS Key usage : must be critical (but what value is?) DOE Grids (December 15,2002) Applicability : Person certificate “signing of Globus proxy certificates” , ”may be used for other activities such as signing and encryption. Server certificate “ for TLS/SSL. Key Usage: “critical”, Digital signature, Non repudiation, Key Encipherment, Data Encipherment For purpose of UNICORE code-signing, why not use “extent-key-usage , code-signing” {id-kp,3} specified in RFC3280.

4 Issue: Certificate/CRL Profile?
Need the CP/CPS reference model Key usage as described CA certificate profile User cert for globus needs “another keyusage or policy” due to create proxy cert.

5 Issue : Multiple PKI domain?
Currently Naregi has single PKI architecture In future, needs multi-domain PKI Which architecture is desirable? How interoperable between multi-PKI domain It is impossible to establish single CA Multi trust point for user ? Single trust point and cross certification? (Bridge or root) What is restrictions or conditions for interoperability?

Download ppt "Organized by governmental sector (National Institute of information )"

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
S/MIME Email and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.
IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.

IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Module 9: Fundamentals of Securing Network Communication.

Module 9: Fundamentals of Securing Network Communication.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

Similar presentations

Ads by Google