Presentation is loading. Please wait.

Presentation is loading. Please wait.

The IGTF Charter Name uniqueness throughout the IGTF is anchored in the Charter Current Charter assigns a namespace to an Authority, implying that the.

Published byΒερενίκη Ηλιόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "The IGTF Charter Name uniqueness throughout the IGTF is anchored in the Charter Current Charter assigns a namespace to an Authority, implying that the."— Presentation transcript:

1 Proposal for Namespace Assignment Policy in the IGTF David Groep, Apr 20nd, 2009

2 The IGTF Charter Name uniqueness throughout the IGTF is anchored in the Charter Current Charter assigns a namespace to an Authority, implying that the basic managed entity is a one single CA “On accreditation, a specific subject name space or set of subject name spaces is allocated to each authority. This name space must not overlap with any existing name space already assigned to an existing authority for any AP, assigned by any of the regional PMAs within the International Grid Trust Federation.”

3 Is this a problem or an asset?
The answer is probably: both Always need to preserve binding to a single entity (changing that is obviously not to be changed) Pros of having it assigned to a single CA A DN in the logs would maps directly to a single CA. If a DN is associated with abuse, otherwise multiple certificates may need to be revoked across multiple CAs. If one of the CAs is compromised the suspicion is limited to that one CA. Can easily differentiate between Cas based on just names (e.g. in simplified VOMS, or when OIDs are not checked but LoA matters)

4 Pro for a change Pros of assigning namespaces to PMA members
Simpler for users. They have a single DN from the Classic/MICS/SLCS. One entry in VOMS and grid-mapfiles rather than multiple. Allows users to "upgrade" from SLCS to MICS/Classic (for example), depending on their authN factors. Allows users to "downgrade" from MICS/Classic to SLCS (for example, if they're away from their computer and need a short-lived certificate). Simpler for system administrators. Allows CA roll-overs (already used here!)

5 Assigning to PMA members is Good
Propose to change text in the Federation Doc to:

6 Time line EUGridPMA proposes this change and approved it in their January 2009 meeting (minutes and proposal circulated to the IGTF) Presenting now to the IGTF Discussion proposed at APGridPMA and TAGPMA F2F meetings (April 2009) On acceptance: Agree in May at the IGTF meeting in Chapel Hill

7

Download ppt "The IGTF Charter Name uniqueness throughout the IGTF is anchored in the Charter Current Charter assigns a namespace to an Authority, implying that the."

Similar presentations

2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09:00 - 17:20 # Participants: 26.

2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09: :20 # Participants: 26.
Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May 9 2007 CAOPS-WG session #2.

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp://www.apgridpma.org/meetings/index.html Call for note takers!

4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
Updates from the EUGridPMA David Groep, Oct 11 th, 2011.

Updates from the EUGridPMA David Groep, Oct 11 th, 2011.
14 May 2002© 2000-02 TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Identity Management Levels of Assurance WLCG GDB CERN, 8 Apr 2009 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.

Identity Management Levels of Assurance WLCG GDB CERN, 8 Apr 2009 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.

Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.
TERENA TF-EMC2 Workshop David Groep, 2004.11.04

TERENA TF-EMC2 Workshop David Groep,
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Similar presentations

Ads by Google