Presentation is loading. Please wait.

Presentation is loading. Please wait.

IGTF All-Hands Meeting

Published byLouisa Walters Modified over 5 years ago

Similar presentations

Presentation on theme: "IGTF All-Hands Meeting"— Presentation transcript:

1 IGTF All-Hands Meeting
APGridPMA Update Eric Yen IGTF All-Hands Meeting ISGC2019, Taiwan 1 April 2019

2 General Status Chair and Vice Chair ( ): Reelected at 20th APGridPMA F2F Meeting in Oct. 2017 Chair: Eric Yen (ASGCCA, Taiwan) Vice Chair: Eisaku Sakane (HPCI CA, Japan) Next Chair election will take place in the APGridPMA Fall meeting Routine Gathering Spring: Together with ISGC in Taiwan Fall: Collocated with e-Science or Networking events Virtual meeting will be arranged upon request or whenever there is any issue in-between F2F meetings Self Auditing Report: Once a year for each member CA Regional Catch-All CA: ASGCCA, now supporting users through local RAs in PH, TH, ID, IN, MN, LK

3 CA ccTLD Self Audit #valid Cert IPv6 Remarks AIST CA JP APAC CA AU
Withdrawn from Nov. 2013 APAC CA AU Services ended in Dec 31, 2012 ASGC CA TW Mar. 2018 153, 278, 14 Y Regional Catch-All CA; x.509 based SSO in AS AusCert New national certificate services of AU (+NZ, FJ, PG) CNIC CA CN Aug. 2015 21 SDG CA 2 HKU CA 5, 26, 1 HPCI CA Mar. 2017 206, 273 MICS; OCSP enabled; SSO IGCA IN 134, 23 IHEP CA Aug. 2018 67, 41, 16 KEK CA Oct. 2017 167, 145 Support robot Cert and OCSP is Ready KISTI CA KR 33, 28, 3 Renewed and back to service from June 2017 MYIFAM MY 11 National Fed IdM and Fed CA are ongoing; Eduroam, Shib NCHC CA Withdrawn from Feb. 2015 NECTEC CA TH March, 2014 4, 13 Decommissioned from Jan 2017 NAREGI CA NAREGI CA 2.4, ended EEC issuance from Dec. 2014 PRAGMA-UCSD US Withdrawn from July 2014 11 Production CAs in 7 countries v6 plan and CRL status

4 From Previous Meetings (Aug 2018)
Federated Identity Management Activities Introduction Federated Identity Management in SIFULAN Malaysian Access Federation, Hong Kong Access Federation and NZ Federated Identity Management service (TUAKIRI) were introduced CA Operation Proposal for Remote Initial Identity Vetting with PKI credential approved at 21st APGridPMA meeting in ISGC2018 NAREGI-CA 2018 Autumn release, version 3.2.2, has been released on 21 Sep (version was released on 25 Dec. 2017) MICS CA Audit Checklist: NII (HPCI CA, JP) draft is reviewed based on IGTF LoA and PKI technology (ongoing) CA Manager changed of KISTI CA and KEK CA IPv6 CRL Distribution Point: Keep tracking IPv4 Only: CNIC, IGCA, MyIFM, SDG Reorganising APGridPMA Website (in progress) Improve the monitoring and warning services of CAs CP/CPS changes: HKGridCA, IGCA GARUDAINDIA2 root key roll-over in release 1.90 (March 2018) HKU Grid CA will be included in release 1.92 (May 2018)

5 Remote ID Vetting and NAREGI-CA
Proposal for Remote Initial Identity Vetting with PKI Credential PoS(ISGC2017)009 Approved at 21st APGridPMA meeting in ISGC2018 NII (HPCI CA, JP) is considering the procedure for putting the proposal into practice: Changes in CP/CPS Manuals for IdM and CA NAREGI-CA 3.2.2 KEK CA and HPCI CA use the software package Support ChaCha20 stream cipher, Poly1305 authenticator, RSASSA-PSS signature algorithm, and HMAC-based KDF Conform to RFC 5915 that defines the syntax for an EC private key Version will be released soon and fixes EC private key handling in PKCS#8 Will support TLS 1.3 in the future release

6 About AusCERT CA What are grid certificates?
Through the AusCERT CS, we are able to supply IGTF accredited grid server and grid end user certificates which are publicly trusted. QuoVadis is accredited through the EUGridPMA to supply grid certificates which have special fields that are relevant to grid resources. They are not for general use How do I order grid host (server) certificates? Grid host certificates are just another type of SSL certificate. The process for ordering a grid host server certificate is the same for other SSL certificates. Administrators can invite Subscribers to apply for grid server certificates.  The certificate request must then be approved by one of the Sub-LRA Administrators from the Subscriber's organisation before the certificate will be issued. Grid server certificates are only available to organisations that have advised AusCERT that they require grid server certificates; and can see the Grid Policy Template called "AusCERT Grid Server" from the list of available SSL policy templates. If this policy template is not available in your TrustLink account and you need it, please contact AusCERT CS For further details of the process to obtain grid server (SSL) certificates refer to Appendix 1, page 22 of the QV Subscriber Guide. How do I order grid personal (end user) certificates? Before a grid-end user certificate can be issued, the applicant must have a face-to-face meeting with the Agent Administrator for their organisation (the SubLRA). The purpose of the face-to-face meeting is to enable the Agent Administrator to verify the applicant's identity documents match the person applying for the grid end user certificate. Specific details of the steps are outlined in the Handling Instructions on the Grid End User Certificate Application Form, which must also be completed, before the Agent Administrator facilitates access to the end user certificate. Once the Agent Administrator and applicant have completed the form and had their face to face meeting, the Agent Administrator then logs into TrustLink and then clicks on the "Invite End User" link; and creates an invitation that is sent to the end- user which will allow them to apply for a grid-end user certificate.   Once this invitation has been sent, no further approval is required by the Administrator; and the end-user will be issued the certificate once they have completed a few more details in TrustLink. Source:

7 From RA of New Zealand Initially (~ 10 years ago, during the BeSTGRID project), we were rolling out Computational Grid with certificates issued by the Australian APAC Grid CA. When APAC (and ARCS) wrapped up, we switched to using ASGCCA certs - thank for that. From about 2014, universities subscribing to the AusCERT certificate service offering started getting their Grid Certificates also via AusCERT - so from QuoVadis. However, institutions not subscribing to AusCERT still need other avenues - so they still use ASGCCA (this was the certificate for Plant and Food Research I was requesting recently). Also, about in 2014, the computational grid was decommissioned and the only use of grid certificates is for Data Transfer Services (GridFTP, primarily via globus.org) Most of these services are operated via NeSI, where the primary host, The University of Auckland, subscribes to AusCERT, so all of NeSI services can use QuoVadis grid certs. Plant and Food Research is almost the only exception to that.

8 Research & Application Support
Support AAI for research and e-Infrastructure Integration with local SSO and move to SAML-based authN inclusion/federation with OIDC APAN IAM: from EduRoam to eduGAIN Attribute and Metadata Sharing HPCI CA Use Case Collection and Study Will be included in the future APGridPMA meeting User Community Engagement Experiences learned from large-scale international HEP communities: LHC, Belle, AMS, KAGRA, etc. Extending to regional communities such as life science, astronomy, disaster mitigation, ecological/biodiversity monitoring, e-Culture, etc. Most APGridPMA members are interested in OIDC federation and AARC

9 Regional Identity Federation Activities Supported by APAN IAM
Supporting Asian countries to develop their identity federations by knowledge/experiences sharing in federation technologies, practices, tools, resources and policies Establish local FedIdM and join eduGAIN is supported by APAN Internet2: INCOMMONS, TIER JISC: LIBERATE Uptake of ORCID Collect Requirements and Enhance the Practices Series of trainings and webinars have been implemented Primary advisors: AAF, REFEDS/Geant, JISC, etc. (APAN43, 2017) (APAN45, 2018)

10 Future Meetings 46th EUGridPMA: 20-22 May, 2019, Utrecht, NL
TNC19: June 2019, Tallinn, Estonia 24th APGridPMA: Option1: APAN48 Meeting is a candidate: July 2019, Putrajaya, Malaysia Any other option ? 25th APGridPMA: March 2020, Academia Sinica, TW

Download ppt "IGTF All-Hands Meeting"

Similar presentations

2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09:00 - 17:20 # Participants: 26.

2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09: :20 # Participants: 26.
Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.

Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May 9 2007 CAOPS-WG session #2.

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp://www.apgridpma.org/meetings/index.html Call for note takers!

4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Policy Issues for Identity Management (and other attributes) EGI Technical.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Issues for Identity Management (and other attributes) EGI Technical.
FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)
Updates of APGrid PMA 22 June, 2010. Members (15 + 1) 15 Accredited CAs AIST (JP) APAC (AU) ASGC (TW) CNIC (CN), SDG IGCA (IN) IHEP (CN) KEK (JP) KISTI.

Updates of APGrid PMA 22 June, Members (15 + 1) 15 Accredited CAs AIST (JP) APAC (AU) ASGC (TW) CNIC (CN), SDG IGCA (IN) IHEP (CN) KEK (JP) KISTI.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.

NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr. 2009 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
TAGPMA & the Bridge WG (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Activities and Applications Update - Chicago, IL.

TAGPMA & the Bridge WG (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Activities and Applications Update - Chicago, IL.
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.

ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May 9 2007 CAOPS-WG session #2.

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, 2009 6 th APGridPMA in Taipei.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien April 20, th APGridPMA in Taipei.

Similar presentations

Ads by Google