Presentation is loading. Please wait.

Presentation is loading. Please wait.

TERENA Certificate Service (TCS) 9 June 2011. Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up.

Published byMadison Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "TERENA Certificate Service (TCS) 9 June 2011. Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up."— Presentation transcript:

1 TERENA Certificate Service (TCS) 9 June 2011

2 Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up ’ problem). ›Purchasing certificates directly from commercial CAs is expensive in bulk. Background

3 Slide 3 ›Five types of certificate available: ›Server Certificate - for authenticating servers and establishing secure sessions with end clients. ›e-Science Server Certificate - for authenticating Grid hosts and services. These are IGTF compliant. ›Personal Certificate - for identifying individual users and securing e-mail communications. ›e-Science Personal Certificate - for identifying individual users accessing Grid services. These are IGTF compliant. ›Code-signing Certificates - for authenticating software distributed over the Internet. ›Comodo is also offering free EV certificates for a limited period. Certificate Types

4 Slide 4 NREN/CountrySPC SPC ACOnetAT  LITNETLT  - BELNETBE  UoMMT  - CARNetHR  --SURFnetNL  CyprusCY  UNINETTNO  CESNETCZ  -PSNCPL  UNICDK  -FCCNPT  -- FUNETFI  -RoEduNetRO  - RENATERFR  -AMRESRS  - GRNETGR  -ARNESSI  -- HUNGARNETHU  --RedIRISES  HEAnetIE  SUNETSE  GARRIT  -JANET(UK)UK  -- IUCCIL  - Participants

5 Delegated Responsibilities & Scaling

6 Built using contracts scales well to large numbers of organisations and users assurance requirements on subscribers ensure quality ID bound through legal contracts

7 Slide 7 ›Several NRENs decided to pool resources and operate common portal for personal certificates. ›Hosted on resilient servers at Tilburg University under contract to TERENA. ›Utilises Confusa software. ›Each NREN community needs to operate at least one IdP, but multiple IdPs are supported. ›Participants: ›ACOnet (AT), BELNET (BE), FUNET (FI), GARR (IT), RENATER (FR), SUNET (SE), SURFnet (NL), UNI-C (DK), UNINETT (NO) TCS Portal

8 Authenticating users via Subscriber and Federation National research-education federations provide the basis for authenticating users and obtaining key attributes like a persistent unique identifier and including assurance level via service entitlements User’s home organisation NREN or Federation Operator

9 Slide 9 ›Server Certificates ›Since 1 Jul 2009 - 45,710 (most JANET(UK) with 9,321 ) ›eScience Server Certificates ›Since 1 Oct 2010 - 42 (most PSNC with 16) ›Personal Certificates ›Since 5 Feb 2010 - 1,169 (most 499 with CESNET) ›eScience Personal Certificates ›Since 5 Feb 2010 - 547 (most 332 with UNINETT) ›Code-Signing Certificates ›Since 1 June 2010 - 52 (most 13 with PSNC) Statistics (1 Jul 2009 - 31 Dec 2010)

10 TCS eScience - global recognition Meets the IGTF requirements for long-term integrated credential services and thereby has global recognition by all major e-Infrastructures

11 Reach of the TCS Personal service The TCS portals – trustworthy credentials in 3 clicks and 2 minutes dark-blue: eScience Personal deployed

Download ppt "TERENA Certificate Service (TCS) 9 June 2011. Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
NORDUnet Nordic Infrastructure for Research & Education Service Sharing at NORDUnet Lars Fischer TF-MSP Meeting Malta, 27 November 2014.

NORDUnet Nordic Infrastructure for Research & Education Service Sharing at NORDUnet Lars Fischer TF-MSP Meeting Malta, 27 November 2014.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
A Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’09 21-25 Sept 2009 Barcelona.

A Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’ Sept 2009 Barcelona.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
EU NREN PKI Jan MeijerAARnet PKI / Access Federations Strategy Workshop 10 February 2010 Sydney.

EU NREN PKI Jan MeijerAARnet PKI / Access Federations Strategy Workshop 10 February 2010 Sydney.
Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.

Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.
Webinar “Operating the TCS shared portals” for NREN admins TCS shared portal project a/TCS_Portal_project Jan Meijer.

Webinar “Operating the TCS shared portals” for NREN admins TCS shared portal project a/TCS_Portal_project Jan Meijer.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Similar presentations

Ads by Google