Presentation is loading. Please wait.

Presentation is loading. Please wait.

7. septembar 2007 A E G I S Academic and Educational Grid Initiative of Serbia 2007 Annual Assembly AEGIS Certification Authority and Applications Branko.

Published byScott West Modified over 8 years ago

Similar presentations

Presentation on theme: "7. septembar 2007 A E G I S Academic and Educational Grid Initiative of Serbia 2007 Annual Assembly AEGIS Certification Authority and Applications Branko."— Presentation transcript:

1 7. septembar 2007 A E G I S Academic and Educational Grid Initiative of Serbia 2007 Annual Assembly AEGIS Certification Authority and Applications Branko Marović RCUB

2 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly AEGIS Certification Authority Primljen u EUGridPMA na skupu u Istanbulu 31.5.2007. AEGIS CA Certificate Policy and Certification Practice Statement http://aegis-ca.rcub.bg.ac.yu/

3 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly AEGIS Certification Authority Names  Issuer: C=RS, O=AEGIS, CN=AEGIS-CA  Subject: C=RS, O=AEGIS, OU=XXX, CN=Subject-name  Country: Must be “RS”  Organization: Must be “AEGIS”  OrganizationUnit: Must be the name of the subject's institute  CommonName: First name and last name of the subject for user certificates, DNS FQDN for server or service certificates End Entity Certificates  Maximum lifetime: 1 year  Key length: at least 1024 bits Person requesting a certificate  Presentation in person of valid official identification document Server/Host/Service certificate  Can be only requested by the administrator of the particular host  The administrator must already have a valid AEGIS certificate

4 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Izdavanje prvog sertifikata Videti instrukcije na http://aegis-ca.rcub.bg.ac.yu/http://aegis-ca.rcub.bg.ac.yu/ Formirati PKCS#10 zahtev – najlakše je na nekom od AEGIS UI računara Poslati zahtev i lične podatke (ime i prezime, e-mail, institucija, adresa) preko AEGIS CA web interfejsa ili na aegis-ca@aegis-ca.rcub.bg.ac.yu.aegis-ca@aegis-ca.rcub.bg.ac.yu Generiše se slučajni 10-ocifreni broj i šalje automatski e-mail odgovor gde se korisnik obaveštava  Da je vreme procesiranja sertifikata 3 radna dana  Da je potrebno da se lično pojavi u kancelariji AEGIS CA ili RA radi potvrde identiteta  O adresi i brojevima telefona AEGIS CA/RA  O procesu autentifikacije korisnikovog e-mail-a: generisani broj se deli na dva dela. U odgovoru se nalazi prvih 5 cifara, dok drugih 5 korisnik dobija kada se pojavi radi autentifikacije. Korisnik dolazi kod AEGIS CA ili RA sa validnim dokumentom za ličnu identifikaciju i dokazom veze sa institucijom navedenom u zahtevu. Šalje 10 cifara sa prijavljene e-mail adrese na e-mail AEGIS CA/RA Na ovako potvrđenu e-mail adresu se dostavlja potpisan sertifikat  Korisnik se obaveštava da treba da u roku od 5 dana pošalje e-mail potpisan dobijenim sertifikatom kojim prihvata svoj novi sertifikat i CP/CPS dokumenat Korisnik svoj sertifikat može koristiti za pristup Grid-u, za potpisivanje e- mail-ova, autentifikaciju preko Web-a i enkripciju podataka. Može sertifikat koristiti kroz AEGIS i SEE-GRID VOMS server

5 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Izdavanje narednih sertifikata Zahtevi za re-key sertifikata koji su potpisani važećim sertifikatom izdatim od CA akreditovanim od EUGridPMA će biti potpisani bez prethodne procedure jer je identitet korisnika već utvrđen. Korišćeni sertifikat i zahtev treba da se odnose na istu osobu, e-mail i instituciju. CA/RA i dalje mora da proveri da li osoba ima vezu sa institucijom navedenom u zahtevu – dovoljno je da je e- mail institucionalni.

6 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Generisanje sertifikata i sigurnost Sertifikati se generišu na izolovanom računaru, u kancelariji sa ograničenim pristupom. Koriste se lozinke od bar 15 karaktera. CA manager i CA operater jedini znaju root password. Na računaru je instaliran CentOS operativni sistem sa minimumom servisa - apliciraju se sve security zakrpe. Koristi se CSP softver. Računar ima CD-RW uređaj i USB konektore za backup. Hard disk se stavlja u HDD rack, čuva se na sigurnoj lokaciji. Vrši se backup na CD-ROM i USB flash-u koji se takođe čuvaju sigurnoj lokaciji. Postojaće i off-site backup. Na CA sajtu će biti omogućena isključivo pretraga (ne i listanje) izdatih sertifikata. Čuva se lista generisanih sertifikata. Kada se sertifikat povuče, obnavlja se CRL, koja se odmah objavljuje na CA sajtu. CRL se takodje obnavlja na svakih 30 dana, bez obzira da li je bilo povučenih sertifikata.

7 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Certificate Revocation Certificate Revocation List  Minimum/maximum lifetime: 7/30 days  CRL is updated immediately after every certificate revocation  CRL is issued at least 7 days before expiration Circumstances for revocation  Subscriber has ceased to be a member of, or associated with AEGIS related institution, program or activity  Subscriber key is lost or suspected to be compromised  Information in certificate is suspected to be inaccurate  Subscriber violated his/her obligations  Subscriber does not need the certificate any more

8 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Events Recorded events  Certification requests  Issued certificates  Requests for revocation  Issued CRL’s  Login/logout/reboot of the signing machine Archived events  Certification requests  Issued certificates  Requests for revocation  Issued CRL’s  All e-mail messages of correspondence between RA and CA

9 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Kontakt http://aegis-ca.rcub.bg.ac.yu/ University of Belgrade Computer Center Kumanovska bb Beograd 126119 Serbia Phone: +381 11 3031257, +381 11 3031258 Fax: +381 11 3031259 e-mail: aegis-ca@aegis-ca.rcub.bg.ac.yuaegis-ca@aegis-ca.rcub.bg.ac.yu Dušan Radovanović e-mail: dusan.radovanovic@rcub.bg.ac.yudusan.radovanovic@rcub.bg.ac.yu

10 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly SEE-GRID-2 Application Selection ARC (Application Review Committee) Large number of potential applications For the reason of scalability, it was decided that only a subset of the applications will be supported Candidate application developers fill online Continuous Grid Application Questionnaire submitting data on their applications  http://questionnaire.rcub.bg.ac.yu//survey.php?sid=32 Application ranking criteria developed jointly trough e-mail discussion within the consortium WP4 partners from all countries. 32 applications in total were submitted initially. 23 were assessed with the questionnaire.

11 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Application Lifecycle

12 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly SEE-GRID2 Applications

13 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly SEE-GRID2 Applications

14 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Developer Resources Grid environment is constantly evolving, but  Useful features persist  New are constantly being added  Bugs are being fixed  Gained knowledge remains relevant, must be updated  Applications can be easily migrated to new/updated APIs gLite User Guide  https://edms.cern.ch/file/722398//gLite-3-UserGuide.pdf https://edms.cern.ch/file/722398//gLite-3-UserGuide.pdf SEE-GRID Gridification Guide  http://wiki.egee-see.org/index.php/SG_Gridification_Guide http://wiki.egee-see.org/index.php/SG_Gridification_Guide SEEGRID Wiki  http://wiki.egee-see.org/index.php/SEE-GRID_Wiki http://wiki.egee-see.org/index.php/SEE-GRID_Wiki gLite documentation  http://glite.web.cern.ch/glite/documentation/ http://glite.web.cern.ch/glite/documentation/

15 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Application Gridification Guide Relevant topics for application developers identified trough online questionnaire system Some investigation areas identified as well – candidates for future GG topics Gridification guide will provide information on these topics GG collaboration medium – Wiki  http://wiki.egee- see.org/index.php/SG_Gridification_Guide

16 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly SEE-GRID-2 Application Support Application support group (ASG) – experienced developers & admins  National level application support  SEE-GRID - global level application support Work in close collaboration with WP5 (training) and WP3 (software requirements, maintenance of performance)

17 A E G I S 7. Septembar 2007. AEGIS 2007 Annual Assembly Šta je Web za podatke, to će Grid biti za računarske resurse! Grid: naredni korak u evoluciji Interneta. Pristup računarima će postati usluga poput struje, telefona ili vode.

Download ppt "7. septembar 2007 A E G I S Academic and Educational Grid Initiative of Serbia 2007 Annual Assembly AEGIS Certification Authority and Applications Branko."

Similar presentations

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.

Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.
Www.see-grid.eu SEE-GRID-2 The SEE-GRID-2 initiative is co-funded by the European Commission under the FP6 Research Infrastructures contract no. 031775.

SEE-GRID-2 The SEE-GRID-2 initiative is co-funded by the European Commission under the FP6 Research Infrastructures contract no
Paralelno i distribuirano računarstvo – primena u praksi Beograd 24-25. jun 2008. Grid - korisnicki pristup i razvoj aplikacija Branko Marović RCUB.

Paralelno i distribuirano računarstvo – primena u praksi Beograd jun Grid - korisnicki pristup i razvoj aplikacija Branko Marović RCUB.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Www.see-grid-sci.eu SEE-GRID-SCI The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no.

SEE-GRID-SCI The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.
Configuring Directory Certificate Services Lesson 13.

Configuring Directory Certificate Services Lesson 13.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

Similar presentations

Ads by Google