Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.

Published byPoppy Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore."— Presentation transcript:

1 Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, kataoka@nii.ac.jp July 19, 2006 APAN Grid-Middleware Workshop, Singapore

2 2 OUTLINE 1. 1. NAREGI & UPKI projects 2. 2. NAREGI Certification Service 3. 3. NAREGI-CA for Grid middleware 4. 4. Enhancement in UPKI 5. 5. Future Plan

3 3 1. 1. NAREGI & UPKI projects

4 4 ● Publication of scientific results from academia Human Resource Development and strong organization NAREGI Middleware Virtual Organization For science CyberScience Infrastructure for Advanced Science (by NII) CyberScience Infrastructure for Advanced Science (by NII) To Innovate Academia and Industry UPKI ★ ★ ★ ★ ★ ★ ★ ☆ Super-sinet: a next generation network infrastructure supported by NII and 7 National Computer Centers Cyber Science Infrastructure 北海道大学 東北大学 東京大学 NIINII 名古屋大学 京都大学 大阪大学 九州大学 (東京工業大学、早稲田大学、高 エネルギー加速器研究機構等) Scientific Repository Industry Liaison and Social Benefit Global Contribution

5 5 2. 2. NAREGI-CA Certification Service

6 6 NAREGI Certification Service CA Software (NAREGI-CA) Policy Management Management(NAREGI-PMA) Operation (NAREGI CA) - CP/CPS -Satisfy APGrid minimum requirement minimum requirement - CA/RA - UI (Character, Web) - Operation of CA - Authorized by the APGrid PMA Production Level CA PMA Production Level CA

7 7 3. 3. NAREGI-CA for Grid middleware

8 8 Free Software under the NAREGI intellectual property management rules (Apache ver2.0)Free Software under the NAREGI intellectual property management rules (Apache ver2.0) Current versionCurrent version –Ver2.0 released in May.10.2006 included in NAREGI Grid Middleware Beta Distribution recordsDistribution records –129 downloads ( 31 of Ver2.0) Research collaborationResearch collaboration –Audit of CA :AIST, Japan –PMA for international cooperation : APGRID User SitesUser Sites –NAREGI, AIST, Several Universities Distribution & User Sites

9 9 License ID management – –Transfer authentication responsibility to Local RA Grid operation extensions – –Assistance of Grid-mapfile creation Dual interfaces for certificate request – –Web & command line enrollment CA/RA architecture – –Independent Registration Authority (RA) Server – –Practical CP/CPS Template NAREGI-CA Software Features

10 10 NAREGI-CA Architecture RA (Registration Authority) CA (Certificate Authority) Local RA (Site Administrator) End User &Host Administrator Site Administrator ① Get License ID ② Authorize to pass License ID ④ Pass License ID & Public Key ⑦ Get Certificate ⑤ Send CSR ⑥ Issue Certificate ③ Generate a Key Pair ⑧ Get Grid Map file

11 11 4. 4.Enhancement in UPKI

12 12 UPKI Three Layer Architecture

13 -Each university will start to install NAREGI-CA and operate CA to be a grid site. -Those grid sites will be operated in the PKI layer of UPKI three layer architecture. -Reduced burden of CA operation is necessary for actual operation in universities. -Efficient operation by interconnecting PKI layers is needed. Objective

14 Enhancement in UPKI Enhancement for actual operation of CA/RA at universities; 1.To split and delegate RA. 2.To provide staffs/students means to apply by themselves. 3.To issue grid certificate by identification of campus certificate.

15 1.To split and delegate RA. -Created RA/LRA operator authorities split from RA administrator authorities. -Secure delegation by using IC card. -Delegation to hierarchized institutions in universities for actual operation. 2.To provide staffs/students means to apply by themselves. -Easy application of registration, issuance, and revocation from the web. -Secure application by using challenge PIN. -Reduced burden of RA operation. Enhancement in UPKI

16 16 CA Administrator CARA RA Administrator IC Card Enhanced Procedure To Issue Certificate CA Administrator RA Administrator RA Operator User License ID Issue Certificate RACA Apply Identify Approve Issue Certificate Application Server (web) Management Server (web) Delegate Challenge PIN License ID Local RA User Identify Apply License ID

17 3.To issue grid certificate by identification of campus certificate. -Cooperation of Grid CA and Campus CA. -Reduced burden of RA operation. -Any certificate can be issued for other AP. Enhancement in UPKI

18 18 CampusCA Issue Certificate Campus PKI Grid PKI NAREGI CA Super Computer Grid System Super Computer Issue Certificate Request Certificate (Use IC Card as credential) LDAP NAREGI RA IC Card Certificate for Grid System Access User Campus-Grid PKI Federation

19 19 5. 5.Future Plan

20 -Release schedule -Enhanced features will be released in Autumn this year. -Usability improvement -Create and distribute Start-Up Package for Campus CA/RA including CP/CPS templates for certain application, such as wireless LAN authentication and authorization. 5. Future Plan

Download ppt "Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore."

Similar presentations

UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and.

UPKI Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and.
Introduction of Grid Security

Introduction of Grid Security
© S.J. Coles 2006 Usability WS, NeSC Jan 06 Experiences in deploying a useable Grid-enabled service for the National Crystallography Service Simon J. Coles.

© S.J. Coles 2006 Usability WS, NeSC Jan 06 Experiences in deploying a useable Grid-enabled service for the National Crystallography Service Simon J. Coles.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.

National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
2015/6/21 UPKI project update Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University.

2015/6/21 UPKI project update Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.

Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.
Grid security in NAREGI project NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e- Science.

Grid security in NAREGI project NAREGI the Japanese national science grid project is doing research and development of grid middleware to create e- Science.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo
Grid security in NAREGI project July 19, 2006 National Institute of Informatics, Japan Shinichi Mineo APAN Grid-Middleware Workshop 2006.

Grid security in NAREGI project July 19, 2006 National Institute of Informatics, Japan Shinichi Mineo APAN Grid-Middleware Workshop 2006.

Similar presentations

Ads by Google