Presentation is loading. Please wait.

Presentation is loading. Please wait.

DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002.

Published byGladys Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002."— Presentation transcript:

1 DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002

2 DataGrid WP6/CA Matrix of Trust

3 CERN DEC-2002 DataGrid WP6/CA CA Feature Matrix

4 CERN DEC-2002 DataGrid WP6/CA CAs in Trust Matrices European EDG CERN CERN France France Italy Italy Netherlands Netherlands UK UK Czech Czech Hungary Hungary NorduGrid NorduGrid Spain Spain Russia Russia Portugal Portugal Ireland Ireland PPDG FusionGRID IVDGL NERSC PNNL ANL LBNL ORNL DOESG ESG North American added Jun’02: added Jun’02: DOE Science Grid DOE Science Grid European X# also in EDG: also in EDG: Portugal Portugal Spain Spain Netherlands Netherlands Italy Italy Ireland Ireland added Jun’02: added Jun’02: Germany Germany added Dec’02: added Dec’02: Poland Poland Greece Greece Slovakia Slovakia to be added: to be added: Cyprus Cyprus Austria ? Austria ?

5 CERN DEC-2002 DataGrid WP6/CA Autoevaluation little progress since Sep’02 little progress since Sep’02 Compiler works, but ruleset is restricted Compiler works, but ruleset is restricted extra manpower: extra manpower: David O’Callaghan David O’Callaghan next steps: next steps: port compiler port compiler create ruleset create ruleset

6 CERN DEC-2002 DataGrid WP6/CA Autoevaluation: current compiler

7 CERN DEC-2002 DataGrid WP6/CA Autoevaluation: current ruleset

8 CERN DEC-2002 DataGrid WP6/CA THE END Trust Matrices

9 CERN DEC-2002 DataGrid WP6/CA Matrix of trust How to establish the trust ? How to establish the trust ? CA Mgrs check each other against agreed list of minimum requirements CA Mgrs check each other against agreed list of minimum requirements currently require inspection of each CA’s CPS by each other CA currently require inspection of each CA’s CPS by each other CA software being developed to aid this process software being developed to aid this process CP/CPS important CP/CPS important audit of CA procedures will help audit of CA procedures will help none done yet none done yet use 3 rd party ? use 3 rd party ? GGF GridCP and CA-Operations WG’s considered important GGF GridCP and CA-Operations WG’s considered important

10 CERN DEC-2002 DataGrid WP6/CA Matrix of trust Scaling problems Scaling problems how many CA’s can we cope with [soon ~20] ? how many CA’s can we cope with [soon ~20] ? the process is very manual the process is very manual personal contacts are fundamental personal contacts are fundamental WANT TO MAKE EVALUATION MORE AUTOMATIC WANT TO MAKE EVALUATION MORE AUTOMATIC software being developed to aid this process software being developed to aid this process based on evaluation of the CA Feature Matrix based on evaluation of the CA Feature Matrix

11 CERN DEC-2002 DataGrid WP6/CA Basic Concepts Issues: Issues: postulate:(condition)  (issue) postulate:(condition)  (issue) e.g. (BasicConstraints_value ne ‘CA’)  (major issue) e.g. (BasicConstraints_value ne ‘CA’)  (major issue) Grading: Grading: i.e. assign an issue a weight i.e. assign an issue a weight Constraint: Constraint: issues of a certain class should be constrained to that class issues of a certain class should be constrained to that class e.g. many minor issues do not make a major issue e.g. many minor issues do not make a major issue Aggregation: Aggregation: aggregate graded issues in a measure of ‘severity’ aggregate graded issues in a measure of ‘severity’ e.g. (severity @ major) =  (graded major issues)  limit=1.0 e.g. (severity @ major) =  (graded major issues)  limit=1.0

12 CERN DEC-2002 DataGrid WP6/CA Currently [JUL-2002] per class: (severity @ class) =  (graded class issues)  limit=1.0 per class: (severity @ class) =  (graded class issues)  limit=1.0 max_severity: (severity) for most critical class with issues max_severity: (severity) for most critical class with issues postulate: acceptance_level = T acceptance – (max_severity) postulate: acceptance_level = T acceptance – (max_severity) where:T acceptance == (worst-case max_severity) where:T acceptance == (worst-case max_severity) e.g, assume: T acceptance = 3.0 e.g, assume: T acceptance = 3.0 therefore:max_severity = [0.0.. 3.0] therefore:max_severity = [0.0.. 3.0] and:acceptance_level = [3.0.. 0.0] and:acceptance_level = [3.0.. 0.0] This is the WORKING BASIS for manual evaluation This is the WORKING BASIS for manual evaluation

13 CERN DEC-2002 DataGrid WP6/CA Auto-evaluation move to extract issues automatically move to extract issues automatically from what ? from what ? initially from Feature Matrix initially from Feature Matrix later from CA certs & CRLs ? later from CA certs & CRLs ?

14 CERN DEC-2002 DataGrid WP6/CA Extraction from Feature Matrix since: (condition)  (graded issue) since: (condition)  (graded issue) then must define condition per feature  {rules} then must define condition per feature  {rules} e.g.: (name eq ‘NIL’)  (graded issue) e.g.: (name eq ‘NIL’)  (graded issue) thus:if (name eq ‘NIL’) (graded issue) == (coefficient @ class) thus:if (name eq ‘NIL’) (graded issue) == (coefficient @ class) per class:(severity) ==  (graded issues)  limit=1.0 per class:(severity) ==  (graded issues)  limit=1.0 EDG can define its common rule set EDG can define its common rule set each CA could define its own overrides to the rule set each CA could define its own overrides to the rule set ultimately each VO could define its own rule set ultimately each VO could define its own rule set

Download ppt "DataGrid WP6/CA CA Trust Matrices Trinity College Dublin (TCD) Brian Coghlan CERN DEC-2002."

Similar presentations

What is the capital of the UK? London What is the capital of France? Paris.

What is the capital of the UK? London What is the capital of France? Paris.
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK

11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK
Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Progress in the Electricity and Gas Single.

Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Progress in the Electricity and Gas Single.
UNIVERSITY OF JYVÄSKYLÄ INTERNATIONAL COOPERATION.

UNIVERSITY OF JYVÄSKYLÄ INTERNATIONAL COOPERATION.
GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.

GSI – Grid Security Infrastructure and the EU DataGrid Authentication Infrastructure For the EDG CACG: David Groep.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Welcome to CERN Research Technology Training Collaborating.

Welcome to CERN Research Technology Training Collaborating.
DataGrid WP6/CA CA Acceptance/Feature Matrices Trinity College Dublin (TCD) Brian Coghlan Paris MAR-2002.

DataGrid WP6/CA CA Acceptance/Feature Matrices Trinity College Dublin (TCD) Brian Coghlan Paris MAR-2002.
Knowledge Management LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.

Knowledge Management LXV International Council Meeting Qawra, Malta 16 th - 23 rd of March 2014.
Directive 95/50/EC TDG Checks Application of Annexes Erkki Laakso EUROPEAN COMMISSION DG ENERGY & TRANSPORT TDG Checks Riga 19-20 June 2006.

Directive 95/50/EC TDG Checks Application of Annexes Erkki Laakso EUROPEAN COMMISSION DG ENERGY & TRANSPORT TDG Checks Riga June 2006.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.

13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
EUROPEAN UNION. WHAT Coalition of 30 countries united in ECONOMY World’s largest trading bloc. World’s largest exporter to the world 16 TRILLION *Biggest.

EUROPEAN UNION. WHAT Coalition of 30 countries united in ECONOMY World’s largest trading bloc. World’s largest exporter to the world 16 TRILLION *Biggest.
Countries of Europe France Spain Italy Germany Which country is this?

Countries of Europe France Spain Italy Germany Which country is this?
The European Union. “Original” 15 members of the EU 1. Austria 9. Italy 2. Belgium 10. Luxemburg 3. Denmark* 11. Netherlands 4. Finland12. Portugal 5.

The European Union. “Original” 15 members of the EU 1. Austria 9. Italy 2. Belgium 10. Luxemburg 3. Denmark* 11. Netherlands 4. Finland12. Portugal 5.
DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.

DOE Grids New subordinate CP/CPS v2.3 New subordinate CP/CPS v2.3 New name DOEGrids.org New name DOEGrids.org Old name DOESciencegrid.org Old name DOESciencegrid.org.
THE EUROPEAN UNION. HISTORY 28 European states after the second world war in 1951 head office: Brussels 24 different languages Austria joined 1995.

THE EUROPEAN UNION. HISTORY 28 European states after the second world war in 1951 head office: Brussels 24 different languages Austria joined 1995.
Capitalist. Main Points In a capitalist or free-market country, people can own their own businesses and property. People can also buy services for private.

Capitalist. Main Points In a capitalist or free-market country, people can own their own businesses and property. People can also buy services for private.
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK

10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK

Similar presentations

Ads by Google