Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Canada Certificate Authority Darcy Quesnel

Published byFranklin Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Grid Canada Certificate Authority Darcy Quesnel"— Presentation transcript:

1 Grid Canada Certificate Authority Darcy Quesnel darcy.quesnel@canarie.ca ca@gridcanada.ca http://www.gridcanada.ca/ca/

2 About Grid Canada Project formed by an MOU between CANARIE, NRC, and C3.ca »C3.ca is the organization of the high performance computing sites in Canada »NRC is the federal lab system in Canada »CANARIE operates the Canadian research and education internet backbone (CAnet4) Develops and deploys infrastructure for use by grid-related projects in Canada

3 Project Drivers Customer-managed lightpaths »An OGSA-compliant way for users to provision end-to-end lightpaths NRC iHPC »Develop and deploy grid infrastructure within NRC »In support of multi-scale modelling » 50? in the future Atlas Canada »Wants to participate in Data Grid » 30? in the future

4 Challenges Right now »Canada is not the U.S. and it is not Europe (or even the U.K.) »No federal granting agency has yet identified grids as a “strategic direction” We hope that »Funded projects will see the benefits of having an explicit grid component »The NRC and CANARIE will increase their roles

5 GC CA Details CA Certificate Valid From: 2002-04-11 CA Certificate Valid Until: 2007-04-10 User Certificates: 13 Host/Service Certificates: 18 Revocations: 2 Based on the globus_simple_ca_bundle Issued to R&E end entities involved in grid activities Standard set of extensions

6 CA Requirements Compliance GC CA machine is dedicated, secure, and non-networked GC CA private key is »2048-bit length »Valid for 5 years »Passphrase protected User and host/service keys are »1024-bit length »Valid for 1 year »Linked to a specific person or host/service »Generated by the user

7 CA Requirements Compliance Namespace is “/C=CA/O=Grid/*” »Subject names have the form “/C=CA/O=Grid /OU= /CN= ” Published at http://www.gridcanada.ca/ca is thehttp://www.gridcanada.ca/ca »CP/CPS »CRL »Public Key »Signing Policy All requests and responses (email), certificates, and CRLs are archived

8 CA Requirements Differences RA is based on a small community »User certificates are granted to people I know or who can be vouched for by someone I know Host/service certificate requests are not signed by a user certificate »Host/service certificates are granted after I’ve talked to (or bugged) someone

9 Future Directions Develop scaleable RA infrastructure North American PMA »Why should EDG WP6 have to deal with me directly? Develop an XML schema for a CP/CPS »Useable by tools »Easier to create and change

10 Contact Information darcy.quesnel@canarie.ca ca@gridcanada.ca http://www.gridcanada.ca/ca

Download ppt "Grid Canada Certificate Authority Darcy Quesnel"

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.
Public Key Infrastructure Ammar Hasayen 2013. ….

Public Key Infrastructure Ammar Hasayen ….
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.
1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida.

1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.

RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

Similar presentations

Ads by Google