Presentation is loading. Please wait.

Presentation is loading. Please wait.

Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA

Published byLindsey Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA"— Presentation transcript:

1 Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA florio@terena.org

2 Slide 2 Aim of the work item ›Overseeing the patterns of usage and emerging technologies that might be relevant to support NRENs services; ›Proposing enhancements for the current PKI services; ›Promoting the current PKI services to other communities

3 PKI Initiatives ›SCS service: ›Soon to be knows as TCS; ›TERENA MICS/SLCS Pilot Service Project ›TACAR Slide 3

4 TERENA Certificates Service Slide 4

5 SCS  TCS ›Current SCS: ›Provided by GlobalSign BV; ›Only SSL server certs; ›More than 20.000 certs issued; ›Operating till March 2010; ›New SCS service: ›Comodo CA; ›Expected to start in May 2009; ›Model: ›Yearly flat fee per NREN; ›TERENA contractual party; ›A dedicated TERENA sub-CA; ›NRENs participating can also buy client certificates and code-sign certificates: ›Upon an extra flat fee; ›TCS: TERENA Certificate Services Slide 5

6 Who is in SCS ›Participants: ›Switzerland out; ›Greece and Finland will now participate. Slide 6

7 What has been done ›Lots of working spend on certificate profiles: ›Finally ready since last Friday; ›Profiles also for eScience server and client certs; ›Test CA to be expected in 10 days; ›To testing certificates and interfaces; ›Writing CPS for the TERENA sub-CA: ›First version of the CPS will only cover SSL server certs; ›Later client and code signing cert procedures will be addressed. Slide 7

8 What’s next ›Test phase: ›Two weeks period for the test; ›Launching the SSL server certs: ›Available for all NRENs participating; ›More work on the API: ›The current prototype does not cover client and code signing certs; ›Accreditation with the EuGridPMA Slide 8

9 A new PKI Service Slide 9

10 TERENA MICS/SLCS Pilot Service Project ›Aim: ›Establish a shared SLCS/MICS pilot service for the (European) eScience Grid community, under the TERENA umbrella. ›SLCS/MICS CA serving all countries participating; ›EuGridPMA Accreditation; ›Allow for scalability; ›The service will issue x.509 cert to persons ›No hosts Slide 10

11 Grid CAs Managements ›Grid uses x.509 certs as authN credential; ›Three types of certs are possible: ›Classic ›Short Lived Credential Service (SLCS) ›Member Integrated Credential Service (MICS) ›Grid CAs have to accredited by the IGTF: ›EuGriPMA (Europe) ›TAGPMA (Americas) ›APGridPMA (Asia-Pacific) Slide 11

12 What are SLCS/MICS certs? ›Vetting process and cert lifetime different: › Classic: ›Face to Face verification of end-entities needed › Manual process @ RA level ›Cert validity: 13 months, but renewal of certs possible without new face-to-face validation. ›SLCS/MICS: ›Vetting process relays on existing AAI framework; ›User authenticates to the CA using an existing electronic identity ›This identity is mapped into a Grid cert ›SLCS certs are 10 days valid; ›MICS certs are 13 months valid; Slide 12

13 Benefit of EU SLCS/MICS Service ›How many SLCS-CAs does Europe need ;) ›Share operational cost and effort (!) ›Continued operational PKI skills only needed at one place; ›For countries with limited resources very attractive; Slide 13

14 More about the service ›Use specific federation attribute to decide on SLCS or MICS eligibility ›According to the rules defined by the EuGridPMA SLCS/MICS profiles Slide 14

15 Who is involved? ›UNINETT ›Jan Meijer, project management: Project Description, CPS ›Henrik Austad: Confusa development ›SURFnet ›Teun Nijssen, Tilburg University ›CA + SLCS/MICS server ops, CPS, euGridPMA accreditation maintenance ›Sunet ›Leif Johanssen: Federation issues ›TERENA ›Licia Florio: Contractual party ›Denmark, Finland, the Netherlands, Norway and Sweden: ›Until Dec 2009 › From Jan 2010 other countries/NRENs may join Slide 15

16 Status ›Project description almost ready: ›Financial model not fully defined yet; ›Work on the CPS: ›Presentation at the next EuGridPMA in May ›Start operations in June: ›Quite optimistic ;-) Slide 16

17 TACAR Slide 17

18 New Developments ›TACAR will be also used to host GN3 root Cas: ›So far only a couple; ›But more is expected in the future; ›TACAR still being used as IGTF official repository; ›Working with Massimiliano Pala: ›To use TACAR for the PKI Resources Query Protocol (PRQP): ›to provide standardised way to query PKI repositories to gather info on CAs; ›New UI: ›Different way to update info; ›Different policy; Slide 18

Download ppt "Community PKIs Initiatives Updates TF-EMC2 Meeting Loughborough, UK 6-7 May, 2009 Licia Florio, TERENA"

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
TNC 2006, Catania TERENA Server Certificate Service SCS Towards the large-scale use of affordable popup-free server certificates for the European NRENs.

TNC 2006, Catania TERENA Server Certificate Service SCS Towards the large-scale use of affordable popup-free server certificates for the European NRENs.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
A Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’09 21-25 Sept 2009 Barcelona.

A Grid certificate in 5 minutes large scale federated automated issuing of grid certificates Jan MeijerEGEE’ Sept 2009 Barcelona.
CAs, RAs & PMAs CAs, RAs & PMAs Roberto Cecchini INFN CA Manager EUIndiaGrid kick-off Trieste, 19/10/06.

CAs, RAs & PMAs CAs, RAs & PMAs Roberto Cecchini INFN CA Manager EUIndiaGrid kick-off Trieste, 19/10/06.
4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp://www.apgridpma.org/meetings/index.html Call for note takers!

4 th APGrid PMA F2F Meeting Academia Sinica, Taipei, Taiwan April 8, 2008 Agendahttp:// Call for note takers!
TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.

TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
EU NREN PKI Jan MeijerAARnet PKI / Access Federations Strategy Workshop 10 February 2010 Sydney.

EU NREN PKI Jan MeijerAARnet PKI / Access Federations Strategy Workshop 10 February 2010 Sydney.
Webinar “Operating the TCS shared portals” for NREN admins TCS shared portal project a/TCS_Portal_project Jan Meijer.

Webinar “Operating the TCS shared portals” for NREN admins TCS shared portal project a/TCS_Portal_project Jan Meijer.
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.
TERENA Certificate Service (TCS) 9 June 2011. Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up.

TERENA Certificate Service (TCS) 9 June Slide 2 › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up.
Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio

Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio
John Dyer Business & Technology Strategist TERENA 10 February 2014 TF-MSP Meeting ACOnet, Vienna Aggregation of Demand Collaborative.

John Dyer Business & Technology Strategist TERENA 10 February 2014 TF-MSP Meeting ACOnet, Vienna Aggregation of Demand Collaborative.

Similar presentations

Ads by Google