1 / 14

Updates of the APGrid PMA

Updates of the APGrid PMA. Yoshio Tanaka APGrid PMA, Chair Grid Technology Research Center, AIST, Japan. APGridPMA: Members. Geographical locations (except US and AU). APGrid CAs (accredited, 1/3). Australia APACGrid CA Accredited in Nov. 2005 Started the operation in Feb. 2006

melvyn
Download Presentation

Updates of the APGrid PMA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Updates of the APGrid PMA Yoshio Tanaka APGrid PMA, Chair Grid Technology Research Center, AIST, Japan

  2. APGridPMA: Members

  3. Geographical locations (except US and AU)

  4. APGrid CAs (accredited, 1/3) • Australia • APACGrid CA • Accredited in Nov. 2005 • Started the operation in Feb. 2006 • Audited in March 2006 • David Bannon, Graham Jenkins, Chris Kendrick • Issues certificates for LCG • China • IHEP CA • Accredited in May 2005 (already in operation) • Audited in December 2005 • profile of the root cert. has been changed • Gongxing Sun, Gang Chen, Fan HuaXiang • Issues certificates for LCG • CNIC / SDG CA • Accredited in Dec. 2005. • Not yet in operation • Going to launch a new CA • hierarchical CA • need to be accredited again • Kai Nan, Morrise Xu,

  5. APGrid CAs (accredited, 2/3) • Japan • AIST GRID CA • Accredited in Sep. 2004 • Started the operation in March 2005 • Audited in March 2005 • Yoshio Tanaka, + 5 staffs • NAREGI CA • Accredited in Nov. 2005 • Started the operation in Feb. 2006 • Not yet audited • Masataka Kanamori, + 4 staffs • KEK Grid CA • Accredited in Jan. 2006 • Started the operation in Feb. 2006 • Not yet audited • Takashi Sasaki, + 2~3 staffs • Issues certificates for LCG

  6. APGrid CAs (accredited, 3/3) • Korea • KISTI GRID CA • Accredited in Aug. 2004. (already in operation) • Not yet audited • Sangwan Kim, Jae-hyuck Kwak • Issues certificates for LCG • Taiwan • ASGCC CA • Operated by Academia Sinica Grid Computing Center • Accredited in Sep. 2004. (already in operation) • Audited in Aug. 2005 • Eric Yen, C.C. Chang, + 1~2 operators • Issues certificates for LCG • NCHC Grid CA • Operated by National Cener for High-performance Computing • Accredited in Feb. 2006 • Not yet in operation • Alex Wu, Weicheng Huang, + 1~2 operators

  7. APGrid CAs (under review, planned) • Singapore • NGO CA • will be operated by National Grid Office and Netrust Inc. • CP/CPS under review • will issue certificates for LCG • Thailand • NECTEC CA • will be operated by National Electronics and Computer Technology Center • drafting CP/CPS • Thai National Grid Center (will be accredited as a new member) • will be operated by Thai National Grid Center • drafting CP/CPS • USA • PRAGMA CA • will be operated by SDSC • planning to be a catch-all CA for PRAGMA members • drafting CP/CPS

  8. APGrid CAs (general membership) • China • Univ. of Hong Kong • India • Univ. of Hyderabad • Japan • Osaka Univ. • Malaysia • Univ. Sains Malaysia

  9. APGridPMA: Status & Activities • Accreditation of CAs • 9 accredited CAs • AIST, APAC, ASGCC, CNIC, IHEP, KEK, KISTI, NAREGI, NCHC • 7 CAs are in operation • CNIC/SDG will change the structure and will be re-accredited • Audit • AIST, APAC, ASGCC, IHEP have been audited by the other CAs. • Regular (monthly) VTC. • Brief status reports of each CA • In-depth report of a CA • Decisions • Examination for accreditation of a CA • Approval of charter, minimum CA requirements, etc. • Open discussions • (physical) face-to-face meeting (at least) once per year. • 1st face-to-face meeting was in Dec. 2005, Beijing. • 2nd meeting will be in Oct. 15, 2006, Osaka, Japan.

  10. Some Updates • Next chair • Yoshio Tanaka (continue) • CA Monitoring page using Nagios • http://www.apgridpma.org/nagios/ • Shows status of all IGTF-accredited CAs • Modified script (read configuration from .info file) • Next F2F meeting • October 15, Osaka, Japan (co-located with PRAGMA Workshop)

  11. Some Updates (cont’d) • Issues to be discussed • Accreditation of NGO/Netrust CA • Some information are confidential • Too short validity period of CRL • Netrust CA agreed with disclosing audit report to the APGrid PMA auditors • Accreditation of CNIC/SDG CA • hierarchical CA • IGTF CA distribution from the APGrid PMA • Will need to limit the number of CAs per region • Japanese universities will build UPKI • China has some national/international Grid project • Need to consider hierarchical structure of PMAs

  12. Proposed audit items • NAREGI PKI WG has subjectively selected criteria for auditing Grid CAs. • based on • AICPA/CICA WebTrustSM/TM Program for Certification Authority • minimum CA requirements of APGrid PMA and EUGrid PMA • Web Trust • WebTrust is a seal awarded to web sites that consistently adhere to certain business standards established by the Canadian Institute of Chartered Accountants (CICA.ca) and the American Institute of Certified Public Accountants (AICPA). • In the program, “Web Trust Principles and Criteria for Certification Authorities” lists criteria for CAs. • may too much for Grid CAs.

  13. Audit checklist • Simply pickup items from WebTrustSM/TM criteria based on minimum CA requirements. • The number of criteria:

  14. Rough procedures for auditing • Pre examination (few days) • Review all available documents • CP/CPS, User’s manual, Operational manual, CRL, CA Certificate, etc. • Prepare score sheet • Main examination (half day) • Interview to CA staffs • Detailed flow of identifying end entities and issuing certificates • How accesses to the CA private key is controlled • Inspection of equipments • CA server, CA room, backup media, archived logs, a safe box, etc. • Post examination (half day) • Draft and send an audit report • The audited CA is requested to send a report on plans for the improvements in 1 week

More Related