1 / 20

NAREGI-CA: Certification Service for Grid Middleware

Introduction of NAREGI-CA, a certification service for grid middleware, and its enhancement in UPKI. Discusses future plans and benefits for academia and industry.

amyclark
Download Presentation

NAREGI-CA: Certification Service for Grid Middleware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APAN Grid-Middleware Workshop, Singapore Introduction of NAREGI-CA July 19, 2006 National Institute of Informatics JAPAN Toshiyuki Kataoka, kataoka@nii.ac.jp

  2. OUTLINE NAREGI & UPKI projects NAREGI Certification Service NAREGI-CA for Grid middleware Enhancement in UPKI Future Plan

  3. NAREGI & UPKI projects

  4. CyberScience Infrastructure for Advanced Science (by NII) To Innovate Academia and Industry Cyber Science Infrastructure Scientific Repository Virtual Organization For science Industry Liaison and Social Benefit NAREGI Middleware UPKI Global Contribution Human Resource Development and strong organization 北海道大学 Super-sinet: a next generation network infrastructure supported by NII and 7 National Computer Centers ★ ● ★ 東北大学 京都大学 ☆ ★ ★ ★ 東京大学 九州大学 ★ NII 名古屋大学 ★ 大阪大学 (東京工業大学、早稲田大学、高エネルギー加速器研究機構等) Publication of scientific results from academia

  5. NAREGI-CA Certification Service

  6. NAREGI Certification Service CA Software (NAREGI-CA) - CA/RA - UI (Character, Web) Operation (NAREGI CA) Policy Management (NAREGI-PMA) • Operation of CA • Authorized by the APGrid • PMA Production Level CA • - CP/CPS • Satisfy APGrid • minimum requirement

  7. NAREGI-CA for Grid middleware

  8. Distribution & User Sites • Free Software under the NAREGI intellectual property management rules (Apache ver2.0) • Current version • Ver2.0 released in May.10.2006 included in NAREGI Grid Middleware Beta • Distribution records • 129 downloads ( 31 of Ver2.0) • Research collaboration • Audit of CA :AIST, Japan • PMA for international cooperation : APGRID • User Sites • NAREGI, AIST, Several Universities

  9. NAREGI-CA Software Features • License ID management • Transfer authentication responsibility to Local RA • Grid operation extensions • Assistance of Grid-mapfile creation • Dual interfaces for certificate request • Web & command line enrollment • CA/RA architecture • Independent Registration Authority (RA) Server • Practical CP/CPS Template

  10. NAREGI-CA Architecture Local RA(Site Administrator) ⑤Send CSR ①Get License ID RA (Registration Authority) CA(CertificateAuthority) ⑥Issue Certificate ④Pass License ID& Public Key ②Authorize to pass License ID ⑦Get Certificate ⑧Get Grid Map file ③Generate a Key Pair End User &Host Administrator Site Administrator

  11. Enhancement in UPKI

  12. UPKI Three Layer Architecture

  13. Objective Each university will start to install NAREGI-CA and operate CA to be a grid site. Those grid sites will be operated in the PKI layer of UPKI three layer architecture. Reduced burden of CA operation is necessary for actual operation in universities. Efficient operation by interconnecting PKI layers is needed.

  14. Enhancement in UPKI Enhancement for actual operation of CA/RA at universities; To split and delegate RA. To provide staffs/students means to apply by themselves. To issue grid certificate by identification of campus certificate.

  15. Enhancement in UPKI To split and delegate RA. Created RA/LRA operator authorities split from RA administrator authorities. Secure delegation by using IC card. Delegation to hierarchized institutions in universities for actual operation. To provide staffs/students means to apply by themselves. Easy application of registration, issuance, and revocation from the web. Secure application by using challenge PIN. Reduced burden of RA operation.

  16. IC Card Enhanced Procedure To Issue Certificate CA RA Apply License ID License ID Identify License ID Local RA CA Administrator User RA Administrator License ID Issue Certificate CA RA Application Server (web) RA Administrator Challenge PIN Apply CA Administrator Delegate Identify User Approve RA Operator Management Server (web) Challenge PIN Issue Certificate

  17. Enhancement in UPKI To issue grid certificate by identification of campus certificate. Cooperation of Grid CA and Campus CA. Reduced burden of RA operation. Any certificate can be issued for other AP.

  18. Campus-Grid PKI Federation CampusCA User IC Card Super Computer Super Computer Super Computer Campus PKI Grid PKI NAREGI CA Issue Certificate Issue Certificate LDAP NAREGI RA Request Certificate (Use IC Card as credential) Grid System Access Certificate for Grid System

  19. Future Plan

  20. 5. Future Plan Release schedule Enhanced features will be released in Autumn this year. Usability improvement Create and distribute Start-Up Package for Campus CA/RA including CP/CPS templates for certain application, such as wireless LAN authentication and authorization.

More Related