170 likes | 177 Views
The 10th EUGridPMA meeting, graciously hosted by ULAKBIM Istanbul, will focus on grid CA coordination and security contacts for "Certificates for Testbed0". Topics include authentication vs authorization, CA hierarchy, certificate scope, revoking certificates, and more.
E N D
10th EUGridPMA Meetinggraciously hosted by ULAKBIMIstanbul, TR
Welcome at theBogazici University, Faculty of Engineering Welcome from the Organisers
A historic moment • 20th grid CA coordination meeting in Europe From: Kelsey, DP (David)Sent: Monday, November 20, 2000 8:10 PM To: Francois Etienne (E-mail); 'Kors Bos' Subject: CA/Security contacts (DataGrid) Dear Francois, Kors, I have had no nominations for security contacts for the meeting on "Certificates for Testbed0" for CNRS or NIKHEF yet. Please let me know who I should invite. Regards, Dave ------------------------------------------------ Dr David Kelsey Computing & Resource Management Particle Physics Department Rutherford Appleton Laboratory Chilton, DIDCOT, OX11 0QX, UK e-mail: XXXXXXXXXX@XXXTel: [+44](0)1235 XXXXXX (direct) Fax: [+44](0)1235 XXXXXX ------------------------------------------------
Still the same issues, but we have learnt much! 0. Aims of meeting. Agreement of agenda. Notes/minutes? 1. Roundtable status report. 2. Authentication vs Authorisation I see this to be a major architectural decision. … What should the certificate verify? Just the identity … or also something about membership of particular experiements? 3. How many CA's should be used in the DataGrid testbed? 4. Does a hierarchy add value? Should/can we sign national certificates by a single HEP-root CA? 5. What is the scope of the certificates? 6. Revoking certificates. 7. Naming. What constraints are there on the name fields? 8. What can we learn from other GRID projects or other PKI initiatives? - input to Terena PKI meeting (6th December)? 9. Procedures for running CA's and issuing certificates. We need to convince each other that our certificates can be "trusted". 10. Other issues Period of Validity (CA's, Servers, Users) Key lengths User education Instructions for system managers 11. Who is doing authorisation if we don't? WP2? 12. Storage of certificates? LDAP? agenda 1st EDG CACG meeting, December 2000
Teleconferencing capabilities • VRVS room “Plane”, access code “PMA2007” • H323 via the ESnet gateway (dial “88IGTF”) Istanbul is at GMT+3!! • Aid remote participants – upload your presentations • http://www.eugridpma.org/agenda/fullAgenda.php?ida=a063 • Password: *******
Agenda Overview MONDAY TUESDAY WEDNESDAY 0900 Introduction Agenda transport transport hardware tokens • Contentious Issues: • levels of assurance Chair Election AEGIS robot cert progress ROSA Morocco 1SCPs Grid Cert Profile Signing Party/TACAR RP Requirementharmonization OCSP Update 1400 Update APGridPMA CA Update: Future directions Reserved Update: GridIreland Profiles Overview MICS Profile NTUU/KPI 1600 Meeting Planning Auditing Guidelines Change Management NIST PKI ConferenceHighlights & reflections transport 1730 19.30 Golden Age 1!
Tonight • Meet at 19.30 hrs at the Golden Age 1 hotel lobby For dinner • "Degüstasyon" at Istiklal-Taksim (close to the hotel) where there will be traditional Turkish food, drink and music! • Note that google maps is updated also indicating the restaurant at local pages.
Minutes from the Last Meeting Thanks to Mike Helm, Emir Imamagic • Comments and modifications? • New volunteers for this time? • Agenda bashing …
EUGridPMA members and applicants Green: EMEA countries with an Accredited Authority • 24 of 27 EU member states (all except LU, MT, RO) • + AM, CH, HR, IL, IS, NO, PK, RU, TR Other Accredited Authorities: • DoEGrids (.us), GridCanada (.ca), CERN, SEE catch-all Will be updated in this meeting?
Foundation of the IGTFallows migration of CAs to Regional PMA The story so far …
Membership by type • Under “Classic X.509 secured infrastructure” authorities • accredited: 39 (recent additions: BG.ACAD) • active applicants: 5 (Serbia, Romania, Morocco, Ukraine, Macedonia) • Under “SLCS” • accredited: 1 (SWITCH-aai) • active applicants: 0 • Under MICS draft • none yet of course • Major relying parties • EGEE, DEISA, SEE-GRID, LCG, TERENA
TAGPMA Status and Updates New Chair: Vinod Rebello, UFF, Brazil New Vice-Chair: Jim Marsteller, PSC, USA New Secretary: Marg Murray, TACC, TX, USA information from Darcy Quesnel and Alan Sill
TAGPMA Status and Updates • Currently Operating CAs • DoEGrids • GridCanada • BRGrid (Brazil) • Recently passed (now completing operational review) • EELA Catch-All • TACC Root and Classic (TX, USA) • REUNA (Chile) • Venezuela • Mexico information from Darcy Quesnel