1 / 13

Middleware activities in French Higher Education

Learn about Middleware activities including Authentication & Authorization, Directories, Sympa, PKI in French Higher Education. Details on AAI, Directories, Sympa middleware, PKI, certificates, and insights on user and server certificates usage.

bjennifer
Download Presentation

Middleware activities in French Higher Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Middleware activities inFrench Higher Education F. Guilleux, O. Salaün - CRU

  2. Institutional view Ministry in charge of Research and HE CNRS INRIA Universities (83) Engineer schools (80) Research institutions CEA … F. Guilleux, O. Salaün - CRU

  3. What is the CRU • CRU stands for « Comité Réseau des Universités » (network committee for French universities) • We do NOT operate a national academic network (=> Renater) • The CRU is responsible for coordinating actions among universities and between universities and the ministry F. Guilleux, O. Salaün - CRU

  4. Middleware activities • Authentication & Authorization Infrastructure • Directories • Sympa • PKI F. Guilleux, O. Salaün - CRU

  5. AAI • French ministry urges universities to set up digital working environments (Virtual campuses): • National working group dealing with A&A has published “recommendations” in 2003 • Most universities chose Uportal and CAS mainly for its proxy capabilities • The CRU will shortly start an AAI based on Shibboleth F. Guilleux, O. Salaün - CRU

  6. Directories • Higher Education working group defining a common LDAP schema and naming • Inheritance from EduPerson • No course data definition yet • Connectors to allow the provisioning are being developed F. Guilleux, O. Salaün - CRU

  7. Sympa middleware connections LDAP SQL Lists LDAP SQL Lists XML List owners List members List definition Sympa services AuthN LDAP X509 CAS Shibb AuthZ SOAP RSS LDAP Shibboleth F. Guilleux, O. Salaün - CRU

  8. PKI / general overview • Started in 2000 • Technically and administratively operated by the CRU • Delivers X.509 certificates for: • People (web authentication and electronic signature in a few cases) • Servers (HTTPS, IMAPS, LDAPS…) F. Guilleux, O. Salaün - CRU

  9. Hierarchy Root CA user CA enhanced user CA server CA Private key stored on PKCS#11 device F. Guilleux, O. Salaün - CRU

  10. PKI / Logical structure server certificate CA National RA CRU • user certificate for : • security officers • local software providers • RA operators Local RA Local RA Local RA volunteer universities user certificate for any employee user certificate for any employee user certificate for any employee F. Guilleux, O. Salaün - CRU

  11. PKI / Figures • 500 valid user certificates for: • Security officers • Local software providers • RA operators • Currently only 30 valid user certificates delivered by 10 local RAs (since this summer) • 500 valid server certificates for 90 different universities F. Guilleux, O. Salaün - CRU

  12. PKI / what we have learnt… • User and server certificates use the same technology but constraints are actually different • Server certificates: • More and more used by French universities • Main problem: the “popup problem” • Easy to deliver: • Requested by official security officers • Server identity checked against a HiEd list of hostname administred by universities F. Guilleux, O. Salaün - CRU

  13. PKI / what we have learnt… • User certificates: • Costly registration and revocation processes • Lot of support because of: • Poor and various certificate implementations in web browsers • Average users don’t understand PKI concepts (CAs, CRL, cert vs private key, …) • Need of PKCS#11 devices for mobility secure storage of private keys • Too much legal constraints to allow a safe use of electronic signature F. Guilleux, O. Salaün - CRU

More Related