1 / 21

Introduction to UPKI project in JAPAN

Introduction to UPKI project in JAPAN. Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University. Statistics of Higher Education Institutions in Japan. by Ministry of Education and Science, 2005FY. Information Infrastructure Centers in the Seven Universities in JAPAN.

cargan
Download Presentation

Introduction to UPKI project in JAPAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to UPKI projectin JAPAN Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University TF-EMC2 Meeting Prague

  2. Statistics of Higher Education Institutions in Japan TF-EMC2 Meeting Prague by Ministry of Education and Science, 2005FY

  3. Information Infrastructure Centers in the Seven Universities in JAPAN Sapporo Hokkaido University Information Initiative Center Kyoto University Academic Center for Computing and Media Studies Sendai Tohoku University Information Synergy Center Kyushu University Computing and Communications Center Kyoto Tokyo Nagoya University of Tokyo Information Technology Center Osaka Fukuoka National Institute of Informatics (NII) Nagoya University Information Technology Center Osaka University Cybermedia Center TF-EMC2 Meeting Prague

  4. 1965~70 7 centers stablished as supercomputercenters for nation-wide service 1981 Connected by commercial X.25 service 1986 NACSIS (predecessor of NII) established N-1 Network project Dedicated interuniversity X.25 network service Federated Identity Management (~2004) Unified ID Online subscription to secondary centers 1988 JAIN (Japan Academic Inter-university Network) project started 1992 SINET, the academic Internet backbone service was started by NACSIS 1998-2003 Reorganized as Information Infrastructure centers Merger of education centers for computer literacy 2000 NII (National Institute of Informatics) establised 2002 Operation of SuperSINET was started 2003 NAREGI (National Research Grid Initiative) project started Grid Computing Research Group 2005 AuthN/AuthZ Reseach Group UPKIproject planned 2006 UPKI project has officially launched Brief history of federation among the Centers TF-EMC2 Meeting Prague

  5. NII: Toward Cyber-Science Infrastructure Next-generation Academic Information Infrastructure for Interuniversity Collaboration Cyber-Science Infrastructure GeNii (Global Environment for Networked Intellectual Information) NII-REO (Repository of Electronic Journals and Online Publications NAREGI (National Research Grid Initiative) International Collaboration Corporation with Industry UPKI: Authentication and Authorization Platform 北海道大学 SINET/SuperSINET National Academic Internet Backbone ★ ● ★ 東北大学 京都大学 ☆ ★ ★ ★ 東京大学 九州大学 ★ NII 名古屋大学 ★ 大阪大学 Fundamental Resources for Academic and Research Activities Education and Training / Encouraging Young Talent TF-EMC2 Meeting Prague

  6. UPKI B大の教授 B大職員 A 大アクセスポイント C 大電子コンテンツ Wireles LAN roaming C 大事務システム B 大アクセスポイント UPKI common specification Campus AAI Campus AAI Campus AAI C 大学 A 大学 B 大学 UPKI ― Inter-University Authentication and Authorization Platform forCSI • Conducted by NII and the information infrastructure centers in 7 universities • Supported by Ministry of Education, Science and Technology TF-EMC2 Meeting Prague

  7. UPKI ― Inter-University Authentication and Authorization Platform forCSI • Motivation (for NII) • As a “glue” between SINET high-speed backbone and supercomputing grid (by NAREGI) or contents services by NII (for universities) • Promoting installation of campus AuthNZ infrastructure • Eliminating various costs by solidarity • Federated identity management is unavoidable even in a (big) university • Many political and cultural issues exist TF-EMC2 Meeting Prague

  8. UPKI: project member NII SINET Headquarter Authentication and Authorization Working Group • Yasuo Okabe, Kyoto University (chair) • Noboru Sonehara, NII (vice chair) • Yoshiaki Takai, Hokkaido University • Hideaki Sone, Tohoku University • Hiroyuki Sato, University of Tokyo • Yasushi Hirano, Nagoya University • Ken-ichi Baba, Osaka University • Takahiro Suzuki, Kyushu University • Katsuyoshi Iida, Tokyo Institute of Technology • Fukuko Yuasa, KEK(Institute of High Energy Physics) TF-EMC2 Meeting Prague

  9. UPKI: concept • Targets various applications • SSO of Web services • E-mail Digital Signature/Encryption by S/MIME • Network Services • wireless LAN roaming and VPN • Grid computing • Utilization of PKI • “U” stands University/Universal/Ubiquitous • Deployment of Grid/PKI middleware for national academic AA infrastructure TF-EMC2 Meeting Prague

  10. UPKI three layer Architecture Sibboleth/SAML TF-EMC2 Meeting Prague

  11. Subprojects by NII • UPKI common CP/CPS【WP1】 • Public server certificate【WP2】 • Inter-University W-LAN roaming【WP3】 • SSO for Digital Library Service by NII and other universities via Shibboleth/SAML【WP4】 • Development of CA middleware【WP5】 • Deployment of S/MIME e-mail signature/encryption architecture【WP6】 TF-EMC2 Meeting Prague

  12. 【WP1】UPKI CommonSpecifications • UPKI Common Specifications • Campus PKI procurement guidelines • Campus PKI CP/CPS templates • Campus PKI model • Two outsource models and one insource model • Developed and Published for outsource model • https://upki-portal.nii.ac.jp/upkispecific/specific Only available in JAPANESE! • To promote Campus • PKI deployment • To reduce cost • To keep multi-university • cooperativity 2006 2007 2008 2009 - Campus PKI Spec. Outsource model Insource model Multi-university cooperative model • Deployment of • campus PKI at • each universities • Connecting • universities • Federation of • applications Campus CP/CPS templates Outsource model Insource model Multi-university cooperative model TF-EMC2 Meeting Prague

  13. Full outsource provider • Univ. IA RA Insource IA outsource provider • Univ • Univ RA IA IA RA Operation Models of CA CP/CPS TF-EMC2 Meeting Prague

  14. 【WP2】 Public server certificate project • Challenges • Optimization of RA operation for High-Ed • Customization of local operation in each institution • Automization of RA operation by using Campus PKI certs as a credential (in the future) • Expected outcomes • Best practice of local operation optimized for High-Ed • Tips for server certificate installation (for niche implementation) • Tips for local operations improvement in institutions • Demand of stimulation for S/MIME (using for Local Operators) TF-EMC2 Meeting Prague

  15. Schemes for Registration and Issuance SECOM Trust Systems Offline Online IA Root CA (SC-Root1) Cert chain Registration & Issuance NII Organization identity Domain ownership Local operator acceptance Open Domain CA RA operator Bulk request Bulk recipience High-Ed Institution Web Server Installation Subscriber Identity Subscriber Acceptance Server ownership CSR Certificate Local Operator Subscriber TF-EMC2 Meeting Prague

  16. IC Card 【WP4】 Shibboleth Architecture Request for resouces Access control SP User Resource Access Controler Actual access AuthN IdP AuthZ decision SSO Service Authn Authority Assertion Consumer Service Artifact Resolution Service Attribute Exchange Attribute Repository AAP Attribute Request Attribute Authority ARP TF-EMC2 Meeting Prague *WAYF (Where Are You From) Services are omitted 12

  17. Certificate Users Host Administrators CA Operator RA Administrator 【WP5】 NII GOC CA operation User site NAREGI CA Account Registration Request Account Registration ①Preparation Application for bulk license ID Issuance of bulk license ID ②License ID request License ID request Receive request, Inspection ③Issuance request ④Revoke request ⑤Reissuance request Receive request, Issuance/Revoke certificate Certificate request ⑥Retrieve data for creating map file Retrieve data for creating map file Make data for creating map file TF-EMC2 Meeting Prague

  18. CampusCA User IC Card Super Computer Super Computer Super Computer Campus-Grid PKI Federation Campus PKI Grid PKI NAREGI CA Issue Certificate Issue Certificate LDAP NAREGI RA Request Certificate (Use IC Card as credential) Grid System Access Certificate for Grid System TF-EMC2 Meeting Prague

  19. Common specification NII CSI Headquarter AAI TWG UPKI Initiative Opinions and comments Hokkaido U Tohoku U U. Tokyo Nagoya U join Kyoto U Osaka U Kyushu U Univ J. College KEK Tokyo Tech Tech. College NII Research Institute etc. UPKI Initiative • Founded in 16 Aug 2006 • Sponsored by NII AAI TWG • Mission • Gathering interests and opinions of not only universities but also industries • https://upki-portal.nii.ac.jp/ TF-EMC2 Meeting Prague

  20. Summary • UPKI national academic authentication and authorization infrastructure project has started. • Conducted by NII and the information infrastructure centers in the 7 universities • As a basic platform of Cyber Science Infrastructure • We have started later, so we have get some advantages • International federation/collaboration is a very important issue. TF-EMC2 Meeting Prague

  21. APAN Middleware Working Group APAN (Asia-Pacific Advanced Networking) • 20th APAN (Taipei, Aug. 2005) • National Authentication and Authorization Infrastructure and NREN (proposed session) • 21st APAN (Tokyo, Jan. 2006) • Middleware Workshop (full day) • Middleware Working Group is approved • 22nd APAN (Singapore, July 2006) • Grid Middleware Workshop • 23rd APAN (Manila, Jan. 2007) • Grid Middleware Workshop • 24th APAN (Xian, Aug. 2007) • Middleware Workshop • 25th APAN (Hawaii, Jan. 2008) • Middleware Workshop (proposed) TF-EMC2 Meeting Prague

More Related