1 / 8

International Grid Trust Federation Session GGF 20 Manchester, UK

International Grid Trust Federation Session GGF 20 Manchester, UK. Wednesday, May 9 2007 CAOPS-WG session #2. IGTF Session Agenda @ OGF20. Updates from regional PMAs Problems in compliance with the new Authentication Profile Recognized the importance of self assessments/auditing

csilla
Download Presentation

International Grid Trust Federation Session GGF 20 Manchester, UK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. International Grid Trust Federation SessionGGF 20Manchester, UK Wednesday, May 9 2007 CAOPS-WG session #2

  2. IGTF Session Agenda @ OGF20 • Updates from regional PMAs • Problems in compliance with the new Authentication Profile • Recognized the importance of self assessments/auditing • Agreed to encourage member CAs to use Auditing Documents for self-auditing • Authentication Profiles • Member Integrated Credential Services AP • Will be reviewed EUGrid PMA F2F and APGrid PMA F2F • Portal-based Credential Services AP (Yoshio) • No progress • Hardware Tokens • Robot certificates (Jens) • Experiences on eTokens in Netherland (David)

  3. Updates of the APGrid PMA Yoshio Tanaka TAGPMA F2F @ Banff

  4. Members (13 + 4) • 3 CAs under review • NGO (Singapore) • KISTI (Korea) • PRAGMA (USA) • Planning • ThaiGrid (Thailand) • General membership • Osaka U. (Japan) • U. Hong Kong (China) • U. Hyderabad (India) • USM (Malaysia) • 9 Accredited CAs • In operation • AIST (Japan) • APAC (Australia) • ASGCC (Taiwan) • CNIC (China) • IHEP (China) • KEK (Japan) • NAREGI (Japan) • NECTEC (Thailand) • Will be in operation • NCHC (Taiwan) No new accredited CAs, but KISTI and PRAGMA have entered the review process

  5. Audit • AIST (Yoshio) audited KEK Grid CA • Date: April 13th • Used the new auditing document • Found five major problems (must be revised), but they are not serious (easy to solve). • KEK audited NAREGI CA • Date: July 2nd • First external auditor except me  • Used the new auditing document • Now, drafting report of the audit.

  6. F2F Meeting @ Singapore • Date: June 4th (Mon) • Venue: Biopolis, Singapore • Co-located event: Grid Asia 2007 • Participants: • AIST, APAC, ASGC, KEK, KISTI, NAREGI, NECTED, NGO, PRAGMA • Absent: • CNIC, IHEP, NCHC, Thai • Agenda and results of the discussion: • Updates from CAs • All accredited CAs reported the progress to comply with the new Classic AP • Discussed on how to guarantee the name uniqueness entire lifetime of the CA. • How should this requirement be for host/service certificates? • Decided to continue discussions…

  7. F2F Meeting @ Singapore (Cont’d) • Agenda and results of the discussion (cont’d): • Live review of KISTI GRID CP/CPS • Had a live review of KISTI GRID CP/CPS using the auditing document. • Pointed out some issues need to be solved. • Continue the review via email. • Discussions on auditing • We agreed to audit each other. • Yoshio shouldn’t be the only one auditor  • Review of MICS profile • Agreed to approve the MICS profile ver. • One comment: • The MICS profile describes that keyUsage of the MICS CA certificate “must” be marked as critical, but it should be dropped to “should” as in the Classic AP. • Discussions on profile of Portal-based CS • Yoshio presented some idea (as did in EUGrid PMA F2F).

  8. Recent problems on ASGC CA • Since ASGC CA’s current root certificate will be expired next year, ASGC CA decided to create a new root CA certificate. • problems: • Failed in downloading CRL. • Incorrect link to the new crl_url. • Trailing space in the issuer’s Subject DN. • Action • ASGC CA has decided to re-key the new ASGC root CA certificate. • Temporary Withdraw ASGC-2007 in the latest IGTF CA distribution.

More Related