170 likes | 268 Views
Template Profile. Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston. The Problem. CA policy. CA practice statement. CA PRACTICE. MINREQ. Best Practice. Check consistency. New Policies. Usually written by novice CA mgr Using bits from other CP/CPSes
E N D
Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston
The Problem CA policy CA practice statement CA PRACTICE MINREQ Best Practice Check consistency
New Policies • Usually written by novice CA mgr • Using bits from other CP/CPSes • Accentuate the positive • All the good bits get copied around • Eliminate the negative • All the bad bits get copied around
Problem • Policies become inconsistent • Don’t satisfy minimal requirements • Need many iterations with reviewer • Bad for CA manager • Bad for reviewer
Common Examples • RA checking CRL • 4.5.2 MUST at time of reliance • 4.9.6 MUST at time of reliance • 9.6.4: “according to their satisfaction” • Email both confidential and not • Flood protection at 1.2 metres on 1st floor
Is it a big problem? • We already cover half the world • But there is another half
Proposed Solution? • Working group on Template Profile • Jens, David G, Milan, Anders, Vinod, David O'C, Mike, Sergey, Hardi • Get the “best” bits from policies • Living document – but needs an editor • Reviewers best to write/contrib • Become an IGTF document
Status • …er, not really started yet • Amsterdam meeting Jan 2008
Piecing it together • Easier to set up new CP/CPS • Too easy? • Easier to get it right sooner • Often many, many, iterations are req’d • Greatly delays Accreditation
Operational Reviews • TAGPMA are leading in this area • Template for operational review • But a reviewer still needs to read the CP/CPS!! • Quicker if many bits known to be good • APGridPMA auditing for accreditation • Yoshio’s auditing procedure
Operational Reviews • Highlight: • Which bits are canonical • Which bits are based on guides • Which bits are changed since previous version
Piecing it together • Delaying Accreditation is bad • Reviewers are already overloaded • (Not necessarily with reviews but with real life jobs) • Time consuming for new CAs • Get new CAs in early (PMAs) • Not after the policy is written
Pieceing it together • Not aiming for machine parseable • Or should we? • (Chadwick, Coghlan/O’Callaghan) • TAGPMA guide to writing CP/CPS
What about existing CAs • Leave alone, for now • Some not satisfying minreqs • Minreqs change, too • Mythical six months to update
Back on track…? • Urgent changes - Aggressive option • Do it in six months or else • Medium urgency • Address with next CP/CPS change • At least before next PMA presentation • Lower urgency • Discuss at next presentation
Summary • Template profile • Approved text for sections where it makes sense • Approved guidelines (cf TAGPMA) for other sections • Open bits • Get new CAs in early