1 / 18

Managing Global Computational Grid Trust Relationships

Learn about the Internet2 Member Meeting and the PKI Implementers Workshop in Dec 2006, focusing on IGTF's purpose, goals, membership, architecture, and the accreditation of identity assertions and authorities.

litchfield
Download Presentation

Managing Global Computational Grid Trust Relationships

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Grids & PKI: TAGPMA & Bridges(Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL

  2. International Grid Trust Federation • IGTF Purpose: • Manage authentication services for global computational grids via policy and procedures • IGTF goal: • harmonize and synchronize member PMAs policies to establish and maintain global trust relationships • IGTF members: • 3 regional Policy Management Authorities • EUgridPMA • APgridPMA • TAGPMA

  3. IGTF

  4. IGTF general Architecture • The member PMAs are responsible for accrediting authorities that issue identity assertions. • The IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class of identity assertions and assertion providers. • The management and continued evolution of an AP is assigned by the IGTF to a specific member PMA. • Proposed changes to an AP will be circulated by the chair of the PMA managing the AP to all chairs of the IGTF member PMAs. • Each of the PMAs will accredit credential-issuing authorities and document the accreditation policy and procedures. • Any changes to the policy and practices of a credential-issuing authority after accreditation will void the accreditation unless the changes have been approved by the accrediting PMA prior to their taking effect.

  5. EUGridPMA members and applicants Green: EMEA countries with an Accredited Authority • 23 of 25 EU member states (all except LU, MT) • + AM, CH, HR, IL, IS, NO, PK, RU, TR Other Accredited Authorities: • DoEGrids (.us), GridCanada (.ca), CERN, SEE catch-all

  6. EUgridPMA Membership • Under “Classic X.509 secured infrastructure” authorities • accredited: 38 (recent additions: CERN-IT/IS, SRCE) • active applicants: 4 (Serbia, Bulgaria, Romania, Morocco) • Under “SLCS” • accredited: 0 • active applicants: 1 (SWITCH-aai) • Under MICS draft • none yet of course, but actually CERN-IS would be a good match for MICS as well • Major relying parties • EGEE, DEISA, SEE-GRID, LCG, TERENA

  7. Map of the APGrid PMA • General Membership • U. Hong Kong (China) • U. Hyderabad (India) • Osaka U. (Japan) • USM (Malaysia) • Ex-officio Membership • APAC (Australia) • CNIC/SDG, IHEP (China) • AIST, KEK, NAREGI (Japan) • KISTI (Korea) • NGO (Singapore) • ASGCC, NCHC (Taiwan) • NECTEC, ThaiGrid (Thailand) • PRAGMA/UCSD (USA)

  8. 9 Accredited CAs In operation AIST (Japan) APAC (Australia) ASGCC (Taiwan) CNIC (China) IHEP (China) KEK (Japan) NAREGI (Japan) Will be in operation NCHC (Taiwan) NECTEC (Thailand) 1 CA under review NGO (Singapore) Will be re-accredited KISTI (Korea) Planning PRAGMA (USA) ThaiGrid (Thailand) General membership Osaka U. (Japan) U. Hong Kong (China) U. Hyderabad (India) USM (Malaysia) APgridPMA Membership

  9. TAGPMA

  10. Accredited Argentina UNLP Brazilian Grid CA CANARIE (Canada)* DOEGrids* EELA LA Catch all Grid CA ESnet/DOE Office Science* REUNA Chilean CA TACC – Root In Review FNAL Mexico UNAM NCSA – Classic/SLCS Purdue University TACC – Classic/SLCS Venezuela Virginia USHER Relying Parties Dartmouth/HEBCA EELA OSG SDSC SLAC TeraGrid TheGrid LCG *Accredited by EUgridPMA TAGPMA Membership

  11. Recent Mapping Exercises • Federal Bridge CA (FBCA) General Profile against IGTF Classic Profile • Federal Citizen & Commerce Certificate CA (C-4) against IGTF Classic Profile • IGTF Classic Profile against C-4

  12. Mapping Designations • Seven (7) designations used to characterize the equivalency • Exceeds - The ENTITY CP policy provides a higher level of assurance/security than the Federal CP requirement • Equivalent - The ENTITY CP policy provides exactly the same assurance/security as the Federal CP requirement. • Comparable - The ENTITY CP contains dissimilar policy contents, but provides a comparable level of assurance to meet the security to the Federal CP requirement. • Partial - The ENTITY CP contains policy that is comparable, but it does not address the entire Federal CP requirement. • Not Comparable - The ENTITY CP contains dissimilar policy contents, which provides a lower level of assurance/security than the Federal CP requirement. • Missing - The ENTITY CP does not contain policy contents that can be compared to the Federal CP requirement in any way. • N/A – Not Applicable to ENTITY CP or required for FBCA cross certification.

  13. Mapping Results • C-4 against IGTF Classic Profile • 30 policy points evaluated • 14 Comparable designations • 12 Partial designations • 3 Not Comparable designations • 1 Not Applicable designation

  14. Mapping Results • FBCA General against IGTF Classic Profile • Basic LOA used for Comparisons • 136 policy points evaluated • 22 Comparable designations • 33 Partial designations • 12 Not Comparable designations • 65 Missing designations • 3 Not Applicable designations

  15. Mapping Results • IGTF Classic Profile against C-4 • 30 policy points evaluated • 19 Comparable designations • 1 Partial designation • 10 Exceeds designations

  16. Proposed Inter-federations CA-2 CA-1 CA-2 CA-3 HE BR CA-1 AusCert CAUDIT PKI CA-n NIH HE JP FBCA Cross-cert Cross-certs C-4 DST ACES Texas Dartmouth HEBCA Cross-certs IGTF Wisconsin UVA Univ-N USHER CertiPath SAFE CA-4 Other Bridges CA-1 CA-2 CA-3

  17. FPKI High HEBCA/USHER Medium Hardware CBP High Medium Software CBP Medium Basic Basic Rudimentary Rudimentary IGTF C-4 Classic Ca SAML Foundation MICS SLCS Username/Password Username/Password

  18. For More Information • IGTF Website: http://www.gridpma.org/ • TAGPMA Website: http://www.tagpma.org/ Scott Rea - Scott.Rea@dartmouth.edu

More Related