1 / 15

UK e-Science Certification Authority

UK e-Science Certification Authority. Jens G Jensen j.jensen@rl.ac.uk. So what is it?. UK e-Science Certification Authority. Yes, but what is it?. A certificate identifies you to a remote computer - the certificate says you are who you claim to be.

meghan
Download Presentation

UK e-Science Certification Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UK e-Science Certification Authority Jens G Jensen j.jensen@rl.ac.uk

  2. So what is it? • UK • e-Science • Certification • Authority

  3. Yes, but what is it? • A certificate identifies you to a remote computer - the certificate says you are who you claim to be. • A certificate does not contain personal information (other than your name). • A certificate does not contain authorisation information

  4. So, how does it work? 1. Scientist wishes to access a resource, so he sends a copy of the certificate to the resource 2. Resource says: prove it’s your certificate Challenge Response 3. Scientist proves that he has the corresponding private key 4. Resource is convinced that scientist is who he claims to be and decides to give him access Private Key

  5. So what’s a certificate, really? • A certificate is user’s name and public key, signed by a certification authority. • A certificate is useless without a valid signature. • A certificate is useless without the corresponding private key. • The user is responsible for keeping the private key safe.

  6. Yes? So how do I get one? Apply for a certificate (online): • Name • Email address • RA The RA is the Registration Authority. The RA will verify to the CA (Certification Authority) that you are who you say you are. The RA is a local person.

  7. Then what happens? • Your browser generates a public/private key pair (RSA) • The public key is put in the request and sent off to the CA • The private key never leaves the browser The certificate request contains the things that will be in your certificate, namely your name and your public key.

  8. And? Go to the RA with • Photo ID The RA guarantees that the certificate request was created by you.

  9. This is exciting! What next? • The RA approves your request. • The CA issues a certificate to you. • You can download the certificate but it will also be sent by email.

  10. What else should I know? The namespace. Certificates are issued with names of the following form: /C=UK/O=eScience/OU=GridPP/L=Manchester/CN=Joe Bloggs /C=UK/O=eScience /OU=GridPP/L=Manchester /CN=Joe Bloggs That’s us! This identifies the RA, not your organisation, not your location That’s your name

  11. Tell me more about names! • The OU and the L are the organisation and location of the RA. That means everybody knows who approved your certificate request! • The OU is a name that identifies the eScience project. • Your request can be approved by an RA in a different project!

  12. So what’s new? • Web interface - easier to use • RAs are local • better qualified to verifying users • workload distributed - not everything depends on CA

  13. External collaborators • EU DataGrid - http://www.eu-datagrid.org/http://marianne.in2p3.fr/datagrid/ca/ • JISC (Joint Information Systems Committee) http://www.jisc.ac.uk • Other Grids, e.g., CrossGrid - http://www.crossgrid.org/

  14. So who’s working on this? Other people involved with the CA: • David Boyd • Ruth Dixon del Tufo • Tim Pett • Andrew Sansum • Matt Thorpe • Richard Wong

  15. URL User and RA procedures http://www.grid-support.ac.uk/ca/interim_procedure.html

More Related