1 / 11

TERENA Certificate Service (TCS) 9 June 2011

TERENA Certificate Service (TCS) 9 June 2011. Background. Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘ pop-up ’ problem). Purchasing certificates directly from commercial CAs is expensive in bulk. Certificate Types.

morwen
Download Presentation

TERENA Certificate Service (TCS) 9 June 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TERENA Certificate Service (TCS)9 June 2011

  2. Background • Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘pop-up’ problem). • Purchasing certificates directly from commercial CAs is expensive in bulk.

  3. Certificate Types • Five types of certificate available: • Server Certificate - for authenticating servers and establishing secure sessions with end clients. • e-Science Server Certificate - for authenticating Grid hosts and services. These are IGTF compliant. • Personal Certificate - for identifying individual users and securing e-mail communications. • e-Science Personal Certificate - for identifying individual users accessing Grid services. These are IGTF compliant. • Code-signing Certificates - for authenticating software distributed over the Internet. • Comodo is also offering free EV certificates for a limited period.

  4. Participants

  5. Delegated Responsibilities & Scaling

  6. Built using contracts • scales well to large numbers of organisations and users • assurance requirements on subscribers ensure quality ID • bound through legal contracts

  7. TCS Portal • Several NRENs decided to pool resources and operate common portal for personal certificates. • Hosted on resilient servers at Tilburg University under contract to TERENA. • Utilises Confusa software. • Each NREN community needs to operate at least one IdP, but multiple IdPs are supported. • Participants: • ACOnet (AT), BELNET (BE), FUNET (FI), GARR (IT), RENATER (FR), SUNET (SE), SURFnet (NL), UNI-C (DK), UNINETT (NO)

  8. Authenticating users via Subscriber and Federation NREN or Federation Operator User’s home organisation National research-education federations provide the basis for authenticating users and obtaining key attributeslike a persistent unique identifierand including assurance level via service entitlements

  9. Statistics(1 Jul 2009 - 31 Dec 2010) • Server Certificates • Since 1 Jul 2009 - 45,710 (most JANET(UK) with 9,321 ) • eScience Server Certificates • Since 1 Oct 2010 - 42 (most PSNC with 16) • Personal Certificates • Since 5 Feb 2010 - 1,169 (most 499 with CESNET) • eScience Personal Certificates • Since 5 Feb 2010 - 547 (most 332 with UNINETT) • Code-Signing Certificates • Since 1 June 2010 - 52 (most 13 with PSNC)

  10. TCS eScience - global recognition Meets the IGTF requirements for long-term integrated credential services and thereby has global recognition by all major e-Infrastructures

  11. Reach of the TCS Personal service The TCS portals – trustworthy credentials in 3 clicks and 2 minutes dark-blue: eScience Personal deployed

More Related