60 likes | 201 Views
The EU Grid PMA David Kelsey CCLRC/RAL d.p.kelsey@rl.ac.uk 16 April 2004, Dublin. The EU Grid PMA. “Policy Management Authority” Continues from the EDG CACG www.eugridpma.org Defines Minimum requirements and Best practices Accredits Authorities General authentication – not just PKI
E N D
The EU Grid PMADavid KelseyCCLRC/RALd.p.kelsey@rl.ac.uk16 April 2004, Dublin
The EU Grid PMA “Policy Management Authority” • Continues from the EDG CACG www.eugridpma.org • Defines Minimum requirements and Best practices • Accredits Authorities • General authentication – not just PKI • Members • Accredited Authorities • Major relying parties (EGEE, DEISA, SEE-GRID, LCG,…) • TERENA (TACAR) • 1st meeting – April 2004 – Florence (INFN) • Charter approved • David Groep (NIKHEF) appointed as Chair
EU Grid PMA coverage • Most countries in Europe have a national CA • “Catch-all” for EGEE (France) and SEE-GRID for S.East • Green: CA Accredited • Yellow: being discussed Other Accredited CAs: • DoEGrids (USA) • GridCanada • ASCCG (Taiwan) • ArmeSFO (Armenia) • CERN • Russia (LCG) • FNAL Service CA (USA) • Israel • Pakistan
Authentication Policy Guidelines • Wherever possible • No more than one CA per country • Aim for widest possible cover • PMA does not provide identity assertions • Certificates issued meet or exceed the guidelines • Identity for Grid/eScience Authentication only • No support of data encryption or non-repudiation • No support for financial transactions • No liability!
Policy Guidelines (2) • A single authoritative source for verifying roots of trust is needed (see TACAR) • We must work in the global arena (GGF & gridpma.org) • GSI imposes technical constraints which must be met • The PMA is mainly technical • Development needs technical experts
Endorsement of the EUGridPMA The EU Grid Policy Management Authority (PMA) http://www.eugridpma.org/ as a group of mutually trusted Certification Authorities (CAs), is instrumental for the security infrastructure of current GRID projects in the global arena. An endorsement by the eIRG of the EUGridPMA will be a concrete first step towards common EU polices for authentication for resource access and sharing for e-science.