TERENA TF-EMC2 Workshop David Groep, 2004.11.04

TERENA TF-EMC2 WorkshopDavid Groep, 2004.11.04

http://www.eugridpma.org/

TF-EMC2 meeting, November 4 2004 - 2David Groep – chair@eugridpma.org

A PKI for Grids

PKI model fits the lack of hierarchical relations between users and resources in the Grid

Users can join collaborations (VOs), that are independent of both resources and home organisations

mainly unilateral trust relations (RP/subscriber -> CA)limited mutual trust (CA->CA within PMA)

Both users and services need a credential

Revocation: of authZ via the VOs, of AuthN via the CAs

(latter only of the identity is compromised)

The EUGridPMA

European Grid Authentication

Policy Management Authority for e-Science

Coordinates authentication for people and services for European, national, and related Grid projectsEGEE, DEISA, SEEGRID, LCG, …

PMA manages authentication guidelines policies Trust domain for research and academic grids

Certificate Authority Coordination

Evolved from the CA Coordination Groupin DataGrid, CrossGrid, LCG, …

collection of national and regional CAs better local identity vetting national legislation

all meet or exceed minimum requirements identity checking (in-person, photo-ID) physical security (signing key protection, storage) naming (unique certificate names) revocation (updated lists, retrieval)

Clearly defined accreditation procedure

Basic tools and distribution mechanisms

Accreditation process

Codification of procedures in a CP(S) for each CA de facto lots of copy/paste, except for vetting sections

Peer-review process for evaluation comments welcomed from all PMA members two assigned referees

In-person appearance during the review meeting

Accredited Authorities

Everyone (almost) in Europe has a national CA

Green: CA Accredited Yellow: being

discussedOther Accredited CAs: DoEGrids (US) GridCanada ASCCG (Taiwan) ArmeSFO (Armenia) CERN Russia (HEP) FNAL Service CA (US) Israel Pakistan

The Catch-All CAs

Project-centric “catch all” Authorities

For those left out of the rain in EGEE CNRS “catch-all” (Sophie Nicoud) coverage for all EGEE partners

For the South-East European Region regional catch-all CA

For LCG world-wide DoeGrids CA (Tony Genovese & Mike Helm, ESnet) Registration Authorities through Ian Neilson

Distribution

RPM distribution to facilitate deployment projects validation must be done via TACAR

(or out-of-band means)

releases contain CA root cert CRL URL CA URL namespace-policy file (used by software for

enforcement) dependency information (for hierarchical PKIs)

meta-RPMs “ca_policy_eugridpma” for triggering dependencies in install software (yum/apt)

releases every ~ 4-12 weeks

Global interoperation

PMAs collaborate bilaterally in an interoperation framework: the International Grid Federationsee www.gridpma.org

Americas PMAbeing formed

EUGridPMA

APGridPMA

TF-EMC2 meeting, November 4 2004 - 10

David Groep – chair@eugridpma.org

Commonality

Common services to all European eInfrastructure EUGridPMA:

All EU Grid infrastructure FP6 programmes CAs also cover inter-organisational national projects

TERENA TACAR provides the trust validation Grid projects rely on TACAR to validate roots-of-trust

Minimum Requirements form bases of IGF Coherency in AP modelled on EUGridPMA Americas are planning to build an AMSGridPMA

Current topics of discussion

Continuing updates to minimum requirementsas experience growsto comply better with evolving Grid middlewareto comply with evolving industry standards

User key hygiene worries aboundCan the user be trusted with key care? (hardly…)

Complexity for users, servicesthe server-certificate service!

On-line CA methodologiesGuidelines and Minimum Requirements

Site-local solutions (SIPS) Active Certificate Stores (credential

repositories, escrow services)CA-generated key pairs and ease-of-use

http://www.eugridpma.org/

TERENA TF-EMC2 Workshop David Groep, 2004.11.04

Documents

Transcript of TERENA TF-EMC2 Workshop David Groep, 2004.11.04

Food City - Posters groep

SIP Tutorial - TERENA

Authentication - Terena

Emc2 Machine Newman1

EMC2 (12).ppt

EMC2 Developer Manual

Aula6-EMC2 (1)

TERENA Technical Programme Update TERENA GA Meeting Vilnius, Lithuania 4 June 2010 Christoph Graf TERENA VP Technical Programme christoph.graf@switch.ch.

Claudio Allocchio Claudio.Allocchio@garr.itClaudio.Allocchio@garr.it TERENA VP Technical Programme TERENA GA – Rhodes, 10 – 11 June 2004 1 TERENA Technical.

Carolina Crown 2013 - Emc2

TERENA Certificate Service - RedIRIS · TERENA Server & Codesigning CA CPS Version 1.3, 1 September 2009 Page 1/38 TERENA Certificate Service TERENA Server & Codesigning CA Certificate

TERENA Certificate Service · TERENA Personal CA CPS Version 1.2, 16 December 2011 Page 1/51 TERENA Certificate Service TERENA Personal CA Certificate Practice Statement Version 1.2

EMC2 Arrowhead talk

RAPPORT D’ACTIVITÉ 2020 - pole-emc2.fr

VDL GROEP ANNUAL REPORT - Amazon S3 · VDL GROEP ANNUAL REPORT 2014. VDL GROEP ANNUAL REPORT 2014 VDL Groep bv Hoevenweg 1 5652 AW Eindhoven, the Netherlands ... Profit before tax

GROEP 1 - HOLLIMEX

WILLEMEN GROEP

EMC2 Manual Pages

Original Author: EMC2-DP V2 - Sundance DSP...Figure 1: EMC2-Z7015/30 (with Zynq SoM and Break-out) EMC2-DP Issue 3.3.0 Page 8 4 Circuit Description The main component of the EMC2-DP

David Groep Nikhef Amsterdam PDP & Grid TERENA Certificate Service Certificates4All! David Groep standing in for Licia Florio, TERENA, using material from.