Asia Pacific Grid Policy Management Authority - PowerPoint PPT Presentation

1 / 10

About This Presentation

Title:

Asia Pacific Grid Policy Management Authority

Description:

The Asia Pacific Grid Policy Management Authority (APGrid PMA) supports Grid ... accredit Authorities with respect to the minimum requirements; ... – PowerPoint PPT presentation

Number of Views:40

Avg rating:3.0/5.0

Slides: 11

Provided by: yos46

Category:

more less

Transcript and Presenter's Notes

Title: Asia Pacific Grid Policy Management Authority

1
Asia Pacific Grid Policy Management Authority

Yoshio Tanaka
Grid Technology Research Center,
Advanced Industrial Science and Technology, Japan

2
What is APGrid PMA?

The Asia Pacific Grid Policy Management Authority
(APGrid PMA) supports Grid communities in Asia
Pacific to implement a common trust domain across
organizations.
The main activity of the APGrid PMA is to
coordinate a Public Key Infrastructure (PKI) for
use with Grid authentication.
The APGrid PMA is expected to be referred as a
representative policy management authority in
Asia Pacific. The APGrid PMA should not be
specific for any existing Grid communities in
Asia Pacific such as ApGrid and PRAGMA.

3
Scope of the APGrid PMA

The PMA is responsible for accreditation of
authorities issuing identity assertions for Grid
Authentication. The PMA will
define and issue a minimum requirements and
guidelines documents. These documents may govern
any aspect of certificate issuance and reliance
maintain and revise the documents according to
current developments
accredit Authorities with respect to the minimum
requirements
be primarily concerned with Grid communities in
Asia Pacific, and their external partners.

4
Proposal

Define minimum requirements for two levels of CA
experimental level CA
Existing CAs can be approved as experimental
level.
Can be used inside a community
production level CA
Need strict management
Should be trusted by international communities

5
Summary

APGrid PMA defines minimum requirements
Every CA must satisfy the requirements
Every CA must declare its level
Every CA must provide CP/CPS
Reference GGF document, AIST GTRC CA CP/CPS
APGrid PMA will establish trust relationship with
other international communities such as DOEGrids
PMA, EUGrid PMA, etc.
The minimum requirements will be reviewed by
them.
I have already started discussion with DOEGrids
PMA

6
Proposed Milestones

Fix initial members (almost done)
Draft charter and minimum requirements (done)
circulate charter and minimum requirements, call
for comments, and revise if required (10 days)
Approve charter and minimum requirements (end of
May)
Publish charter and minimum requirements (Jun
1st)
Discuss with other PMAs at GGF11

7
Background -- Current PKI software --

Current PKI software OpenSSL, Open CA, Simple CA
Provides scripts for CSR generation and issuing
certificates
Easy to use
Appropriate for small communities and experiments

download install
Simple CA package
CA Admins
? Send CSR via email
???
? Send a certificate
? Issue certificates
? Use for authentication
? Generate CSR
? ?????
8
Background -- Current PKI software --

Sending CSRs via email is not appropriate for
high-level security.
Poor functionalities for managing CRL
Periodic publication of CRS
Impossible to revoke a certificate by the owner
No functions for remote management
No functions for automatic issuing of certificates

9
AiCA Open source software for CA mgmt.
LDAP Server
RA Server
LDAP
CA Server
email
certreq
aienroll
LCMP
aicrlpub
airad
aicad
WEB
enroll (apache CGI)
HTTP
LCMP
LCMP
email
user
CA management tools
aica
PKI utilities
certview
certconv
Open Source
CA Admin
10
AiCA Features at a glance