Updates of the APGrid PMA

1
Updates of the APGrid PMA

• Yoshio Tanaka
• APGrid PMA, Chair
• Grid Technology Research Center,
• AIST, Japan

2
APGridPMA Members
3
Geographical locations (except US and AU)
4
APGrid CAs (accredited, 1/3)

• Australia
• APACGrid CA
• Accredited in Nov. 2005
• Started the operation in Feb. 2006
• Audited in March 2006
• David Bannon, Graham Jenkins, Chris Kendrick
• Issues certificates for LCG
• China
• IHEP CA
• Accredited in May 2005 (already in operation)
• Audited in December 2005
• profile of the root cert. has been changed
• Gongxing Sun, Gang Chen, Fan HuaXiang
• Issues certificates for LCG
• CNIC / SDG CA
• Accredited in Dec. 2005.
• Not yet in operation
• Going to launch a new CA
• hierarchical CA

5
APGrid CAs (accredited, 2/3)

• Japan
• AIST GRID CA
• Accredited in Sep. 2004
• Started the operation in March 2005
• Audited in March 2005
• Yoshio Tanaka, 5 staffs
• NAREGI CA
• Accredited in Nov. 2005
• Started the operation in Feb. 2006
• Not yet audited
• Currently, removed from IGTF CA distribution
• Masataka Kanamori, 4 staffs
• KEK Grid CA
• Accredited in Jan. 2006
• Started the operation in Feb. 2006
• Not yet audited
• Takashi Sasaki, 23 staffs
• Issues certificates for LCG

6
APGrid CAs (accredited, 3/3)

• Korea
• KISTI GRID CA
• Accredited in Aug. 2004. (already in operation)
• Not yet audited
• Sangwan Kim, Jae-hyuck Kwak
• Issues certificates for LCG
• Taiwan
• ASGCC CA
• Operated by Academia Sinica Grid Computing Center
• Accredited in Sep. 2004. (already in operation)
• Audited in Aug. 2005
• Eric Yen, C.C. Chang, 12 operators
• Issues certificates for LCG
• NCHC Grid CA
• Operated by National Cener for High-performance
  Computing
• Accredited in Feb. 2006
• Not yet in operation
• Alex Wu, Weicheng Huang, 12 operators

7
APGrid CAs (under review, planned)

• Singapore
• NGO CA
• will be operated by National Grid Office and
  Netrust Inc.
• CP/CPS under review
• will issue certificates for LCG
• Thailand
• NECTEC CA
• will be operated by National Electronics and
  Computer Technology Center
• drafting CP/CPS
• Thai National Grid Center
• will be operated by Thai National Grid Center
• drafting CP/CPS
• USA
• PRAGMA CA
• will be operated by SDSC
• planning to be a catch-all CA for PRAGMA members
• drafting CP/CPS

8
APGrid CAs (general membership)

• China
• Univ. of Hong Kong
• India
• Univ. of Hyderabad
• Japan
• Osaka Univ.
• Malaysia
• Univ. Sains Malaysia

9
Grid Communities in Asia Pacific at a glance

• ApGrid Asia Pacific Partnership for Grid
  Computing
• Open Community as a focal point
• more than 40 member institutions from 15
  economics
• Kick-off meeting July 2000, 1st workshop Sep.
  2001
• PRAGMA Pacific Rim Applications and Grid
  Middleware Assembly
• NSF funded project led by UCSD/SDSC
• 30 member institutions
• Establish sustained collaborations and advance
  the use of the grid technologies
• 1st workshop Mar. 2002, 10th workshop next
  month!
• APAN (Asia Pacific Advanced Network) Grid
  Committee
• Bridging APAN application communities and Grid
  communities outside of APAN
• Grid WG was launched in 2002, re-organized as a
  committee in 2005
• APGrid PMA Asia Pacific Grid Policy Management
  Authority
• General Policy Management Authority in the Asia
  Pacific Region
• 16 member CAs
• A founding member of the IGTF (International Grid
  Trust Federation)
• Officially started in June 2004
• APEC/TEL APGrid
• Building social framework

10
Pacific Rim Application and Grid Middleware
Assembly

• NSF-funded project lead by UCSD/SDSC.
• 1st workshop was held in March 2002.
• Establish sustained collaborations and advance
  the use of the Grid technologies for
  applications.
• Expected outcomes
• Advance scientific applications
• Increase productive and effective use of the grid
  by researchers and scientists in the Pacific Rim
• Increase interoperability of grid middleware in
  Pacific Rim and throughout the world

• Tightly collaborating with ApGrid.
• Having workshops 23 times a year.

11
PRAGMA TAGPMA

• Chille
• CICESE (Centro de Investigacion Cientifica y de
  Education Superior de Ensenada)
• Mexico
• UNAM (Universidad Nacional Autonoma de Mexico)
• As of today, UNAM is not an institutional member
• USA
• NCSA
• PNG (Pacific Northwest Gigapop)
• Starlight (located at Univ. Illinois, Chicago)
• Transpac (located at Indiana Univ.)
• UCSD
• SDSC

12
APGridPMA Status Activities

• Accreditation of CAs
• 9 accredited CAs
• AIST, APAC, ASGCC, CNIC, IHEP, KEK, KISTI,
  NAREGI, NCHC
• 7 CAs are in operation
• CNIC/SDG will change the structure and will be
  re-accredited
• Audit
• AIST, APAC, ASGCC, IHEP have been audited by the
  other CAs.
• Regular (monthly) VTC.
• Brief status reports of each CA
• In-depth report of a CA
• Decisions
• Examination for accreditation of a CA
• Approval of charter, minimum CA requirements,
  etc.
• Open discussions
• (physical) face-to-face meeting (at least) once
  per year.
• 1st face-to-face meeting was in Dec. 2005,
  Beijing.
• 2nd meeting will be in Oct. 15, 2006, Osaka,
  Japan.

13
Some Updates

• Issues to be discussed
• Accreditation of NGO/Netrust CA
• Some information are confidential
• Too short validity period of CRL
• Netrust CA agreed with disclosing audit report to
  the APGrid PMA auditors
• Accreditation of CNIC/SDG CA
• hierarchical CA
• IGTF CA distribution from the APGrid PMA
• Will need to limit the number of CAs per region
• Japanese universities will build UPKI
• China has some national/international Grid
  project
• Need to consider hierarchical structure of PMAs

14
Proposed audit items

• NAREGI PKI WG has subjectively selected criteria
  for auditing Grid CAs.
• based on
• AICPA/CICA WebTrustSM/TM Program for
  Certification Authority
• minimum CA requirements of APGrid PMA and EUGrid
  PMA
• Web Trust
• WebTrust is a seal awarded to web sites that
  consistently adhere to certain business standards
  established by the Canadian Institute of
  Chartered Accountants (CICA.ca) and the American
  Institute of Certified Public Accountants
  (AICPA).
• In the program, Web Trust Principles and
  Criteria for Certification Authorities lists
  criteria for CAs.
• may too much for Grid CAs.

15
Audit checklist

• Simply pickup items from WebTrustSM/TM criteria
  based on minimum CA requirements.
• The number of criteria

16
Rough procedures for auditing

• Pre examination (few days)
• Review all available documents
• CP/CPS, Users manual, Operational manual, CRL,
  CA Certificate, etc.
• Prepare score sheet
• Main examination (half day)
• Interview to CA staffs
• Detailed flow of identifying end entities and
  issuing certificates
• How accesses to the CA private key is controlled
• Inspection of equipments
• CA server, CA room, backup media, archived logs,
  a safe box, etc.
• Post examination (half day)
• Draft and send an audit report
• The audited CA is requested to send a report on
  plans for the improvements in 1 week