Скачать презентацию Grid Canada Certificate Authority Darcy Quesnel darcy quesnel canarie Скачать презентацию Grid Canada Certificate Authority Darcy Quesnel darcy quesnel canarie

7dc1942dc8dd6253d0896fff9cd96f2b.ppt

  • Количество слайдов: 10

Grid Canada Certificate Authority Darcy Quesnel darcy. quesnel@canarie. ca ca@gridcanada. ca http: //www. gridcanada. Grid Canada Certificate Authority Darcy Quesnel darcy. quesnel@canarie. ca ca@gridcanada. ca http: //www. gridcanada. ca/ca/

About Grid Canada • Project formed by an MOU between CANARIE, NRC, and C About Grid Canada • Project formed by an MOU between CANARIE, NRC, and C 3. ca » C 3. ca is the organization of the high performance computing sites in Canada » NRC is the federal lab system in Canada » CANARIE operates the Canadian research and education internet backbone (CAnet 4) • Develops and deploys infrastructure for use by grid-related projects in Canada

Project Drivers • Customer-managed lightpaths » An OGSA-compliant way for users to provision end Project Drivers • Customer-managed lightpaths » An OGSA-compliant way for users to provision end -to-end lightpaths • NRC i. HPC » Develop and deploy grid infrastructure within NRC » In support of multi-scale modelling » <5 users now, >50? in the future • Atlas Canada » Wants to participate in Data Grid » <10 users now, >30? in the future

Challenges • Right now » Canada is not the U. S. and it is Challenges • Right now » Canada is not the U. S. and it is not Europe (or even the U. K. ) » No federal granting agency has yet identified grids as a “strategic direction” • We hope that » Funded projects will see the benefits of having an explicit grid component » The NRC and CANARIE will increase their roles

GC CA Details • • CA Certificate Valid From: 2002 -04 -11 CA Certificate GC CA Details • • CA Certificate Valid From: 2002 -04 -11 CA Certificate Valid Until: 2007 -04 -10 User Certificates: 13 Host/Service Certificates: 18 Revocations: 2 Based on the globus_simple_ca_bundle Issued to R&E end entities involved in grid activities • Standard set of extensions

CA Requirements Compliance • GC CA machine is dedicated, secure, and non -networked • CA Requirements Compliance • GC CA machine is dedicated, secure, and non -networked • GC CA private key is » 2048 -bit length » Valid for 5 years » Passphrase protected • User and host/service keys are » » 1024 -bit length Valid for 1 year Linked to a specific person or host/service Generated by the user

CA Requirements Compliance • Namespace is “/C=CA/O=Grid/*” » Subject names have the form “/C=CA/O=Grid CA Requirements Compliance • Namespace is “/C=CA/O=Grid/*” » Subject names have the form “/C=CA/O=Grid /OU=/CN=” • Published at http: //www. gridcanada. ca/ca is the » » CP/CPS CRL Public Key Signing Policy • All requests and responses (email), certificates, and CRLs are archived

CA Requirements Differences • RA is based on a small community » User certificates CA Requirements Differences • RA is based on a small community » User certificates are granted to people I know or who can be vouched for by someone I know • Host/service certificate requests are not signed by a user certificate » Host/service certificates are granted after I’ve talked to (or bugged) someone

Future Directions • Develop scaleable RA infrastructure • North American PMA » Why should Future Directions • Develop scaleable RA infrastructure • North American PMA » Why should EDG WP 6 have to deal with me directly? • Develop an XML schema for a CP/CPS » Useable by tools » Easier to create and change

Contact Information • darcy. quesnel@canarie. ca • ca@gridcanada. ca • http: //www. gridcanada. ca/ca Contact Information • darcy. quesnel@canarie. ca • ca@gridcanada. ca • http: //www. gridcanada. ca/ca