Скачать презентацию PKI USC 1 Historical Overview NMI Скачать презентацию PKI USC 1 Historical Overview NMI

1c40c123786677cfcd85c3b9568c5bba.ppt

  • Количество слайдов: 25

PKI @ USC 1 PKI @ USC 1

Historical Overview NMI Testbed v. 1 USCGrid USC Pub. Cookie USC Authx USC CA Historical Overview NMI Testbed v. 1 USCGrid USC Pub. Cookie USC Authx USC CA USC PGP Shibboleth 2

NMI Testbed r. 1 3 NMI Testbed r. 1 3

NMI Testbed Globus Toolkit Condor-G KX. 509 http: //www. nsfmiddleware. org/testbe d/testbed_status. asp 4 NMI Testbed Globus Toolkit Condor-G KX. 509 http: //www. nsfmiddleware. org/testbe d/testbed_status. asp 4

USCGrid 5 USCGrid 5

USCGrids require PKI host certs persistent service certs people certs http: //www. usc. edu/us USCGrids require PKI host certs persistent service certs people certs http: //www. usc. edu/us cgrid 6

Pub. Cookie 7 Pub. Cookie 7

Pub. Cookie Web. ISO Initial installation rocky but UMich very helpful Scheduled for its Pub. Cookie Web. ISO Initial installation rocky but UMich very helpful Scheduled for its own server My second most favorite NMI component 8

USC Authx 9 USC Authx 9

USC Authx Grid-based authentication & authorization Web-based authentication & authorization http: //www. usc. edu/au USC Authx Grid-based authentication & authorization Web-based authentication & authorization http: //www. usc. edu/au thx 10

USC Authx Globus CA announces its impending shutdown Forced replacement of all host & USC Authx Globus CA announces its impending shutdown Forced replacement of all host & persistent service certs Commercial CA, noncommercial CA, or build our own 11

The Checkered History of USC CA 12 The Checkered History of USC CA 12

USC Certificate Authority Large prominent grid user: Southern California Earthquake Center Need to have USC Certificate Authority Large prominent grid user: Southern California Earthquake Center Need to have our certs accepted by entities, like SDSC, NPACI, PSC Build our own — how hard could it be? 13

USC Certificate Authority Quickly slapped up something called the USC CA using openssl Quickly USC Certificate Authority Quickly slapped up something called the USC CA using openssl Quickly realized that we didn’t know what we were doing Quickly realized we’d need to reconstitute the CA 14

USC Certificate Authority Wealth of information on running a certificate authority, sort of After USC Certificate Authority Wealth of information on running a certificate authority, sort of After review of existing information, decided to base our CA on PKI Lite Making KCA subsidiary to USC PKI Lite CA 15

USC Certificate Authority http: //middleware. inte rnet 2. edu/hepkitag/pki-litepolicy-practicescurrent. html http: //www. usc. edu/au USC Certificate Authority http: //middleware. inte rnet 2. edu/hepkitag/pki-litepolicy-practicescurrent. html http: //www. usc. edu/au thx/CA 16

USC Certificate Authority Recent “coming-ofage” incident 17 USC Certificate Authority Recent “coming-ofage” incident 17

Email & Pretty Good Privacy 18 Email & Pretty Good Privacy 18

Email & PGP http: //www. usc. edu/isd /services/authx/service s/pgp. html http: //www. openpgp. o Email & PGP http: //www. usc. edu/isd /services/authx/service s/pgp. html http: //www. openpgp. o rg/about_openpgp http: //www. gnupg. org 19

Shibboleth 20 Shibboleth 20

Shibboleth Scholar’s Portal Signet Whither Pub. Cookie? Grids 21 Shibboleth Scholar’s Portal Signet Whither Pub. Cookie? Grids 21

Stuff We’re Looking at Doing 22 Stuff We’re Looking at Doing 22

Stuff We’re Looking At Nessus http: //www. nessus. org/ signed administrative email USC PKI Stuff We’re Looking At Nessus http: //www. nessus. org/ signed administrative email USC PKI Heavy CA WS-* 23

The USC Auth. X Group Asbed Bedrossian Phil Dibowitz Brian Mendenhall John Mullins Linda The USC Auth. X Group Asbed Bedrossian Phil Dibowitz Brian Mendenhall John Mullins Linda Savage Garrick Staples 24

Hardly The End shelley@usc. edu authx@usc. edu 25 Hardly The End shelley@usc. edu authx@usc. edu 25