Скачать презентацию TAGPMA the Bridge WG Scott Rea Скачать презентацию TAGPMA the Bridge WG Scott Rea

2b519c2696aac7e9e8e64091f2166323.ppt

  • Количество слайдов: 19

TAGPMA & the Bridge WG (Scott Rea – Dartmouth College) Internet 2 Member Meeting, TAGPMA & the Bridge WG (Scott Rea – Dartmouth College) Internet 2 Member Meeting, Dec 2006 PKI Activities and Applications Update - Chicago, IL

International Grid Trust Federation • IGTF founded in Oct, 2005 at GGF 15 • International Grid Trust Federation • IGTF founded in Oct, 2005 at GGF 15 • IGTF Purpose: – Manage authentication services for global computational grids via policy and procedures • IGTF goal: – harmonize and synchronize member PMAs policies to establish and maintain global trust relationships • IGTF members: – 3 regional Policy Management Authorities • EUgrid. PMA • APgrid. PMA • TAGPMA • 50+ CAs, 50, 000+ credentials 2

IGTF 3 IGTF 3

IGTF general Architecture • The member PMAs are responsible for accrediting authorities that issue IGTF general Architecture • The member PMAs are responsible for accrediting authorities that issue identity assertions. • The IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class of identity assertions and assertion providers. • The management and continued evolution of an AP is assigned by the IGTF to a specific member PMA. – Proposed changes to an AP will be circulated by the chair of the PMA managing the AP to all chairs of the IGTF member PMAs. • Each of the PMAs will accredit credential-issuing authorities and document the accreditation policy and procedures. • Any changes to the policy and practices of a credential-issuing authority after accreditation will void the accreditation unless the changes have been approved by the accrediting PMA prior to their taking effect. 4

EUGrid. PMA members and applicants Green: EMEA countries with an Accredited Authority · 23 EUGrid. PMA members and applicants Green: EMEA countries with an Accredited Authority · 23 of 25 EU member states (all except LU, MT) · + AM, CH, HR, IL, IS, NO, PK, RU, TR Other Accredited Authorities: · Do. EGrids (. us), Grid. Canada (. ca), CERN, SEE catch-all 5

EUgrid. PMA Membership • Under “Classic X. 509 secured infrastructure” authorities – accredited: 38 EUgrid. PMA Membership • Under “Classic X. 509 secured infrastructure” authorities – accredited: 38 (recent additions: CERN-IT/IS, SRCE) – active applicants: 4 (Serbia, Bulgaria, Romania, Morocco) • Under “SLCS” – accredited: 0 – active applicants: 1 (SWITCH-aai) • Under MICS draft – none yet of course, but actually CERN-IS would be a good match for MICS as well • Major relying parties – EGEE, DEISA, SEE-GRID, LCG, TERENA 6

Map of the APGrid PMA Ex-officio Membership • APAC (Australia) • CNIC/SDG, IHEP (China) Map of the APGrid PMA Ex-officio Membership • APAC (Australia) • CNIC/SDG, IHEP (China) • AIST, KEK, NAREGI (Japan) • KISTI (Korea) • NGO (Singapore) • ASGCC, NCHC (Taiwan) • NECTEC, Thai. Grid (Thailand) • PRAGMA/UCSD (USA) General Membership • U. Hong Kong (China) • U. Hyderabad (India) • Osaka U. (Japan) • USM (Malaysia) 7

APgrid. PMA Membership • 9 Accredited CAs – In operation • • AIST (Japan) APgrid. PMA Membership • 9 Accredited CAs – In operation • • AIST (Japan) APAC (Australia) ASGCC (Taiwan) CNIC (China) IHEP (China) KEK (Japan) NAREGI (Japan) • 1 CA under review – NGO (Singapore) • Will be re-accredited – KISTI (Korea) • Planning – PRAGMA (USA) – Thai. Grid (Thailand) • General membership – – – Will be in operation • NCHC (Taiwan) • NECTEC (Thailand) 8 Osaka U. (Japan) U. Hong Kong (China) U. Hyderabad (India) USM (Malaysia)

TAGPMA 9 TAGPMA 9

TAGPMA Membership • Accredited – – – – • • Relying Parties – – TAGPMA Membership • Accredited – – – – • • Relying Parties – – – – Argentina UNLP Brazilian Grid CA CANARIE (Canada)* DOEGrids* EELA LA Catch all Grid CA ESnet/DOE Office Science* REUNA Chilean CA TACC – Root Dartmouth/HEBCA EELA OSG SDSC SLAC Tera. Grid The. Grid LCG In Review – – – – FNAL Mexico UNAM NCSA – Classic/SLCS Purdue University TACC – Classic/SLCS Venezuela Virginia USHER *Accredited by EUgrid. PMA 10

TAGPMA Bridge Working Group • Recognition that there are different LOAs – in the TAGPMA Bridge Working Group • Recognition that there are different LOAs – in the way some credential service providers operate – Required by different applications • More efficient ways of distributing Trust Anchors • Interoperation with other trust federations • Scott Rea is Chair, representatives from each regional PMA included 11

Recent Mapping Exercises • Federal Bridge CA (FBCA) General Profile against IGTF Classic Profile Recent Mapping Exercises • Federal Bridge CA (FBCA) General Profile against IGTF Classic Profile • Federal Citizen & Commerce Certificate CA (C-4) against IGTF Classic Profile • IGTF Classic Profile against C-4 12

Mapping Designations • Seven (7) designations used to characterize the equivalency – – – Mapping Designations • Seven (7) designations used to characterize the equivalency – – – – Exceeds - The ENTITY CP policy provides a higher level of assurance/security than the Federal CP requirement Equivalent - The ENTITY CP policy provides exactly the same assurance/security as the Federal CP requirement. Comparable - The ENTITY CP contains dissimilar policy contents, but provides a comparable level of assurance to meet the security to the Federal CP requirement. Partial - The ENTITY CP contains policy that is comparable, but it does not address the entire Federal CP requirement. Not Comparable - The ENTITY CP contains dissimilar policy contents, which provides a lower level of assurance/security than the Federal CP requirement. Missing - The ENTITY CP does not contain policy contents that can be compared to the Federal CP requirement in any way. N/A – Not Applicable to ENTITY CP or required for FBCA cross certification. 13

Mapping Results • C-4 against IGTF Classic Profile – 30 policy points evaluated – Mapping Results • C-4 against IGTF Classic Profile – 30 policy points evaluated – 14 Comparable designations – 12 Partial designations – 3 Not Comparable designations – 1 Not Applicable designation 14

Mapping Results • FBCA General against IGTF Classic Profile • Basic LOA used for Mapping Results • FBCA General against IGTF Classic Profile • Basic LOA used for Comparisons – 136 policy points evaluated – 22 Comparable designations – 33 Partial designations – 12 Not Comparable designations – 65 Missing designations – 3 Not Applicable designations 15

Mapping Results • IGTF Classic Profile against C-4 – 30 policy points evaluated – Mapping Results • IGTF Classic Profile against C-4 – 30 policy points evaluated – 19 Comparable designations – 1 Partial designation – 10 Exceeds designations 16

CA-2 CA-1 Proposed Inter-federations CA-2 HE BR CA-1 CA-n NIH FBCA HE JP Cross-cert CA-2 CA-1 Proposed Inter-federations CA-2 HE BR CA-1 CA-n NIH FBCA HE JP Cross-cert CA-3 Aus. Cert CAUDIT PKI Cross-certs C-4 DST ACES Dartmouth Texas HEBCA Cross-certs IGTF Wisconsin UVA Univ-N Certi. Path USHER SAFE Other Bridges CA-4 CA-1 CA-2 17 CA-3

FPKI High HEBCA/USHER Medium Hardware CBP High Medium Software CBP Medium Basic Rudimentary IGTF FPKI High HEBCA/USHER Medium Hardware CBP High Medium Software CBP Medium Basic Rudimentary IGTF C-4 Rudimentary Classic Ca MICS SAML Foundation SLCS Username/Password 18

For More Information • IGTF Website: http: //www. gridpma. org/ • TAGPMA Website: http: For More Information • IGTF Website: http: //www. gridpma. org/ • TAGPMA Website: http: //www. tagpma. org/ Scott Rea - Scott. [email protected] edu 19