Скачать презентацию TERENA Certificate Service TCS 9 June 2011 Скачать презентацию TERENA Certificate Service TCS 9 June 2011

96deaf1fc66978da985df70fea4a00e8.ppt

  • Количество слайдов: 11

TERENA Certificate Service (TCS) 9 June 2011 TERENA Certificate Service (TCS) 9 June 2011

Background › Many NRENs had set-up a CA, but certificates issued were not trusted Background › Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘pop-up’ problem). › Purchasing certificates directly from commercial CAs is expensive in bulk. Slide 2

Certificate Types › Five types of certificate available: › Server Certificate - for authenticating Certificate Types › Five types of certificate available: › Server Certificate - for authenticating servers and establishing secure sessions with end clients. › e-Science Server Certificate - for authenticating Grid hosts and services. These are IGTF compliant. › Personal Certificate - for identifying individual users and securing e-mail communications. › e-Science Personal Certificate - for identifying individual users accessing Grid services. These are IGTF compliant. › Code-signing Certificates - for authenticating software distributed over the Internet. › Comodo is also offering free EV certificates for a limited period. Slide 3

Participants NREN/Country S P C ACOnet AT LITNET LT - BELNET BE Uo. M Participants NREN/Country S P C ACOnet AT LITNET LT - BELNET BE Uo. M MT - CARNet HR - - SURFnet NL Cyprus CY UNINETT NO CESNET CZ - PSNC PL UNI • C DK - FCCN PT - - FUNET FI - Ro. Edu. Net RO - RENATER FR - AMRES RS - GRNET GR - ARNES SI - - HUNGARNET HU - - Red. IRIS ES HEAnet IE SUNET SE GARR IT - JANET(UK) UK - - IUCC IL - Slide 4

Delegated Responsibilities & Scaling Delegated Responsibilities & Scaling

Built using contracts • scales well to large numbers of organisations and users • Built using contracts • scales well to large numbers of organisations and users • assurance requirements on subscribers ensure quality ID • bound through legal contracts

TCS Portal › Several NRENs decided to pool resources and operate common portal for TCS Portal › Several NRENs decided to pool resources and operate common portal for personal certificates. › Hosted on resilient servers at Tilburg University under contract to TERENA. › Utilises Confusa software. › Each NREN community needs to operate at least one Id. P, but multiple Id. Ps are supported. › Participants: › ACOnet (AT), BELNET (BE), FUNET (FI), GARR (IT), RENATER (FR), SUNET (SE), SURFnet (NL), UNI-C (DK), UNINETT (NO) Slide 7

Authenticating users via Subscriber and Federation NREN or Federation Operator User’s home organisation National Authenticating users via Subscriber and Federation NREN or Federation Operator User’s home organisation National research-education federations provide the basis for authenticating users and obtaining key attributes like a persistent unique identifier and including assurance level via service entitlements

Statistics (1 Jul 2009 - 31 Dec 2010) › Server Certificates › Since 1 Statistics (1 Jul 2009 - 31 Dec 2010) › Server Certificates › Since 1 Jul 2009 - 45, 710 (most JANET(UK) with 9, 321 ) › e. Science Server Certificates › Since 1 Oct 2010 - 42 (most PSNC with 16) › Personal Certificates › Since 5 Feb 2010 - 1, 169 (most 499 with CESNET) › e. Science Personal Certificates › Since 5 Feb 2010 - 547 (most 332 with UNINETT) › Code-Signing Certificates › Since 1 June 2010 - 52 (most 13 with PSNC) Slide 9

TCS e. Science - global recognition Meets the IGTF requirements for long-term integrated credential TCS e. Science - global recognition Meets the IGTF requirements for long-term integrated credential services and thereby has global recognition by all major e-Infrastructures

Reach of the TCS Personal service The TCS portals – trustworthy credentials in 3 Reach of the TCS Personal service The TCS portals – trustworthy credentials in 3 clicks and 2 minutes dark-blue: e. Science Personal deployed