updates of the apgrid pma
Post on 21-Jan-2016
35 Views
Preview:
DESCRIPTION
TRANSCRIPT
National Institute of Advanced Industrial Science and Technology
Updates of the APGrid PMA
Yoshio TanakaYoshio TanakaAPGrid PMA, ChairAPGrid PMA, Chair
Grid Technology Research Center,Grid Technology Research Center,AIST,AIST, Japan Japan
APGridPMA: MembersAffiliation Name Production CA Experimental CA
AIST / Japan Yoshio Tanaka in operation in operation (limited use)
ASCC / Taiwan Eric Yen in operation none
KISTI / Korea Sangwan Kim in operation none
CNIC/SDG / China Kai Nan under review in operation
IHEP / China Gonxing Sun in operation none
APAC/Australia David Bannon in operation will close
NAREGI/Japan Masataka Kanamori in operation closed
NCHC / Taiwan Tsung-Ying Wu accredited in operation (limited use)
SDSC(PRAGMA) / USA Mason Katz planning planning
NECTEC / Thailand Sornthep Vannarat Planning in operation
NGO / Singapore Jon Lau under review none
ThaiGrid / Thailand Sugree Phatanapherom Planning Planning
KEK / Japan Takashi Sasaki in operation will close
HKU / HongKong Chen Lin, Elaine no plan in operation
U of Hyd / India Arun Agarwal no plan in operation
USM / Malaysia Boon Yaik no plan in operation
Osaka U / Japan Susumu Date planning in operation
Geographical locations (except US and AU)
APGrid CAs (accredited, 1/3)AustraliaAustralia
APACGrid CAAccredited in Nov. 2005Started the operation in Feb. 2006Audited in March 2006David Bannon, Graham Jenkins, Chris KendrickIssues certificates for LCG
ChinaChinaIHEP CA
Accredited in May 2005 (already in operation)Audited in December 2005
profile of the root cert. has been changedGongxing Sun, Gang Chen, Fan HuaXiangIssues certificates for LCG
CNIC / SDG CAAccredited in Dec. 2005.Not yet in operationGoing to launch a new CA
hierarchical CAneed to be accredited again
Kai Nan, Morrise Xu,
APGrid CAs (accredited, 2/3)
JapanJapanAIST GRID CA
Accredited in Sep. 2004Started the operation in March 2005Audited in March 2005 Yoshio Tanaka, + 5 staffs
NAREGI CAAccredited in Nov. 2005Started the operation in Feb. 2006Not yet auditedCurrently, removed from IGTF CA distributionMasataka Kanamori, + 4 staffs
KEK Grid CAAccredited in Jan. 2006Started the operation in Feb. 2006Not yet auditedTakashi Sasaki, + 2~3 staffsIssues certificates for LCG
APGrid CAs (accredited, 3/3)KoreaKorea
KISTI GRID CAAccredited in Aug. 2004. (already in operation)Not yet auditedSangwan Kim, Jae-hyuck KwakIssues certificates for LCG
TaiwanTaiwanASGCC CA
Operated by Academia Sinica Grid Computing CenterAccredited in Sep. 2004. (already in operation)Audited in Aug. 2005Eric Yen, C.C. Chang, + 1~2 operatorsIssues certificates for LCG
NCHC Grid CAOperated by National Cener for High-performance ComputingAccredited in Feb. 2006Not yet in operationAlex Wu, Weicheng Huang, + 1~2 operators
APGrid CAs (under review, planned)SingaporeSingapore
NGO CAwill be operated by National Grid Office and Netrust Inc.CP/CPS under reviewwill issue certificates for LCG
ThailandThailandNECTEC CA
will be operated by National Electronics and Computer Technology Centerdrafting CP/CPS
Thai National Grid Centerwill be operated by Thai National Grid Centerdrafting CP/CPS
USAUSAPRAGMA CA
will be operated by SDSCplanning to be a catch-all CA for PRAGMA membersdrafting CP/CPS
APGrid CAs (general membership)
ChinaChinaUniv. of Hong Kong
IndiaIndiaUniv. of Hyderabad
JapanJapanOsaka Univ.
MalaysiaMalaysiaUniv. Sains Malaysia
Grid Communities in Asia Pacific – at a glance –
ApGrid: Asia Pacific Partnership for Grid ComputingApGrid: Asia Pacific Partnership for Grid ComputingOpen Community as a focal point
more than 40 member institutions from 15 economicsKick-off meeting: July 2000, 1st workshop: Sep. 2001
PRAGMA: Pacific Rim Applications and Grid Middleware AssemblyPRAGMA: Pacific Rim Applications and Grid Middleware AssemblyNSF funded project led by UCSD/SDSC
30 member institutionsEstablish sustained collaborations and advance the use of the grid technologies1st workshop: Mar. 2002, 10th workshop: next month!
APAN (Asia Pacific Advanced Network) Grid CommitteeAPAN (Asia Pacific Advanced Network) Grid CommitteeBridging APAN application communities and Grid communities outside of APANGrid WG was launched in 2002, re-organized as a committee in 2005
APGrid PMA: Asia Pacific Grid Policy Management AuthorityAPGrid PMA: Asia Pacific Grid Policy Management AuthorityGeneral Policy Management Authority in the Asia Pacific Region
16 member CAsA founding member of the IGTF (International Grid Trust Federation)Officially started in June 2004
APEC/TEL APGridAPEC/TEL APGridBuilding social frameworkSemi-annual workshops
APAN (Asia Pacific Advanced Network) Middleware WGAPAN (Asia Pacific Advanced Network) Middleware WGShare experiences on middleware.Recent topics include ID management and National Middleware Efforts.Approved in January 2006.
NSF-funded project lead by NSF-funded project lead by UCSD/SDSC. UCSD/SDSC.
11stst workshop was held in March workshop was held in March 2002.2002.
Establish sustained collaborations Establish sustained collaborations and advance the use of the Grid and advance the use of the Grid technologies for applications.technologies for applications.
Expected outcomes:Expected outcomes:Advance scientific applicationsIncrease productive and effective use of the grid by researchers and scientists in the Pacific RimIncrease interoperability of grid middleware in Pacific Rim and throughout the world
Tightly collaborating with ApGrid.Tightly collaborating with ApGrid.Having workshops 2~3 times a year.Having workshops 2~3 times a year.
Pacific Rim Application and Grid Middleware
Assembly
PRAGMA && TAGPMA
ChilleChilleCICESE (Centro de Investigacion Cientifica y de Education Superior de Ensenada)
MexicoMexicoUNAM (Universidad Nacional Autonoma de Mexico)
As of today, UNAM is not an institutional member
USAUSANCSAPNG (Pacific Northwest Gigapop)Starlight (located at Univ. Illinois, Chicago)Transpac (located at Indiana Univ.)UCSDSDSC
APGridPMA: Status & ActivitiesAccreditation of CAsAccreditation of CAs
9 accredited CAsAIST, APAC, ASGCC, CNIC, IHEP, KEK, KISTI, NAREGI, NCHC
7 CAs are in operationCNIC/SDG will change the structure and will be re-accredited
AuditAuditAIST, APAC, ASGCC, IHEP have been audited by the other CAs.
Regular (monthly) VTC.Regular (monthly) VTC.Brief status reports of each CAIn-depth report of a CADecisions
Examination for accreditation of a CAApproval of charter, minimum CA requirements, etc.
Open discussions(physical) face-to-face meeting (at least) once per year.(physical) face-to-face meeting (at least) once per year.
1st face-to-face meeting was in Dec. 2005, Beijing.2nd meeting will be in Oct. 15, 2006, Osaka, Japan.
Some UpdatesIssues to be discussedIssues to be discussed
Accreditation of NGO/Netrust CASome information are confidentialToo short validity period of CRLNetrust CA agreed with disclosing audit report to the APGrid PMA auditors
Accreditation of CNIC/SDG CAhierarchical CA
IGTF CA distribution from the APGrid PMAWill need to limit the number of CAs per region
Japanese universities will build UPKIChina has some national/international Grid projectNeed to consider hierarchical structure of PMAs
Proposed audit items
NAREGI PKI WG has subjectively selected criteria for auditinNAREGI PKI WG has subjectively selected criteria for auditing Grid CAs.g Grid CAs.
based on AICPA/CICA WebTrustSM/TM Program for Certification Authorityminimum CA requirements of APGrid PMA and EUGrid PMA
Web TrustWeb TrustWebTrust is a seal awarded to web sites that consistently adhere to certain business standards established by the Canadian Institute of Chartered Accountants (CICA.ca) and the American Institute of Certified Public Accountants (AICPA). In the program, “Web Trust Principles and Criteria for Certification Authorities” lists criteria for CAs.
may too much for Grid CAs.
Audit checklist
Simply pickup items from WebTrustSimply pickup items from WebTrustSM/TMSM/TM criteria ba criteria based on minimum CA requirements.sed on minimum CA requirements.The number of criteria:The number of criteria:
WebTrustWebTrustSM/TMSM/TM Check ListCheck List
Principle 1Principle 1 4545 1313
Principle 2Principle 2 188188 1414
Principle 3Principle 3 165165 77
OthersOthers 44
Rough procedures for auditing
Pre examination (few days)Pre examination (few days)Review all available documents
CP/CPS, User’s manual, Operational manual, CRL, CA Certificate, etc.Prepare score sheet
Main examination (half day)Main examination (half day)Interview to CA staffs
Detailed flow of identifying end entities and issuing certificatesHow accesses to the CA private key is controlled
Inspection of equipmentsCA server, CA room, backup media, archived logs, a safe box, etc.
Post examination (half day)Post examination (half day)Draft and send an audit reportThe audited CA is requested to send a report on plans for the improvements in 1 week
top related