Download - a Grid certificate in 5 minutes
![Page 1: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/1.jpg)
a Grid certificate in 5 minutes
large scale federated automated issuing of grid certificates
Jan Meijer EGEE’0921-25 Sept 2009
Barcelona
![Page 2: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/2.jpg)
me
• 1998-2007: SURFnet – CERT, security, PKI, systems
engineering, e-voting
• 2007-now: UNINETT – service development, storage,
PKI
![Page 3: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/3.jpg)
collaborative service
the true story of developing a sustainable scalable pan-European service
![Page 4: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/4.jpg)
Problem 1
Norwegian Grid, HPC, Data Storage
Norwegian authentication infrastructure (AAI)
?
![Page 5: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/5.jpg)
Problem 2
eScience Gridauthentication =
x.509 certificates
![Page 6: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/6.jpg)
Traditional certificate issuing
![Page 7: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/7.jpg)
Manual identity vetting
annoying for the user
annoying for the service provider
![Page 8: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/8.jpg)
your identity has been vetted!
![Page 9: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/9.jpg)
Solution: reuse and automate
![Page 10: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/10.jpg)
not new:SLCS/MICS
![Page 11: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/11.jpg)
establish the service
1. Certificate issuing backend
2. Web portal front end
3. EuGridPMA accreditation
![Page 12: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/12.jpg)
EUgridPMA accreditation?
![Page 13: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/13.jpg)
establish service=
people hours + $$
![Page 14: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/14.jpg)
Automation scales: share the cost!
![Page 15: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/15.jpg)
use technology
an online automated CA can handle 100.000s of requests
AAI Federations
![Page 16: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/16.jpg)
TERENA Certificate Service
combined acquisition of certificates
operational since March 2006
current provider: Comodo
![Page 17: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/17.jpg)
TERENA Certificate Serviceby NRENs for NRENs
![Page 18: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/18.jpg)
SCS Numbers
Participating NRENs 18 (3 recent)
Certificates issued 19,400
Participating organisations
2,225
Proxies 3,800
Apr 2006 – Aug 2008
![Page 19: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/19.jpg)
TCS
• TERENA SSL CA: Server certificates• TERENA eScience SSL CA• TERENA Code Signing CA
• TERENA Personal CA• TERENA eScience Personal CA
![Page 20: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/20.jpg)
TCS
Parti
cipa
ting
NRE
Ns
Country Member org. Server Code Signing Personal
Austria ACOnet X X X
Belgium BELNET X X X
Croatia CARnet X
Czech Republic CESNET X X
Denmark UNI-C X
France RENATER X X
Greece GRNET X X
Hungary HUNGARNET X
Ireland HEAnet X X
Italy GARR X
Lithuania LITNET X X
Malta UoM X
Netherlands SURFnet X X X
Norway UNINETT X X X
Poland PSNC X X X
Portugal FCCN X
Slovenia ARNES X
Spain RedIRIS X X X
Sweden SUNET X X X
UK JANET X
20 7 12
![Page 21: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/21.jpg)
TERENA eScience Personal CA
![Page 22: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/22.jpg)
TERENA eScience Personal CA
![Page 23: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/23.jpg)
Delegated Responsibilities
![Page 24: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/24.jpg)
Governance
• Service responsible: TERENAdelivers on behalf of participating NRENs
• Important decisions: SCS-Rep per NREN• Day-to-day: TCS PMA
Kent Engström, Jan Meijer, Kevin Meynell, Teun Nijssen, Milan Sova
![Page 25: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/25.jpg)
steps to production
• EUgridPMA accreditation:– formal start in Oct 2009
• Portal software development:– production ready in Sept 2009
• Shared portal (.cz, .fi, .nl, .no, .se)– production Oct 2009
• Service operational: – Nov 2009
![Page 26: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/26.jpg)
a story of smooth collaboration
• UNINETT/Sigma coordinates
• NGIs, NRENs and AAI Federations ofCzech Republic, Denmark, Finland, Netherlands, Norway, Sweden
• TERENA, NDGF, all TCS NRENs
• and countless others....
![Page 27: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/27.jpg)
Funding
• development:– UNINETT/Sigma, TERENA, NDGF, other
participants
• operations:– NRENs
![Page 28: a Grid certificate in 5 minutes](https://reader035.vdocument.in/reader035/viewer/2022070408/568143ab550346895db0346e/html5/thumbnails/28.jpg)
soon
your grid certificatein 5 minutes
through an NREN near you
http://www.terena.org/tcs/http://www.confusa.org/
jan.meijer uninett.no