european grid policy management authority. event - 2/total speaker name – [email protected]...
TRANSCRIPT
European Grid Policy Management Authority
Event - 2/totalSpeaker Name – [email protected]
Coverage of the EUGridPMA
Green: Countries with an accredited CA 23 of 25 EU member states (all except LU,
MT) + AM, CH, IL, IS, NO, PK, RU, TR, “SEE-catch-
all”
Other Accredited CAs: DoEGrids (.us) GridCanada (.ca) CERN
* Migrated to APGridPMA per Oct 5th, 2005 find-your-CA clickable map at http://www.eugridpma.org/members/worldmap/
Event - 3/totalSpeaker Name – [email protected]
Web News
OID Registry for the IGTF on the webhttp://www.eugridpma.org/objectid/
Find-Your-CA clickable maphttp://www.eugridpma.org/members/worldmap/
Subject Locatorhttp://www.eugridpma.org/showca
Member statushttp://www.eugridpma.org/members/members-full
CA statushttp://signet-ca.ijs.si/nagios/ (user guest:guest)
Wikihttps://grid.ie/eugridpma/wiki/ (register with David OC)
Event - 4/totalSpeaker Name – [email protected]
Classic AP Proposed Changes
CRL distribution point: now states that http must be in the EE certificate. It would be good to allow other URIs, as long as the CA in addition continues to provide an http URI for use by the "fetch-crl" mechanism
Revocation by users: put a timeline of requests for revocation by the user. Now the obligation to report is there, but no deadline assigned to it
Rekeying (instead of renewal) should be required in the MR (for software tokens only?)
The "RA involvement" in the renewal/rekey process must be mentioned in the MR, as it is currently only in some obscure minutes from an old CACG meeting
Face-to-face requirement: it "SHOULD be face to face, and if not, the CA MUST prove how its own process is roughly equivalent to a F2F".
Event - 5/totalSpeaker Name – [email protected]
Some Current Issues
Certificate profile several ‘odd’ attributes are causing problems with
popular middleware started page on the Wiki, should result in a GGF doc
again
Format and distribution some ‘coordinated deployment’ projects like EGEE
have trouble in pushing new releases
CSR delivery better linking the identity vetting to the CSR delivery to
RA/CA
CA monitoring still a large number of ‘almost expiring’ CRLs