a history of the cacg eugridpma and the igtf
play

A history of the CACG, EUGridPMA, and the IGTF (and some next - PowerPoint PPT Presentation

Feb 11, 2023 •260 likes •610 views

A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep, 2005-11-29 A brief history From the CACG to EUGridPMA to IGTF The EU DataGrid CACG The EUGridPMA:

  1. A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep, 2005-11-29

  2. A brief history … From the CACG to EUGridPMA to IGTF … • The EU DataGrid CACG • The EUGridPMA: charter and growth • IGTF Foundation on October 5 th , 2005 The Federation: structure and documents • Common guidelines • Authentication Profiles • Distribution and common naming • Related bodies: GGF and TACAR Current issues and new challenges David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 2

  3. In the Beginning: the EU DataGrid CACG The EU DataGrid in 2000 needed a PKI for the test bed Both end-user and service/host PKI � CACG (actually David Kelsey) had the task of creating this � PKI for Grid Authentication only � no support for long-term encryption or digital signatures � Single CA was not considered acceptable � Single point of attack or failure � One CA per country, large region or international � organization History CA must have strong relationship with RAs � Some pre-existing CAs � A single hierarchy would have excluded existing CAs and � was not convenient to support with existing software Coordinated group of peer CAs was most suitable choice � David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 3

  4. Five years of growth December 2000 : First CA coordination meeting for the DataGrid project March 2001 : First version of the minimum requirements 5 CAs: France (CNRS), Portugal (LIP), Netherlands (NIKHEF), CERN, Italy (INFN), UK (UK eScience) December 2002 : Extension to other projects: EU-CrossGrid … History David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 4

  5. ‘Reasonable procedure … acceptable methods’ • Requirements and Best Practices for an “acceptable and trustworthy” Grid CA Minimum requirements for RA - Testbed 1 --------------------------------------- An acceptable procedure for confirming the identity of the requestor and the right to ask for a certificate e.g. by personal contact or some other rigorous method The RA should be the appropriate person to make decisions on the right to ask for a certificate and must follow the CP. Communication between RA and CA ------------------------------- Either by signed e-mail or some other acceptable method, e.g. personal (phone) contact with known person Minimum requirements for CA - Testbed 1 --------------------------------------- The issuing machine must be: History a dedicated machine located in a secure environment be managed in an appropriately secure way by a trained person the private key (and copies) should be locked in a safe or other secure place the private keu must be encrypted with a pass phrase having at least 15 characters the pass phrase must only be known by the Certificate issuer(s) not be connected to any network minimum length of user private keys must be 1024 min length of CA private key must be 2048 requests for machine certificates must be signed by personal certificates or verified by other appropriate means ... David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 5

  6. Building the initial trust fabric • Identity only, no roles or authorization attributes (that’s left for other mechanisms) – goal is a single common identity for every person • PKI providers (‘CAs’) and Relying Parties (‘sites’) together shape the minimum requirements • Authorities testify compliance with these guidelines • Peer-review process within the federation to (re) evaluate members on entry & periodically • Reduce effort on the relying parties History • single document to review and assess for all CAs • Reduce cost on the CAs: • no audit statement needed by certified accountants ($$$) • but participation in the Federation does come with a price • Requires that the federation remains manageable in size • Ultimate decision always remains with the RP David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 6

  7. March 2003: The Tokyo Accord • … meet at GGF conferences. … • … work on … Grid Policy Management Authority: GRIDPMA.org • develop Minimum requirements – based on EDG work • develop a Grid Policy Management Authority Charter • [with] representatives from major Grid PMAs: • European Data Grid and Cross Grid PMA: 16 countries, 19 organizations • NCSA Alliance • Grid Canada History • DOEGrids PMA • NASA Information Power Grid • TERENA • Asian Pacific PMA: AIST, Japan; SDSC, USA; KISTI, Korea; Bll, Singapore; Kasetsart Univ., Thailand; CAS, China David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 7

  8. At The End of Data Grid … In December 2003, the EU DataGrid project ended … … and the Grid and CA arena had changed: • the new EGEE project was just one of 3 e -Infrastructures • the LHC Computing Grid turned into a production system • TERENA TF-AACE had established TACAR This called for a pan-European coordinated effort • Encompassing all three e-Infrastructure projects History • To be recognized as a European coordination body • With support from the new e-Infrastructure Reflection Group • Fostered by the Irish EU Presidency in 2004 David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 8

  9. … we published and moved on to … • Best practices of the CACG documented in the paper by David O’Callaghan et al . • Lecture Notes in Computer Science 3470 pp. 285-295 History David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 9

  10. The EUGridPMA “constitution” The European Policy Management Authority for Grid Authentication in e-Science (hereafter called EUGridPMA) is a body • to establish requirements and best practices for grid identity providers • to enable a common trust domain applicable to authentication of end-entities in inter-organisational access to distributed resources. As its main activity the EUGridPMA • coordinates a Public Key Infrastructure (PKI) for use with Grid authentication middleware. The EUGridPMA itself does not provide identity assertions, but instead asserts that - within the scope of this charter – the certificates issued by the Accredited Authorities meet or exceed the relevant guidelines. David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 10

  11. EUGridPMA Membership EUGridPMA membership for (classic) CAs: • A single Certification Authority (CA) • per country, • large region (e.g. the Nordic Countries), or • international treaty organization. • The goal is to serve the largest possible community with a small number of stable CAs • operated as a long-term commitment Many CAs are operated by the (national) NREN (CESNET, ESnet, Belnet, NIIF, EEnet, SWITCH, DFN, … ) or by the e-Science programme/Science Foundation (UK eScience, VL-e, CNRS, … ) David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 11

  12. Coverage of the EUGridPMA Green: Countries with an accredited CA • 23 of 25 EU member states (all except LU, MT) • + AM, CH, IL, IS, NO, PK, RU, TR, “SEE-catch-all” Other Accredited CAs: • DoEGrids (.us) • GridCanada (.ca) • CERN • ASGCC (.tw)* • IHEP (.cn)* * Migrated to APGridPMA per Oct 5 th , 2005 David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 12

  13. The Catch-All CAs Project-centric “catch all” Authorities • For those left out of the rain in EGEE • CNRS “catch-all” (Sophie Nicoud) • coverage for all EGEE partners • For the South-East European Region • regional catch-all CA • For LCG world-wide • DoeGrids CA (Tony Genovese & Mike Helm, ESnet) • Registration Authorities through Ian Neilson David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 13

  14. New CAs: the Accreditation Process Accreditation Guidelines for EUGridPMA Key elements: • Codification of procedures in a CP(S) for each CA • de facto lots of copy/paste, except for vetting sections • Peer-review process for evaluation • comments welcomed from all PMA members • two assigned referees • In-person appearance during the review meeting • Accreditation model for other PMAs typically embedded in their charter … • Peer-auditing and periodic re-evaluation are needed David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 14

  15. Growth of the CACG & EUGridPMA 35 30 25 accredited CAs 20 15 10 History 5 0 Mar-01 Jun-01 Sep-01 Dec-01 Mar-02 Jun-02 Sep-02 Dec-02 Mar-03 Jun-03 Sep-03 Dec-03 Mar-04 Jun-04 Sep-04 Dec-04 David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 15

  16. Solution to Extending Trust: IGTF – the International Grid Trust Federation • common, global best practices for trust establishment • better manageability and coordination of the PMAs APGridPMA TAGPMA The America’s European Asia-Pacific Grid PMA Grid PMA Grid PMA David Groep – davidg@eugridpma.org First APGridPMA Face-to-Face Meeting Beijing – Nov 2005 - 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EUGridPMA Status and Current Trends and some IGTF topics March 2017 APGridPMA Spring Meeting

EUGridPMA Status and Current Trends and some IGTF topics March 2017 APGridPMA Spring Meeting

EUGridPMA Status and Current Trends and some IGTF topics March 2017 APGridPMA Spring Meeting David Groep, Nikhef & EUGridPMA EUGridPMA Topics EUGridPMA (membership) status New CAs: RCauth.eu/AARC CILogon-like TTS; DarkMatter

482 views • 22 slides
42 nd EUGridPMA January 22-24, 2018 Prague, CZ Welcome to Prague! 37 th EUGridPMA Abingdon

42 nd EUGridPMA January 22-24, 2018 Prague, CZ Welcome to Prague! 37 th EUGridPMA Abingdon

42 nd EUGridPMA January 22-24, 2018 Prague, CZ Welcome to Prague! 37 th EUGridPMA Abingdon May 2016 # David Groep davidg@eugridpma.org Presentations and materials Videoconferencing details https://www.eugridpma.org/video

285 views • 7 slides
Globus Toolkit Support Transition Derek Simmel <dsimmel@psc.edu> TAGPMA Chair 41 st

Globus Toolkit Support Transition Derek Simmel <dsimmel@psc.edu> TAGPMA Chair 41 st

T h e A m e r i c a s G r i d Policy Management Authority Globus Toolkit Support Transition Derek Simmel <dsimmel@psc.edu> TAGPMA Chair 41 st EUGridPMA / IGTF All-Hands Meeting September 25-27, 2017 JISC, Manchester, England Globus

98 views • 6 slides
using distributed responsibility David Groep EGI IGTF Liaison www.egi.eu EGI-Engage is

using distributed responsibility David Groep EGI IGTF Liaison www.egi.eu EGI-Engage is

Evolving the EGI trust fabric using distributed responsibility David Groep EGI IGTF Liaison www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142

765 views • 23 slides
Who do you Trust? The roles of certificates, certification authorities and the IGTF in Grid

Who do you Trust? The roles of certificates, certification authorities and the IGTF in Grid

Who do you Trust? The roles of certificates, certification authorities and the IGTF in Grid Computing T h e A m e r i c a s G r i d Policy Management Authority Prof. Vinod Rebello Instituto de Computao Universidade F ederal F

768 views • 18 slides
Evolving Assurance going where? Collaborative, distributed, and generalized assurance beyond

Evolving Assurance going where? Collaborative, distributed, and generalized assurance beyond

Evolving Assurance going where? Collaborative, distributed, and generalized assurance beyond just identity authentication IGTF Generalized LoA, and AARC! With inputs from: Interoperable Global Trust Federation IGTF David Groep

502 views • 17 slides
for Infrastructures EUGridPMA 42 Prague, CZ David Groep davidg@nikhef.nl Event ent 1

for Infrastructures EUGridPMA 42 Prague, CZ David Groep davidg@nikhef.nl Event ent 1

OIDC Federation for Infrastructures EUGridPMA 42 Prague, CZ David Groep davidg@nikhef.nl Event ent 1 establish common policies and guidelines that enable interoperable, global trust relations between providers of e-Infrastructures and

553 views • 10 slides
Globally understandable LoAs Milan Sova Use case CILogon accreditation with IGTF use

Globally understandable LoAs Milan Sova Use case CILogon accreditation with IGTF use

Globally understandable LoAs Milan Sova Use case CILogon accreditation with IGTF use InCommon Silver Q: What is ? A: See the Silver Profile Use case CILogon accreditation with IGTF use InCommon Silver Q: What is ? A: See the

402 views • 5 slides
Trust Federation enabling an interoperable David Groep EUGridPMA global trust fabric also

Trust Federation enabling an interoperable David Groep EUGridPMA global trust fabric also

The International Grid Trust Federation enabling an interoperable David Groep EUGridPMA global trust fabric also supported by EGI.eu EGI-InSPIRE RI-261323, and BiG Grid, the Dutch eScience Grid The Need for a Global Trust Fabric More than

676 views • 21 slides
5 1 Periods of history History is divided into different periods: Prehistory, Ancient History,

5 1 Periods of history History is divided into different periods: Prehistory, Ancient History,

12/03/2020 social UNIT 5 1 Periods of history History is divided into different periods: Prehistory, Ancient History, Middle Ages, Early Modern Age, Modern Age. Each period of history starts and ends with an important event. 2 1

305 views • 5 slides
Robbins Farm History Project Robbins Farm History Project History and Background History and

Robbins Farm History Project Robbins Farm History Project History and Background History and

Robbins Farm History Project Robbins Farm History Project History and Background History and Background History and Background 4th of July, 1937 Stephen Stiles, 1933 The Dog & The House Research: Dog Sculpture Provenance Providence, RI

478 views • 36 slides
Welcome to GCSE History Why study GCSE History? History is continuously changing the world

Welcome to GCSE History Why study GCSE History? History is continuously changing the world

Welcome to GCSE History Why study GCSE History? History is continuously changing the world around us and historic events have helped to shape our society today. Learning about past events and the people whove influenced history will allow

578 views • 15 slides
Making History with the Masses, Revisited History Unfolded and the Realities of Citizen History

Making History with the Masses, Revisited History Unfolded and the Realities of Citizen History

Making History with the Masses, Revisited History Unfolded and the Realities of Citizen History Elissa Frankle United States Holocaust Memorial Museum efrankle@ushmm.org @museums365 Three years ago And then we learned. Avsar Aras CC

785 views • 50 slides
THE HISTORY THE DESIGN PROCESS THE INFLUENCE THE HISTORY OF ANIMATION 3,000 BC 1,500 AD 1603

THE HISTORY THE DESIGN PROCESS THE INFLUENCE THE HISTORY OF ANIMATION 3,000 BC 1,500 AD 1603

THE HISTORY THE DESIGN PROCESS THE INFLUENCE THE HISTORY OF ANIMATION 3,000 BC 1,500 AD 1603 - 1877 THE HISTORY OF ANIMATION 1906 1919 - 1928 THE HISTORY OF ANIMATION The Golden Age 1930 1933 1937 THE HISTORY OF ANIMATION

495 views • 20 slides
Workshop Sponsors 1 11/5/2012 Site Name Here Todays Presenters FA professional name FA

Workshop Sponsors 1 11/5/2012 Site Name Here Todays Presenters FA professional name FA

11/5/2012 2012 High School Counselor Financial Aid Workshop Workshop Sponsors 1 11/5/2012 Site Name Here Todays Presenters FA professional name FA professional name CACG advisor name HEAB name DPI name Todays Agenda 8 am

727 views • 59 slides
Acts as Biblical History? J. Huizinga, A Definition of the Concept of History in Philosophy

Acts as Biblical History? J. Huizinga, A Definition of the Concept of History in Philosophy

Setting the scene History is the intellectual form in which a civilization renders account to itself of its past. Acts as Biblical History? J. Huizinga, A Definition of the Concept of History in Philosophy and History: Essays

256 views • 7 slides
The Open Container Initiative Establishing standards for an open ecosystem Jonathan Boulle

The Open Container Initiative Establishing standards for an open ecosystem Jonathan Boulle

The Open Container Initiative Establishing standards for an open ecosystem Jonathan Boulle @baronboulle | jonathan.boulle@coreos.com A short agenda Why do we care about standards? Where have container standards come from? Where

1.46k views • 84 slides
From ER Diagrams to the Relational Model Rose-Hulman Institute of Technology Curt Clifton

From ER Diagrams to the Relational Model Rose-Hulman Institute of Technology Curt Clifton

From ER Diagrams to the Relational Model Rose-Hulman Institute of Technology Curt Clifton Review Entity Sets and Attributes Entity set: collection of things in the DB Attribute: property of an entity calories name Soda

395 views • 25 slides
Overview of NDN Pla/orm, Applica5on Libraries, and API

Overview of NDN Pla/orm, Applica5on Libraries, and API

Overview of NDN Pla/orm, Applica5on Libraries, and API NDNComm 2014 September 4, 2014 jburke@ucla.edu 1 Mo<va<on The NDN project's approach

654 views • 29 slides
Advanced Publish/Subscribe Communication Services Antonio Carzaniga and Alexander L. Wolf

Advanced Publish/Subscribe Communication Services Antonio Carzaniga and Alexander L. Wolf

Advanced Publish/Subscribe Communication Services Antonio Carzaniga and Alexander L. Wolf University of Colorado at Boulder Boulder, Colorado USA {carzanig alw}@cs colorado edu {carzanig,alw}@cs.colorado.edu About the Tutors Antonio

1k views • 96 slides
Azure AppFabric WebDay, Porto, Feb. 2, 2010 Pedro Flix ( pedrofelix em cc.isel .ipl.pt) Azure

Azure AppFabric WebDay, Porto, Feb. 2, 2010 Pedro Flix ( pedrofelix em cc.isel .ipl.pt) Azure

An introduction to the Azure AppFabric WebDay, Porto, Feb. 2, 2010 Pedro Flix ( pedrofelix em cc.isel .ipl.pt) Azure AppFabric Set of services Service Bus (SB) Access Control Service (ACS) Running in the cloud Based on

620 views • 31 slides
Personal presenta,ons To be presented at opening of seminar. Max presenta,on ,me: 30 seconds

Personal presenta,ons To be presented at opening of seminar. Max presenta,on ,me: 30 seconds

Personal presenta,ons To be presented at opening of seminar. Max presenta,on ,me: 30 seconds Please email your presenta,on to Borje.Ohlman@ericsson.com Deadline: Monday June 20 th 8:00 CET Randy Bush Internet In'ta've Japan Seminar topic

773 views • 35 slides
Management of Large Management of Large Networks New Frontiers in Computing San Jose State

Management of Large Management of Large Networks New Frontiers in Computing San Jose State

Management of Large Management of Large Networks New Frontiers in Computing San Jose State University A August 14, 2010 t 14 2010 P Pradeep Kathail d K th il CTO, NSSTG, Cisco pkathail@cisco.com pkathail@cisco.com 1 Agenda Agenda

532 views • 16 slides
Computer Security Security.di.unimi.it/sicurezza1314/ Chapter 1: 1 Info corso di Sicurezza

Computer Security Security.di.unimi.it/sicurezza1314/ Chapter 1: 1 Info corso di Sicurezza

Computer Security Security.di.unimi.it/sicurezza1314/ Chapter 1: 1 Info corso di Sicurezza Docente corso Andrea Lanzi: andrea.lanzi@unimi.it Pagina corso: http://security.di.unimi.it/sicurezza1314/ Orario di ricevimento su

425 views • 23 slides

More recommend