TERENA Certificate Service (TCS) 9 June 2011 Background Many - - PowerPoint PPT Presentation

terena certificate service
SMART_READER_LITE
LIVE PREVIEW

TERENA Certificate Service (TCS) 9 June 2011 Background Many - - PowerPoint PPT Presentation

Feb 21, 2024 180 likes •296 views

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the pop-up problem). Purchasing certificates directly from commercial CAs is expensive

slide-1
SLIDE 1

TERENA Certificate Service (TCS)

9 June 2011

slide-2
SLIDE 2

Slide 2

› Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the ‘pop-up’ problem). › Purchasing certificates directly from commercial CAs is expensive in bulk.

Background

slide-3
SLIDE 3

Slide 3

› Five types of certificate available:

› Server Certificate - for authenticating servers and establishing secure sessions with end clients. › e-Science Server Certificate - for authenticating Grid hosts and services. These are IGTF compliant. › Personal Certificate - for identifying individual users and securing e-mail communications. › e-Science Personal Certificate - for identifying individual users accessing Grid services. These are IGTF compliant. › Code-signing Certificates - for authenticating software distributed over the Internet.

› Comodo is also offering free EV certificates for a limited period.

Certificate Types

slide-4
SLIDE 4

Slide 4

NREN/Country S P C NREN/Country S P C ACOnet AT    LITNET LT  

  • BELNET

BE    UoM MT  

  • CARNet

HR 

  • SURFnet

NL    Cyprus CY    UNINETT NO    CESNET CZ  

  • PSNC

PL    UNI•C DK  

  • FCCN

PT 

  • FUNET

FI  

  • RoEduNet

RO  

  • RENATER

FR  

  • AMRES

RS  

  • GRNET

GR  

  • ARNES

SI 

  • HUNGARNET

HU 

  • RedIRIS

ES    HEAnet IE    SUNET SE    GARR IT  

  • JANET(UK)

UK 

  • IUCC

IL  

  • Participants
slide-5
SLIDE 5

Delegated Responsibilities & Scaling

slide-6
SLIDE 6

Built using contracts

  • scales well to large numbers of organisations and users
  • assurance requirements on subscribers ensure quality ID
  • bound through legal contracts
slide-7
SLIDE 7

Slide 7

› Several NRENs decided to pool resources and operate common portal for personal certificates. › Hosted on resilient servers at Tilburg University under contract to TERENA. › Utilises Confusa software. › Each NREN community needs to operate at least one IdP, but multiple IdPs are supported. › Participants:

› ACOnet (AT), BELNET (BE), FUNET (FI), GARR (IT), RENATER (FR), SUNET (SE), SURFnet (NL), UNI-C (DK), UNINETT (NO)

TCS Portal

slide-8
SLIDE 8

Authenticating users via Subscriber and Federation

National research-education federations provide the basis for authenticating users and obtaining key attributes like a persistent unique identifier and including assurance level via service entitlements

User’s home organisation NREN or Federation Operator

slide-9
SLIDE 9

Slide 9

› Server Certificates

› Since 1 Jul 2009 - 45,710 (most JANET(UK) with 9,321 )

› eScience Server Certificates

› Since 1 Oct 2010 - 42 (most PSNC with 16)

› Personal Certificates

› Since 5 Feb 2010 - 1,169 (most 499 with CESNET)

› eScience Personal Certificates

› Since 5 Feb 2010 - 547 (most 332 with UNINETT)

› Code-Signing Certificates

› Since 1 June 2010 - 52 (most 13 with PSNC)

Statistics

(1 Jul 2009 - 31 Dec 2010)

slide-10
SLIDE 10

TCS eScience - global recognition

Meets the IGTF requirements for long-term integrated credential services and thereby has global recognition by all major e-Infrastructures

slide-11
SLIDE 11

Reach of the TCS Personal service

The TCS portals – trustworthy credentials in 3 clicks and 2 minutes dark-blue: eScience Personal deployed