terena certificate service
play

TERENA Certificate Service Milan Sova CESNET Agenda History TCS - PowerPoint PPT Presentation

Mar 15, 2024 •6 likes •176 views

TERENA Certificate Service Milan Sova CESNET Agenda History TCS Structure Procedures Conclusions History pop-up free server certificates History: SCS TERENA Server Certificate Service summer 2004: first idea

  1. TERENA Certificate Service Milan Sova CESNET

  2. Agenda ● History ● TCS Structure ● Procedures ● Conclusions

  3. History “pop-up free server certificates”

  4. History: SCS ● TERENA Server Certificate Service – summer 2004: first idea – Dec 2004: SCS project started – Sep 2005: Call for Proposals – Jan 2006: Contract with GlobalSign (1 year) ● 8 NRENs – March 16 2006: service operational – Jan 2007: Contract prolonged (3 years)

  5. History: SCS -> TCS ● Sep 2008: new Call for Proposals ● Apr 2009: Contract with Comodo CA Ltd. – server, personal, object signing certificates => TCS (TERENA Certificate Service) ● Jul 2009: TERENA SSL CA operational ● Feb 2009: TERENA eScience Personal CA accredited by EUGridPMA, operational ● Feb 2009: TERENA Personal CA operational

  6. TCS “PKI that works”

  7. TCS Characteristics ● 22 NRENs ● flat fee – unlimited number of certificates ● 5 CAs operated by Comodo – including CRL, OCSP – access via HTTP API – implicitly trusted by major OSs and software ● RA roles and issuance managed by NRENs – except for object signing

  8. Legal Structure ● Contract TERENA – Comodo ● Contracts TERENA – NRENs ● Contracts NREN – member organizations – all referring CPS ● 3 CPs – Server & Object Signing ● including eScience Server – Personal – eScience Personal

  9. TCS CAs ● TERENA SSL CA ● TERENA eScience SSL CA ● TERENA Personal CA* ● TERENA eScience Personal CA* ● TERENA Code Signing CA* * optional (surcharge)

  10. TCS Certificate Chain (AddTrust External CA Root) UTN-USERFirst-Hardware UTN-USERFirst-Object UTN-USERFirst-Client Authentication and Email TCS TCS TCS TCS TCS SSL eScience SSL eScience Personal Personal Object Signing End Entity End Entity End Entity End Entity End Entity End Entity End Entity End Entity End Entity End Entity

  11. Procedures “solid and usable”

  12. Procedures: Server ● NREN – web portal – register of organizations ● administrators ● DNS zones

  13. Procedures: Server ● server admin requests a certificate – DNS names ● checked by the portal against the register – public key (PKCS#10) ● organization admin – checks DNS – requester relation – approves

  14. Procedures: Personal ● “self-service” certificate issuance ● federated portal – front-end to TCS CA ● organizations – Identity Providers – identity checked using official ID – account management – attributes release

  15. Attributes ● eduPersonEntitlement – authorization & eligibility ● uniqueID – traceability, naming conflicts ● commonName ● email

  16. Conclusions ● cost-effective ● implicitly trusted by common software ● SSL server authentication ● S/MIME, user authentication ● grid user authentication – grid SSL server accreditation pending ● easy to use

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the pop-up problem). Purchasing certificates directly from commercial CAs is expensive

295 views • 11 slides
TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server

TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server

TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European Research & Educational community Jan Meijer Amsterdam, 24 Januari 2006 High-quality I nternet for higher education

673 views • 10 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA

TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA

15 February, 2011 Ljubljana, Slovenia Peter Szegedi, PDO szegedi@terena org szegedi@terena.org www.terena.org TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA offers a forum to collaborate,

292 views • 17 slides
TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been

TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been

TF-Storage meeting 26-27 September 2012 Dubrovnik, Croatia Peter Szegedi Project Development Officer szegedi@terena.org www.terena.org TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been actively

545 views • 21 slides
Applications and Services Motivations, history 1 t E2E W 1st E2E Workshop in 2008 k h i 2008

Applications and Services Motivations, history 1 t E2E W 1st E2E Workshop in 2008 k h i 2008

3rd E2E Provisioning Workshop Prague, Czech Republic 29-30 November, 2010 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop series 3rd workshop on Applications and

540 views • 15 slides
A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13,

A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13,

Testbeds as a Service Building Future Networks A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13, 2013 From Innovation to Infrastructure Network Innovation requires testing to prove out...

360 views • 24 slides
May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius

May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius

May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius Disposal Service, Inc. to Evergreen Disposal & Recycling, Inc. Theresa Koppang Solid Waste Management Supervisor May 9, 2019 Certificate Transfer

178 views • 7 slides
Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor

Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor

Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor Reijs, HEAnet victor.reijs@heanet.ie 22 November 2012 1 Agenda Clouds and XaaS services... OpenFlow, SDN and NaaS... Why Network as a

462 views • 23 slides
TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL

TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL

TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL CA TERENA Personal CA TERENA eScience Personal CA TERENA Code Signing CA Concept CA as SAML SP RAs as SAML IdPs

814 views • 10 slides
Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop

Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop

Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop Amsterdam 18 th March 2013 connect communicate collaborate Videoconference Tipical Situation I need to setup a VC meeting! What is the IP

756 views • 10 slides
Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service

Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service

Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service Department Aaron Kisicki May 28, 2015 NDCAP Meeting 10 V.S.A. 6522 Entergy must receive 248 CPG for ISFSI PSB findings: Adequate

469 views • 4 slides
EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids

EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids

Enabling Grids for E-sciencE EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids Workshop - AMSTERDAM, 2006-12-06 Vassiliki Pouli (GRNET/NTUA) www.eu-egee.org EGEE-II INFSO-RI-031688 Outline Enabling

407 views • 14 slides
9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio

9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio

TERENA EuroCAMP Workshops Cork, Ireland 18-19 May 2009 Peter Szegedi PDO szegedi@terena.org www.terena.org 9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio florio@terena.org Peter Szegedi

204 views • 6 slides
Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net

Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net

Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net Joint Workshop Amsterdam 18 th March 2013 connect communicate collaborate Objectives Identify a set of policies recommendations that can

400 views • 16 slides
Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February

Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February

Research & Education and Cloud Industry Partnership in Europe Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February 2012 About TF-Storage A Task Force is established under the auspices of the

400 views • 15 slides
Normal Forms and Physical Database Design Ramakrishnan & Gehrke, Chapter 17 & 18 320302

Normal Forms and Physical Database Design Ramakrishnan & Gehrke, Chapter 17 & 18 320302

Normal Forms and Physical Database Design Ramakrishnan & Gehrke, Chapter 17 & 18 320302 Databases & Web Services (P. Baumann) Road Map Normal Forms Functional Dependencies Normal Forms Decomposition Physical

620 views • 46 slides
Outline Common Errors & Tax Obligations Correct Treatment Offences & Filing of Income

Outline Common Errors & Tax Obligations Correct Treatment Offences & Filing of Income

Outline Common Errors & Tax Obligations Correct Treatment Offences & Filing of Income Tax Penalties Returns Beauty & Beauty & Wellness Voluntary Keeping of Proper Disclosure Records & Accounts Industry Industry

1.2k views • 71 slides
Assuring Meaningful Learning Using Evidence based Strategies Cary Kreutzer, EdD, MPH, RD July

Assuring Meaningful Learning Using Evidence based Strategies Cary Kreutzer, EdD, MPH, RD July

Training Adult Learners: Training Techniques Assuring Meaningful Learning Using Evidence based Strategies Cary Kreutzer, EdD, MPH, RD July 10, 2014 1 Objectives Learning Assessment Delivery - Evaluation Organization Understand

688 views • 22 slides
International Income Taxation Chapter 1: I NTRODUCTION Professors Wells January 13, 2014 Chapter

International Income Taxation Chapter 1: I NTRODUCTION Professors Wells January 13, 2014 Chapter

Presentation: International Income Taxation Chapter 1: I NTRODUCTION Professors Wells January 13, 2014 Chapter One: Introduction Problem of Primary versus Secondary Taxing Jurisdiction: 1) Inbound investment and business activities (US Taxing

594 views • 38 slides
Certificate Directory for SIP Cullen Jennings fluffy@cisco.com SIP Security & SMIME SIP

Certificate Directory for SIP Cullen Jennings fluffy@cisco.com SIP Security & SMIME SIP

Certificate Directory for SIP Cullen Jennings fluffy@cisco.com SIP Security & SMIME SIP Security depends on S/MIME with user certificates Encryption of SDP (and keys for SRTP) Refer Identity Request History End to

275 views • 5 slides
User-centric Security Models Manuel Ziegler Advisor: Heiko Niedermayer Seminar Future Internet

User-centric Security Models Manuel Ziegler Advisor: Heiko Niedermayer Seminar Future Internet

User-centric Security Models Manuel Ziegler Advisor: Heiko Niedermayer Seminar Future Internet SS 2015 Chair for Network Architectures and Services Department for Computer Science Technische Universitt Mnchen April 10, 2015 Technische

904 views • 17 slides
Model for SMTP Use User SMTP Sender Receiver Commands/Replies SMTP SMTP File File and

Model for SMTP Use User SMTP Sender Receiver Commands/Replies SMTP SMTP File File and

Model for SMTP Use User SMTP Sender Receiver Commands/Replies SMTP SMTP File File and Mail System System Sender-SMTP Receiver-SMTP The SMTP Commands HELLO (HELO) - identify the sender-SMTP to the receiver-SMTP. MAIL (MAIL) - initiate

191 views • 3 slides
802.1X and Faucet Michael Baird Michael.Baird@ecs.vuw.ac.nz 19-10-2017 FAUCET Conference

802.1X and Faucet Michael Baird Michael.Baird@ecs.vuw.ac.nz 19-10-2017 FAUCET Conference

802.1X and Faucet Michael Baird Michael.Baird@ecs.vuw.ac.nz 19-10-2017 FAUCET Conference Outline Introductjon to 802.1X Design Implementatjon Example confjgs/demo Future work 2 Introduction IEEE 802.1X Port-Based

678 views • 35 slides

More recommend