10th EUGridPMA Meetinggraciously hosted by ULAKBIM

Istanbul, TR

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 2

David Groep – davidg@eugridpma.org

Welcome at theBogazici University, Faculty of Engineering

Welcome from the Organisers

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 3

David Groep – davidg@eugridpma.org

A historic moment

20th grid CA coordination meeting in Europe

From: Kelsey, DP (David)Sent: Monday, November 20, 2000 8:10 PM To: Francois Etienne (E-mail); 'Kors Bos' Subject: CA/Security contacts (DataGrid)

Dear Francois, Kors,

I have had no nominations for security contacts for the meeting on "Certificates for Testbed0" for CNRS or NIKHEF yet.

Please let me know who I should invite.

Regards, Dave ------------------------------------------------ Dr David Kelsey Computing & Resource Management Particle Physics Department Rutherford Appleton Laboratory Chilton, DIDCOT, OX11 0QX, UK

e-mail: XXXXXXXXXX@XXXTel: [+44](0)1235 XXXXXX (direct) Fax: [+44](0)1235 XXXXXX ------------------------------------------------

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 4

David Groep – davidg@eugridpma.org

Still the same issues, but we have learnt much!0. Aims of meeting. Agreement of agenda. Notes/minutes?

1. Roundtable status report.

2. Authentication vs Authorisation I see this to be a major architectural decision. … What should the certificate verify? Just the identity … or also something about membership of particular experiements?

3. How many CA's should be used in the DataGrid testbed?

4. Does a hierarchy add value? Should/can we sign national certificates by a single HEP-root CA?

5. What is the scope of the certificates?

6. Revoking certificates.

7. Naming. What constraints are there on the name fields?

8. What can we learn from other GRID projects or other PKI initiatives? - input to Terena PKI meeting (6th December)?

9. Procedures for running CA's and issuing certificates. We need to convince each other that our certificates can be "trusted".

10. Other issues Period of Validity (CA's, Servers, Users) Key lengths User education Instructions for system managers

11. Who is doing authorisation if we don't? WP2?

12. Storage of certificates? LDAP? agenda 1st EDG CACG meeting, December 2000

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 5

David Groep – davidg@eugridpma.org

Teleconferencing capabilities

VRVS room “Plane”, access code “PMA2007” H323 via the ESnet gateway (dial “88IGTF”)

Istanbul is at GMT+3!!

Aid remote participants – upload your presentations

http://www.eugridpma.org/agenda/fullAgenda.php?ida=a063 Password: *******

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 6

David Groep – davidg@eugridpma.org

Agenda Overview

Update APGridPMA1400

NTUU/KPI

transport0900

AEGIS

1SCPsGrid Cert Profile

Signing Party/TACAR

CA Update:

Update: GridIreland

Meeting Planning

transport 1730

Contentious Issues:• levels of assurance

RP Requirementharmonization

Future directions

Reserved

MONDAY TUESDAY WEDNESDAYIntroduction

Agenda

ROSA

Chair Election

Morocco

OCSP Update

Profiles OverviewMICS Profile

Auditing Guidelines

Change Management

hardware tokens

robot cert progress

NIST PKI ConferenceHighlights &reflections

transport

1600

19.30 Golden Age 1!

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 7

David Groep – davidg@eugridpma.org

Tonight

Meet at 19.30 hrs at the Golden Age 1 hotel lobby

For dinner "Degüstasyon" at Istiklal-Taksim (close to the

hotel) where there will be traditional Turkish food, drink and music!

Note that google maps is updated also indicating the restaurant at local pages.

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 8

David Groep – davidg@eugridpma.org

Round of Welcome and Introduction

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 9

David Groep – davidg@eugridpma.org

Minutes from the Last Meeting

Thanks to Mike Helm, Emir Imamagic

Comments and modifications? New volunteers for this time?

Agenda bashing …

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 10

David Groep – davidg@eugridpma.org

Green: EMEA countries with an Accredited Authority

24 of 27 EU member states (all except LU, MT, RO) + AM, CH, HR, IL, IS, NO, PK, RU, TR

Other Accredited Authorities: DoEGrids (.us), GridCanada (.ca), CERN, SEE catch-all

EUGridPMA members and applicants

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 11

David Groep – davidg@eugridpma.org

The story so far …

0

10

20

30

40

Mar

-01

Sep-0

1

Mar

-02

Sep-0

2

Mar

-03

Sep-0

3

Mar

-04

Sep-0

4

Mar

-05

Sep-0

5

Mar

-06

Sep-0

6

acc

red

ited

CA

sFoundation of the IGTF

allows migration of CAs to Regional PMA

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 12

David Groep – davidg@eugridpma.org

Membership by type

Under “Classic X.509 secured infrastructure” authorities accredited: 39 (recent additions: BG.ACAD) active applicants: 5

(Serbia, Romania, Morocco, Ukraine, Macedonia)

Under “SLCS” accredited: 1 (SWITCH-aai) active applicants: 0

Under MICS draft none yet of course

Major relying parties EGEE, DEISA, SEE-GRID, LCG, TERENA

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 13

David Groep – davidg@eugridpma.org

IGTF Global Status per December 2006

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 14

David Groep – davidg@eugridpma.org

TAGPMA Status and Updates

information from Darcy Quesnel and Alan Sill

New Chair:

Vinod Rebello, UFF, Brazil

New Vice-Chair:

Jim Marsteller, PSC, USA

New Secretary:

Marg Murray, TACC, TX, USA

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 15

David Groep – davidg@eugridpma.org

TAGPMA Status and Updates

information from Darcy Quesnel

Currently Operating CAs

• DoEGrids

• GridCanada

• BRGrid (Brazil)

Recently passed (now completing operational review)

• EELA Catch-All

• TACC Root and Classic (TX, USA)

• REUNA (Chile)

• Venezuela

• Mexico

10th EUGridPMA ‘Istanbul’ meeting – May/June 2007 - 16

David Groep – davidg@eugridpma.org

Round Table Updates