GÉANT edupki in 6 Slides Servicing GÉANT Services

Similar documents
Securing Service Access with Digital Certificates

Overcoming the PKI hierarchy problem. PMAs and TACAR. Diego R. Lopez RedIRIS

TELSTRA RSS CA Subscriber Agreement (SA)

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Trusted Certificate Service

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

83/376. Technical Evaluation Questionnaire. DIGIT/R2/PO/2009/035 PKI Services - Tendering specifications

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

Bugzilla ID: Bugzilla Summary:

Certification Practice Statement

ITL BULLETIN FOR JULY Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)

APPLICATION FOR DIGITAL CERTIFICATE

Validating Digital Signatures in Adobe

Independent Accountants Report

TeliaSonera Server Certificate Policy and Certification Practice Statement

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

WEBTRUST FOR CERTIFICATION AUTHORITIES SSL BASELINE REQUIREMENTS AUDIT CRITERIA V.1.1 [Amended 1 ] CA/BROWSER FORUM

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Danske Bank Group Certificate Policy

An introduction to EJBCA and SignServer

Federal Public Key Infrastructure (FPKI) Compliance Audit Requirements

CERTIFICATION PRACTICE STATEMENT UPDATE

Presented by Jordi Palet Consulintel. University of Murcia (Spain)

VeriSign Trust Network Certificate Policies

Impact of Public Key Enabled Applications on the Operation and Maintenance of Commercial Airplanes

How to Determine the Proxy Extension of a Grid Trust

Government CA Government AA. Certification Practice Statement

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

GlobalSign CA Certificate Policy

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

Equens Certificate Policy

Securing Service Access with Digital Certificates Best Practice Document

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

Internet Security Research Group (ISRG)

Symantec Trust Network (STN) Certificate Policy

Public Key Infrastructure

Class 3 Registration Authority Charter

epki Root Certification Authority Certification Practice Statement Version 1.2

DigiCert Certification Practice Statement

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright , The Walt Disney Company

Overview of DFN`s Certificate Services - Regular, Grid and short-lived -

Based on: CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.1.

Visa Public Key Infrastructure Certificate Policy (CP)

Independent Accountants Report

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

Advantage Security Certification Practice Statement

TeleTrusT European Bridge CA Status and Outlook

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

Trusting the ECA Certificate Authority in Microsoft Internet Explorer

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

Certificate Management

EuropeanSSL Secure Certification Practice Statement

Comodo Certification Practice Statement

IPv4 Shortage Multiple SSL Certificates on a single IP address

How To Understand And Understand The Security Of A Key Infrastructure

Trusted Certificate Service (TCS)

ING Public Key Infrastructure Technical Certificate Policy

Public Key Infrastructure (PKI)

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Getronics Certification Certificate of Authentic Trustworthy

Gandi CA Certification Practice Statement

TC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates

TR-GRID CERTIFICATION AUTHORITY

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3.

thawte Certification Practice Statement

HKUST CA. Certification Practice Statement

Symantec Managed PKI Service for Windows Service Description

Comodo Certification Practice Statement

Version 2.4 of April 25, 2008

Comodo Certification Practice Statement

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

Fraunhofer Corporate PKI. Certification Practice Statement

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement

ETSI TR V1.1.1 ( )

WebTrust SM/TM for Certification Authorities WebTrust Principles and Criteria for Certification Authorities Extended Validation Code Signing

StartCom Certification Authority

KIBS Certification Practice Statement for non-qualified Certificates

The Digital Certificate Journey from RACF to PKI Services Part 2 Session J10 May 11th 2005

CMS Illinois Department of Central Management Services

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

Ericsson Group Certificate Value Statement

TR-GRID CERTIFICATION AUTHORITY

e-signature as a Service

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

Department of Defense PKI Use Case/Experiences

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

CERTIFICATION PRACTICE STATEMENT (CPS) SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version 2.0

Citizen CA Certification Practice statement

WebTrust SM/TM for Certification Authorities WebTrust Principles and Criteria for Certification Authorities Extended Validation SSL Version 1.4.

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Websense Content Gateway HTTPS Configuration

CA-DAY Michael Kranawetter, Chief Security Advisor (Tom Albertson, Security Program Manager) Microsoft

SSL.com Certification Practice Statement

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

Transcription:

GÉANT edupki in 6 Slides Servicing GÉANT Services Reimer Karlsen-Masur, DFN-CERT Services GmbH Slides & Related Materials @ https://www.edupki.org GN3plus Symposium 24 25 February 2015 Athens

Outline The 3 building-blocks of edupki are edupki Policy Management Authority edupki PMA which sets the coordinating frame and quality standards with its governing documents for edupki participants edupki Certification Authority edupki CA which supplies GÉANT Services with SSL certificates edupki's Trust Anchor Repository TERENA Academic CA Repository (TACAR) which provides a trustworthy download service for CA certificates for edupki participants 2

edupki PMA Policy Management Authority (PMA) manages Policies of Public-Key-Infrastructures (PKIs) and their Certification Authorities (CAs) focus on SSL certificates interacts with GN services (the Relying Parties) to assess their PKI security requirements; if SSL certificates fit, offers solutions to address the requirements by defining requirements as Trust Profiles interacts with NREN CAs to engage them CAs adopt Trust Profiles and get accredited by PMA publishes the Trust Profiles and a list of accredited CAs in TACAR https://www.edupki.org/edupki-pma/ 3

edupki CA Certification Authority (CA) edupki's own CA issuing SSL certificates to GN services for try-out, demo, test and proof-of-concept purposes to support those providers and users of GN services that cannot use any NREN CA service for suitable SSL certificates for their GN service running in established DFN-PKI trust-centre which is providing the environment for its secure operation governed by its policy documents, i.e. Certificate Policy (CP) and Certification Practice Statement (CPS) accredited under the edupki Trust Profiles for eduroam Certificates, Certificates for GÉANT's Multi-Domain Network Services and Generic Server- and Client-Machine-Certificates 3 specific Registration Authorities (RAs) for GN services: eduroam, GN's Multi-Domain Network Services and GÉANT-IT https://www.edupki.org/edupki-ca/ 4

TACAR edupki s CA Repository CA Certificate Repository utilizing TERENA's TACAR secure & trustworthy trust anchor repository provides a central repository for providers of GN services (the Relying Parties) to find / download (Root-) CA certificates of mainly NREN / project PKIs CA's policy documents & contact info TACAR provides one TACAR Trust Category per edupki Trust Profile TACAR lists all accredited compliant CAs under the pertinent TACAR Trust Category Relying Parties can find / download all accredited CA certificates under a specific TACAR Trust Category with a view clicks https://www.edupki.org/tacar/ 5

edupki's KPIs and Future Plans KPI Target Baseline Measured Availability (%) of www.edupki.org 99.9 99.4 99.95 Certificate Status Check Availability (%) (CRL Download & OCSP) 99.99 99.9 100 RA Service (certificate application & approval) availability (%) 99.9 99.7 99.99 CA Service (certificate & CRL issuance) availability (%) 99.9 99.7 99.9 Future Plans Keep the availability KPIs high Get involved with the Certificate Transparency work that JRA3T2 is doing GN4: Move from SA5/T1 (Application Services / edupki) to SA4/T2 (Production Application Services and Infrastructure / Production And Support) 6

Expiring eduroam certificates Expiring eduroam Service and Identity Provider and Proxy certificates Watch out for the expiring dates of your eduroam certificates! The first eduroam certificates will expire from 01/2016 on A loooooooooooooooooong time till 2016 BUT that is during the transition phase of eduroam ops to SA4 7

Thank you and any questions? Hello! You can add your own text here Slides available from https://www.edupki.org/documents/ Contact: edupki GN3plus SA5 T1 Reimer Karlsen-Masur, DFN-CERT Services GmbH contact@edupki.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information