-
BackgroundMany Asia-Pacific countries are going to have strong
motivation for international collaboration with the outside of Asia
Pacific.LCG, OSC, TeraGrid, etcPRAGMA & TeraGrid, UK-eScience,
EGEE, etc.Key issue for the collaboration is CA operationMost
Certificate Authorities in Asia-Pacific countries were
experimental-levelNo CP/CPSNot strictly operated
-
Background (contd)Problems of authentication federationsAll CAs
should keep the same level of operation.How the CA is securely
operated?Use HSM? Dedicated CA room?All CAs should have no conflict
in policyHow the CA identifies end entities?Use face-to-face
meeting? Telephone? etc.Policy Management Authority (PMA) is a
coordination body of CA policies and operations.
-
Policy Management Authority (PMA)Currently, there are three
regional PMAsEUGrid PMA (established May 2004)Former: EUDG WP6 CA
Coordination Group (started in 2002)TAG PMA (going to be
established)One of the founding members: DOEGrid PMA (started in
2002)APGrid PMA (established June 2004)Unofficially started in
2003Each regional PMA is responsible forcoordination of CA policy
within the regioncoordination of CA policy with the other regional
PMAs
-
History of PMAsGGF7@Tokyo, March 2003First meeting with EU, DOE,
and AP membersAgreed with working on forming the Grid PMA.develop
minimum requirementsdevelop GridPMA charterContinuous discussions
between AP, EU, and TAG PMA for International Grid Trust
Federation.GGF12 and EUGrid PMA meeting@Brussels, September
2004GGF13@Seoul, March 2005EUGridPMA meeting@Tallinn, May
2005GGF14@ChicagoGGF15@BostonWe (AP, EU, TAG PMAs) have agreed with
trust with each other for the federation.
-
APGrid PMA: Asia Pacific Grid PMAGeneral Policy Management
Authority in Asia PacificNot specific for ApGrid, Not specific for
PRAGMALaunched on June 1st, 2004Defines minimum CA
requirementsAPGrid PMA approved that we accept two levels of
CA:Experimental-level CAAlternative of the Globus CACan be trusted
within A-P communitiesProduction-level CAStrict management is
necessaryExpected to be trusted by international communities
-
APGridPMA: Status (Members and CAs)
-
APGridPMA: Activities (contd)Defines and approves documents such
as charter and the minimum CA requirementsAccreditation of CAs6
accredited CAsAIST, IHEP, KISTI, NAREGI, ASGCCin operationAPAC,
KEKgoing to be in operationAuditAudit checklist was drafted based
on WebTrust criteria and the minimum CA requirementAIST, ASGCC,
IHEP, CNIC have been audited by the other CAs.
-
APGridPMA: ActivitiesRegular (monthly) VTC.Brief status reports
of each CAIn-depth report of a CADecisionsExamination for
accreditation of a CAApproval of charter, minimum CA requirements,
etc.Open discussions(physical) face-to-face meeting once per
year.1st face-to-face meeting was in Dec. 2005, Beijing.Discussions
by emailsDiscussions with the other PMAs
-
Status and challengesInternational Grid Trust Federation (IGTF)
has been officially approved at the GGF15, Boston, October
2005.Three PMAs are the founders of the IGTFThree PMAs agreed with
trust with each other.e.g. CAs accredited by APGrid PMA can be
trusted by EUGrid PMA and TAGPMA.Information (CA certificate,
policy file, etc.) of Asia Pacific CAs accredited by APGrid PMA has
been included a CA distribution package released by EUGrid PMA.
-
Distribution of CA informationPeriodic, monthly, distribution of
all trust anchorsCommon for the entire IGTFIncludes all trust
anchors for all profiles classic, SLCS, experimental*, Does not
distinguished between accrediting PMAsWide variety of formatsRedHat
Package Management (RPM) system including a meta package with
dependencies per profiletar archives per CA, ordered per
profileInstallation bundle suitable for ./configure && make
installNew formats (like JKS) on requestChairs can update the
common back-end repository
-
Summary of the APGrid PMA and the IGTF
