NorduGrid CA Transition and Terena Certificate Service Overview

nordugrid ca and transition n.w
1 / 9
Embed
Share

Discover the transition from NorduGrid CA to Terena Certificate Service, challenges faced in adoption, discussions on its sufficiency, current certificate status, transition actions, and namespace preservation for legacy certificates within Nordic academia.

  • NorduGrid
  • Transition
  • Certificate Service
  • Nordic Academia
  • Authentication
rayaanacharya
matt_903 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. NorduGrid CA and transition? NorduGrid CA is the e-Science CA for Nordic Academia: Denmark, Norway, Sweden and Finland and previously Iceland

  2. Terena Certificate Service The TCS has been adopted by the Nordic NRENs Problems connected IdPs: University of Oslo only came online earlier this year I have been actively pushing sites to adopt TCS Getting institutions to join national federation Also by providing a CA service that could be more friendly I'm practically the only operator (except in case of emergency revocations when I'm away) WLCG community sometimes use CERN CA WLCG is the primary customer PRACE probably second.

  3. NorduGrid CA is dead! Long live Terena Certificate Service! Or so I thought/hoped...

  4. Why TCS is (currently) not enough Discussing with people at NeIC 2015 last week We will not get full TCS connection coverage of Nordic research and educational institutions Anytime soon at least Some commercial institutions work with academia and will not hook up to TCS: Swedish Meteorological and Hydrological Institute NeIC/NordForsk Some NRENs don't provide TCS host certificates for a flat fee for their institutions

  5. Quick status EE must be affiliated with Nordic Academia Current valid certs User certs: 79 Host certs: 109 Users: SE (39%), DK(20%), NO(32%), FI(9%) Hosts: SE (21%), DK(9%), NO(20%), FI(11%), ORG(37%)

  6. Transition actions without dates th Current certificate expire May 15 New key yesterday! Aggressively push more users and sites to TCS When a new CA is in place push remaining valid certs to sign up for the new CA Full review/rewrite of CPS No major operational procedures changes planned A full re-accreditation is needed 2016

  7. Namespace Will preserve the old namespace for legacy certs: /O=Grid/O=NorduGrid In addition to the primary namespace: /dc=org/dc=nordugrid

  8. Plan The current CA MUST not be extended! Planned to copy the setup of the new NIIF CA Tentative plan: Get the new up and running by the Winter PMA meeting Time enough for the expiration of the old CA

  9. Plan - extended Suggested during coffee break Create new keypair / certificate now Temporary fix for the old key Same namespace, procedures, etc. Get end entities to request certificate to be signed with the new key Revoke and expire all current valid certs of the old CA by fall 2015

Related


No related presentations.

More Related Content