1 / 8

ESnet PKI

The ESnet Public Key Infrastructure (PKI) project for the DOE Science Grid commenced in October 2001 with a focus on immediate deployment and real-world user requirements. Key milestones included the activation of the DOESG Subordinate Root CA in November 2001 and the issuance of "Hand Minted" certificates by January 2002. The first authenticated transatlantic transactions took place in February 2002, marking significant progress in global grid security and community collaboration across international projects. The architecture's acceptance has paved the way for a unified approach among various research institutions.

chelsa
Télécharger la présentation

ESnet PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ESnet PKI Developed for the DOE Science Grid and SciDAC

  2. Time line of Project • October 2001 Project Approved • Deployment Milestone – predates approval • October ESnet Support team builds out 3 emergency servers for Project • Quick survey of Potential user requirements • No R&D could be done Deployment was needed immediately • DOESG Subordinate Root CA on line November 2001 • January 15, 2002 start issuing “Hand Minted” certificates to initial users • February - First authenticated transatlantic transactions using DOESG certificates

  3. PKI achievements • Policy Management Authority • Initial PMA, currently 14 members. • Membership consists of RA agents and Project leads. • DOESG Virtual Organizations and Sites supported • PPDG Doug Olsen (LBL), Ruth Pordes (FNAL) • NFC Mary Thompson (LBL) • PNNL Scott Studham • ORNL Kasidit Chanchio • ANL John Volmer • NERSC Steve Lau, Steve Chan • PPDG setting the pace • First Registration Authority Agent • First Trans Atlantic use of certificates with European Data Grid member • European Data Grid • Broad acceptance by their PKI working group • Actively working with them on: PKI requirements, Certificate Policies and Directory

  4. PKI achievements 2 • Community acceptance of Architecture • Single Certificate Policy • Global Certificate Authority • Distributed Registration Managers • Iplanet CMS was correct choice for our community. • Other International efforts • Grid Forum Security and Information services WGs. • Our experience is refining the Globus’ Grid Security Infrastructure implementation.

  5. European Data Grid Efforts • DataGrid project funded by EU • Next Generation Computing infrastructure… • Test Beds are under Work Package 6 • Test Bed 2 scheduled for summer • DataGrid CA managers • CERN, Czech Republic, France, Ireland, Italy, Netherlands, Nordic countries, Portugal, Russia, Spain, UK, and now DOESG

  6. Architecture for 5/15/02 deployment ESnet Root CA Shadow Dir Public CM Public Dir Dev CM Dev Dir ? Community RM NERSC RM PPNL RM Shadow CA Dev RM Production Servers Development Servers CM: Certificate Manager RM: Registration Manager Dir: LDAP based Directory

  7. ESnet’s PKI Server security

  8. Secure cabinets - NTSG design • Monitoring • Cabinet Status, • Cabinet Access • Power conditions • Environmental • NOC reporting 7/24 • Access monitoring • User pin codes • Event times • Web based management • Relational DB logging and audit trail.

More Related