1 / 5

European Grid Policy Management Authority

European Grid Policy Management Authority. Coverage of the EUGridPMA. Green: Countries with an accredited CA 23 of 25 EU member states (all except LU, MT) + AM, CH, IL, IS, NO, PK, RU, TR, “SEE-catch-all” Other Accredited CAs: DoEGrids (.us) GridCanada (.ca) CERN.

tia
Télécharger la présentation

European Grid Policy Management Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. European Grid Policy Management Authority

  2. Coverage of the EUGridPMA Green: Countries with an accredited CA • 23 of 25 EU member states (all except LU, MT) • + AM, CH, IL, IS, NO, PK, RU, TR, “SEE-catch-all” Other Accredited CAs: • DoEGrids (.us) • GridCanada (.ca) • CERN * Migrated to APGridPMA per Oct 5th, 2005 find-your-CA clickable map at http://www.eugridpma.org/members/worldmap/

  3. Web News • OID Registry for the IGTF on the webhttp://www.eugridpma.org/objectid/ • Find-Your-CA clickable maphttp://www.eugridpma.org/members/worldmap/ • Subject Locatorhttp://www.eugridpma.org/showca • Member statushttp://www.eugridpma.org/members/members-full • CA statushttp://signet-ca.ijs.si/nagios/ (user guest:guest) • Wikihttps://grid.ie/eugridpma/wiki/ (register with David OC)

  4. Classic AP Proposed Changes • CRL distribution point: now states that http must be in the EE certificate. It would be good to allow other URIs, as long as the CA in addition continues to provide an http URI for use by the "fetch-crl" mechanism • Revocation by users: put a timeline of requests for revocation by the user. Now the obligation to report is there, but no deadline assigned to it • Rekeying (instead of renewal) should be required in the MR (for software tokens only?) • The "RA involvement" in the renewal/rekey process must be mentioned in the MR, as it is currently only in some obscure minutes from an old CACG meeting • Face-to-face requirement: it "SHOULD be face to face, and if not, the CA MUST prove how its own process is roughly equivalent to a F2F".

  5. Some Current Issues • Certificate profile • several ‘odd’ attributes are causing problems with popular middleware • started page on the Wiki, should result in a GGF doc again • Format and distribution • some ‘coordinated deployment’ projects like EGEE have trouble in pushing new releases • CSR delivery • better linking the identity vetting to the CSR delivery to RA/CA • CA monitoring • still a large number of ‘almost expiring’ CRLs

More Related