Updates of the APGrid PMA - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Updates of the APGrid PMA

Description:

National Institute of Advanced Industrial Science and Technology. Updates of the APGrid PMA ... Gongxing Sun, Gang Chen, Fan HuaXiang. Issues certificates for ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 15
Provided by: yos44
Category:

less

Transcript and Presenter's Notes

Title: Updates of the APGrid PMA


1
Updates of the APGrid PMA
  • Yoshio Tanaka
  • APGrid PMA, Chair
  • Grid Technology Research Center,
  • AIST, Japan

2
APGridPMA Members
Affiliation Name Production CA Experimental CA
AIST / Japan Yoshio Tanaka in operation in operation (limited use)
ASCC / Taiwan Eric Yen in operation none
KISTI / Korea Sangwan Kim in operation none
CNIC/SDG / China Kai Nan under review in operation
IHEP / China Gonxing Sun in operation none
APAC/Australia David Bannon in operation will close
NAREGI/Japan Masataka Kanamori in operation closed
NCHC / Taiwan Tsung-Ying Wu accredited in operation (limited use)
SDSC(PRAGMA) / USA Mason Katz planning planning
NECTEC / Thailand Sornthep Vannarat Planning in operation
NGO / Singapore Jon Lau under review none
KEK / Japan Takashi Sasaki in operation will close
HKU / HongKong Chen Lin, Elaine no plan in operation
U of Hyd / India Arun Agarwal no plan in operation
USM / Malaysia Boon Yaik no plan in operation
Osaka U / Japan Susumu Date planning in operation
3
Geographical locations (except US and AU)
4
APGrid CAs (accredited, 1/3)
  • Australia
  • APACGrid CA
  • Accredited in Nov. 2005
  • Started the operation in Feb. 2006
  • Audited in March 2006
  • David Bannon, Graham Jenkins, Chris Kendrick
  • Issues certificates for LCG
  • China
  • IHEP CA
  • Accredited in May 2005 (already in operation)
  • Audited in December 2005
  • profile of the root cert. has been changed
  • Gongxing Sun, Gang Chen, Fan HuaXiang
  • Issues certificates for LCG
  • CNIC / SDG CA
  • Accredited in Dec. 2005.
  • Not yet in operation
  • Going to launch a new CA
  • hierarchical CA

5
APGrid CAs (accredited, 2/3)
  • Japan
  • AIST GRID CA
  • Accredited in Sep. 2004
  • Started the operation in March 2005
  • Audited in March 2005
  • Yoshio Tanaka, 5 staffs
  • NAREGI CA
  • Accredited in Nov. 2005
  • Started the operation in Feb. 2006
  • Not yet audited
  • Masataka Kanamori, 4 staffs
  • KEK Grid CA
  • Accredited in Jan. 2006
  • Started the operation in Feb. 2006
  • Not yet audited
  • Takashi Sasaki, 23 staffs
  • Issues certificates for LCG

6
APGrid CAs (accredited, 3/3)
  • Korea
  • KISTI GRID CA
  • Accredited in Aug. 2004. (already in operation)
  • Not yet audited
  • Sangwan Kim, Jae-hyuck Kwak
  • Issues certificates for LCG
  • Taiwan
  • ASGCC CA
  • Operated by Academia Sinica Grid Computing Center
  • Accredited in Sep. 2004. (already in operation)
  • Audited in Aug. 2005
  • Eric Yen, C.C. Chang, 12 operators
  • Issues certificates for LCG
  • NCHC Grid CA
  • Operated by National Cener for High-performance
    Computing
  • Accredited in Feb. 2006
  • Not yet in operation
  • Alex Wu, Weicheng Huang, 12 operators

7
APGrid CAs (under review, planned)
  • Singapore
  • NGO CA
  • will be operated by National Grid Office and
    Netrust Inc.
  • CP/CPS under review
  • will issue certificates for LCG
  • Thailand
  • NECTEC CA
  • will be operated by National Electronics and
    Computer Technology Center
  • drafting CP/CPS
  • Thai National Grid Center (will be accredited as
    a new member)
  • will be operated by Thai National Grid Center
  • drafting CP/CPS
  • USA
  • PRAGMA CA
  • will be operated by SDSC
  • planning to be a catch-all CA for PRAGMA members
  • drafting CP/CPS

8
APGrid CAs (general membership)
  • China
  • Univ. of Hong Kong
  • India
  • Univ. of Hyderabad
  • Japan
  • Osaka Univ.
  • Malaysia
  • Univ. Sains Malaysia

9
APGridPMA Status Activities
  • Accreditation of CAs
  • 9 accredited CAs
  • AIST, APAC, ASGCC, CNIC, IHEP, KEK, KISTI,
    NAREGI, NCHC
  • 7 CAs are in operation
  • CNIC/SDG will change the structure and will be
    re-accredited
  • Audit
  • AIST, APAC, ASGCC, IHEP have been audited by the
    other CAs.
  • Regular (monthly) VTC.
  • Brief status reports of each CA
  • In-depth report of a CA
  • Decisions
  • Examination for accreditation of a CA
  • Approval of charter, minimum CA requirements,
    etc.
  • Open discussions
  • (physical) face-to-face meeting (at least) once
    per year.
  • 1st face-to-face meeting was in Dec. 2005,
    Beijing.
  • 2nd meeting will be in Oct. 15, 2006, Osaka,
    Japan.

10
Some Updates
  • Next chair
  • Yoshio Tanaka (continue)
  • CA Monitoring page using Nagios
  • http//www.apgridpma.org/nagios/
  • Shows status of all IGTF-accredited CAs
  • Modified script (read configuration from .info
    file)
  • Next F2F meeting
  • October 15, Osaka, Japan (co-located with PRAGMA
    Workshop)

11
Some Updates (contd)
  • Issues to be discussed
  • Accreditation of NGO/Netrust CA
  • Some information are confidential
  • Too short validity period of CRL
  • Netrust CA agreed with disclosing audit report to
    the APGrid PMA auditors
  • Accreditation of CNIC/SDG CA
  • hierarchical CA
  • IGTF CA distribution from the APGrid PMA
  • Will need to limit the number of CAs per region
  • Japanese universities will build UPKI
  • China has some national/international Grid
    project
  • Need to consider hierarchical structure of PMAs

12
Proposed audit items
  • NAREGI PKI WG has subjectively selected criteria
    for auditing Grid CAs.
  • based on
  • AICPA/CICA WebTrustSM/TM Program for
    Certification Authority
  • minimum CA requirements of APGrid PMA and EUGrid
    PMA
  • Web Trust
  • WebTrust is a seal awarded to web sites that
    consistently adhere to certain business standards
    established by the Canadian Institute of
    Chartered Accountants (CICA.ca) and the American
    Institute of Certified Public Accountants
    (AICPA).
  • In the program, Web Trust Principles and
    Criteria for Certification Authorities lists
    criteria for CAs.
  • may too much for Grid CAs.

13
Audit checklist
  • Simply pickup items from WebTrustSM/TM criteria
    based on minimum CA requirements.
  • The number of criteria

WebTrustSM/TM Check List
Principle 1 45 13
Principle 2 188 14
Principle 3 165 7
Others 4
14
Rough procedures for auditing
  • Pre examination (few days)
  • Review all available documents
  • CP/CPS, Users manual, Operational manual, CRL,
    CA Certificate, etc.
  • Prepare score sheet
  • Main examination (half day)
  • Interview to CA staffs
  • Detailed flow of identifying end entities and
    issuing certificates
  • How accesses to the CA private key is controlled
  • Inspection of equipments
  • CA server, CA room, backup media, archived logs,
    a safe box, etc.
  • Post examination (half day)
  • Draft and send an audit report
  • The audited CA is requested to send a report on
    plans for the improvements in 1 week
Write a Comment
User Comments (0)
About PowerShow.com