terena certificate service
play

TERENA Certificate Service Milan Sova CESNET Agenda History TCS - PowerPoint PPT Presentation

Mar 15, 2024 •6 likes •176 views

TERENA Certificate Service Milan Sova CESNET Agenda History TCS Structure Procedures Conclusions History pop-up free server certificates History: SCS TERENA Server Certificate Service summer 2004: first idea

  1. TERENA Certificate Service Milan Sova CESNET

  2. Agenda ● History ● TCS Structure ● Procedures ● Conclusions

  3. History “pop-up free server certificates”

  4. History: SCS ● TERENA Server Certificate Service – summer 2004: first idea – Dec 2004: SCS project started – Sep 2005: Call for Proposals – Jan 2006: Contract with GlobalSign (1 year) ● 8 NRENs – March 16 2006: service operational – Jan 2007: Contract prolonged (3 years)

  5. History: SCS -> TCS ● Sep 2008: new Call for Proposals ● Apr 2009: Contract with Comodo CA Ltd. – server, personal, object signing certificates => TCS (TERENA Certificate Service) ● Jul 2009: TERENA SSL CA operational ● Feb 2009: TERENA eScience Personal CA accredited by EUGridPMA, operational ● Feb 2009: TERENA Personal CA operational

  6. TCS “PKI that works”

  7. TCS Characteristics ● 22 NRENs ● flat fee – unlimited number of certificates ● 5 CAs operated by Comodo – including CRL, OCSP – access via HTTP API – implicitly trusted by major OSs and software ● RA roles and issuance managed by NRENs – except for object signing

  8. Legal Structure ● Contract TERENA – Comodo ● Contracts TERENA – NRENs ● Contracts NREN – member organizations – all referring CPS ● 3 CPs – Server & Object Signing ● including eScience Server – Personal – eScience Personal

  9. TCS CAs ● TERENA SSL CA ● TERENA eScience SSL CA ● TERENA Personal CA* ● TERENA eScience Personal CA* ● TERENA Code Signing CA* * optional (surcharge)

  10. TCS Certificate Chain (AddTrust External CA Root) UTN-USERFirst-Hardware UTN-USERFirst-Object UTN-USERFirst-Client Authentication and Email TCS TCS TCS TCS TCS SSL eScience SSL eScience Personal Personal Object Signing End Entity End Entity End Entity End Entity End Entity End Entity End Entity End Entity End Entity End Entity

  11. Procedures “solid and usable”

  12. Procedures: Server ● NREN – web portal – register of organizations ● administrators ● DNS zones

  13. Procedures: Server ● server admin requests a certificate – DNS names ● checked by the portal against the register – public key (PKCS#10) ● organization admin – checks DNS – requester relation – approves

  14. Procedures: Personal ● “self-service” certificate issuance ● federated portal – front-end to TCS CA ● organizations – Identity Providers – identity checked using official ID – account management – attributes release

  15. Attributes ● eduPersonEntitlement – authorization & eligibility ● uniqueID – traceability, naming conflicts ● commonName ● email

  16. Conclusions ● cost-effective ● implicitly trusted by common software ● SSL server authentication ● S/MIME, user authentication ● grid user authentication – grid SSL server accreditation pending ● easy to use

Recommend

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the pop-up problem). Purchasing certificates directly from commercial CAs is expensive

295 views • 11 slides
TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server

TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server

TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European Research & Educational community Jan Meijer Amsterdam, 24 Januari 2006 High-quality I nternet for higher education

673 views • 10 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA

TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA

15 February, 2011 Ljubljana, Slovenia Peter Szegedi, PDO szegedi@terena org szegedi@terena.org www.terena.org TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA offers a forum to collaborate,

292 views • 17 slides
TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been

TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been

TF-Storage meeting 26-27 September 2012 Dubrovnik, Croatia Peter Szegedi Project Development Officer szegedi@terena.org www.terena.org TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been actively

545 views • 21 slides
Applications and Services Motivations, history 1 t E2E W 1st E2E Workshop in 2008 k h i 2008

Applications and Services Motivations, history 1 t E2E W 1st E2E Workshop in 2008 k h i 2008

3rd E2E Provisioning Workshop Prague, Czech Republic 29-30 November, 2010 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop series 3rd workshop on Applications and

540 views • 15 slides
A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13,

A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13,

Testbeds as a Service Building Future Networks A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13, 2013 From Innovation to Infrastructure Network Innovation requires testing to prove out...

360 views • 24 slides
May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius

May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius

May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius Disposal Service, Inc. to Evergreen Disposal & Recycling, Inc. Theresa Koppang Solid Waste Management Supervisor May 9, 2019 Certificate Transfer

178 views • 7 slides
Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor

Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor

Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor Reijs, HEAnet victor.reijs@heanet.ie 22 November 2012 1 Agenda Clouds and XaaS services... OpenFlow, SDN and NaaS... Why Network as a

462 views • 23 slides
TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL

TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL

TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL CA TERENA Personal CA TERENA eScience Personal CA TERENA Code Signing CA Concept CA as SAML SP RAs as SAML IdPs

814 views • 10 slides
Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop

Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop

Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop Amsterdam 18 th March 2013 connect communicate collaborate Videoconference Tipical Situation I need to setup a VC meeting! What is the IP

756 views • 10 slides
Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service

Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service

Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service Department Aaron Kisicki May 28, 2015 NDCAP Meeting 10 V.S.A. 6522 Entergy must receive 248 CPG for ISFSI PSB findings: Adequate

469 views • 4 slides
EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids

EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids

Enabling Grids for E-sciencE EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids Workshop - AMSTERDAM, 2006-12-06 Vassiliki Pouli (GRNET/NTUA) www.eu-egee.org EGEE-II INFSO-RI-031688 Outline Enabling

407 views • 14 slides
9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio

9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio

TERENA EuroCAMP Workshops Cork, Ireland 18-19 May 2009 Peter Szegedi PDO szegedi@terena.org www.terena.org 9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio florio@terena.org Peter Szegedi

204 views • 6 slides
Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net

Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net

Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net Joint Workshop Amsterdam 18 th March 2013 connect communicate collaborate Objectives Identify a set of policies recommendations that can

400 views • 16 slides
Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February

Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February

Research & Education and Cloud Industry Partnership in Europe Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February 2012 About TF-Storage A Task Force is established under the auspices of the

400 views • 15 slides
Ethernet OAM Victor Olifer (JANET/GEANT JRA1 Task 1) JRA1/TERENA workshop, Copenhagen, 20

Ethernet OAM Victor Olifer (JANET/GEANT JRA1 Task 1) JRA1/TERENA workshop, Copenhagen, 20

Ethernet OAM Victor Olifer (JANET/GEANT JRA1 Task 1) JRA1/TERENA workshop, Copenhagen, 20 November 2012 connect communicate collaborate 1 Agenda Ethernet Service Assurance & Monitoring overview Monitoring standards Service

564 views • 28 slides
Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR Fintech Index is a long-only, USD-based, actively managed total return index. The pace of innovation in financial technology (Fintech) has been

616 views • 26 slides
OVERVIEW OF CERTIFICATE OF NEED Health Service Facilities Regulated by the CON Law [N.C.G.S.

OVERVIEW OF CERTIFICATE OF NEED Health Service Facilities Regulated by the CON Law [N.C.G.S.

NC Division of Facility Services OVERVIEW OF CERTIFICATE OF NEED Health Service Facilities Regulated by the CON Law [N.C.G.S. 131E-176(9b)] Acute Care Hospitals. [N.C.G.S. 131E-176(13)] 1. Inpatient Psychiatric Hospitals. [N.C.G.S.

447 views • 12 slides
Update on the TERENA Compendium, 2003 A talk about comparing apples with oranges in the NREN

Update on the TERENA Compendium, 2003 A talk about comparing apples with oranges in the NREN

Update on the TERENA Compendium, 2003 A talk about comparing apples with oranges in the NREN world TNC/CUC 2003, Session 7b4 Bert van Pinxteren, TERENA http://www.terena.nl/compendium Compendium: product of the COM-REN project A

602 views • 31 slides
NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No. 2426-CPR-105 NEO is an innovative Public Address and Voice Alarm system that allows an easy audio installation with just one piece of equipment.

326 views • 7 slides
1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

4/3/2015 New Plastic Pilot Certificate So, Where Do I Start? What we will cover today Your old paper certificate is no longer valid. What it takes to be PIC again Google Search: Replacement of Airmen Certificate What has

485 views • 35 slides
Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety certification program National standard supported by the Canadian Federation of Construction Safety Association (CFCSA) Aimed at driving

320 views • 10 slides
EC project calls & funding available for storgae projects Peter Szegedi TERENA TERENA

EC project calls & funding available for storgae projects Peter Szegedi TERENA TERENA

EC project calls & funding available for storgae projects Peter Szegedi TERENA TERENA Background Background I have consulted with several colleagues and I have consulted with several colleagues and none of us was aware of the existence

410 views • 10 slides

More recommend