terena server certificate service
play

TERENA Server Certificate Service Towards the large-scale use of - PowerPoint PPT Presentation

Sep 24, 2022 •563 likes •673 views

TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European Research & Educational community Jan Meijer Amsterdam, 24 Januari 2006 High-quality I nternet for higher education

  1. TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European Research & Educational community Jan Meijer Amsterdam, 24 Januari 2006 High-quality I nternet for higher education and research

  2. .EU NRENs did som ething cool Just contracted a service to deliver server certificates • popup free • flat rate • unlimited number • to the European NREN community price is under NDA but...worth our while High-quality I nternet for higher education and research

  3. high quality service • Re-use existing RA organisation • Certificate profile flexibility (Grids!) • Option for fully electronic RA procedures • Option for easy server certificate delivery • NREN-specific branding! • When that time comes: in the high assurance server certificate market High-quality I nternet for higher education and research

  4. Service organisation • TERENA contracts with supplier • NRENs contract with TERENA (liability!) • NRENs are ‘delegated RA’ for the supplier • TERENA appoints delegated RAs • NRENs are responsible for delivering RA services and technical support High-quality I nternet for higher education and research

  5. So how , w hy? • Project started in june 2004 • European NREN PKIs around for ~ 7 years • Real certificate use limited: – webservers (popup-free and popup) – Grids (closed community) • Anticipated growth in need: – AAI middleware services – Web-based ‘stuff’ (mail, e-learning, webservices etc.) – VPN, email High-quality I nternet for higher education and research

  6. Servicing anticipated need • Community is interested in server certificates • Use is limited by: – popup problem (NREN PKI) or – cost (commercial CA) • So solve either of these problems and the need can be serviced ☺ High-quality I nternet for higher education and research

  7. Solution 1 : solve popup-problem • Cost good (is it?) • Popup problem bad – Fix by getting root certificate in root repositories – Requires webtrust audit – Expensive for an individual NREN PKI (~ 25.000 first time, annual ~ 25.000 for the audits, plus all the costs to do things exactly according to guidelines) - -> CA hierarchy adds to cost! • Is running our own CA that interesting? • Own CA for smaller communities: same problem High-quality I nternet for higher education and research

  8. Solution # 2 : Solve cost problem • Try to contract a CA already in the browser • To issue server certificates against NREN conditions – flexible certificate profiles – tailored RA procedures – no per-certificate payment High-quality I nternet for higher education and research

  9. W ent for option # 2 , together • 8 NRENs + TERENA combined forces (proposal launched feb. 2005) • Investigated market • Investigated EU tender guidelines • Ran a light-weight tender (start Sep 2005) • Signed a contract (Jan 2006) High-quality I nternet for higher education and research

  10. CSI RT benefit? it w ill m ake it lam e not to use SSL/ TLS channels w ithin the European NREN com m unity Thank you. TERENA (.eu), ACOnet (.at), CARnet (.hr), CESnet (.cz), UNI-C (.dk), RedIRIS (.es), RENATER (.fr), SURFnet (Netherlands), SWITCH (.ch) High-quality I nternet for higher education and research

Recommend

TERENA Certificate Service Milan Sova CESNET Agenda History TCS Structure Procedures

TERENA Certificate Service Milan Sova CESNET Agenda History TCS Structure Procedures

TERENA Certificate Service Milan Sova CESNET Agenda History TCS Structure Procedures Conclusions History pop-up free server certificates History: SCS TERENA Server Certificate Service summer 2004: first idea

176 views • 17 slides
TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but

TERENA Certificate Service (TCS) 9 June 2011 Background Many NRENs had set-up a CA, but certificates issued were not trusted by web browsers (the pop-up problem). Purchasing certificates directly from commercial CAs is expensive

295 views • 11 slides
TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop

GLIF Tech Winter meeting Hong-Kong, China 24 February, 2011 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop End to End (E2E) Provisioning Workshop series About

587 views • 25 slides
Certificate Retrieval from OpenLDAP The X.509 attribute Parsing Server (XPS)

Certificate Retrieval from OpenLDAP The X.509 attribute Parsing Server (XPS)

Certificate Retrieval from OpenLDAP The X.509 attribute Parsing Server (XPS) d.w.chadwick@salford.ac.uk The Problem PKI clients cannot search for specific X.509 attributes stored in LDAP directories, e.g. Find the encryption PKC for

667 views • 23 slides
TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA

TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA

15 February, 2011 Ljubljana, Slovenia Peter Szegedi, PDO szegedi@terena org szegedi@terena.org www.terena.org TF NOC TF-NOC About TERENA TERENA offers a forum to collaborate innovate and TERENA offers a forum to collaborate,

292 views • 17 slides
TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been

TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been

TF-Storage meeting 26-27 September 2012 Dubrovnik, Croatia Peter Szegedi Project Development Officer szegedi@terena.org www.terena.org TERENA Trusted Cloud Drive pilot STATUS UPDATE Motivations Since 2 0 1 0 , TERENA has been actively

545 views • 21 slides
Applications and Services Motivations, history 1 t E2E W 1st E2E Workshop in 2008 k h i 2008

Applications and Services Motivations, history 1 t E2E W 1st E2E Workshop in 2008 k h i 2008

3rd E2E Provisioning Workshop Prague, Czech Republic 29-30 November, 2010 Peter Szegedi, PDO szegedi@terena.org www terena org www.terena.org TERENA TERENA End-to-End (E2E) Provisioning Workshop series 3rd workshop on Applications and

540 views • 15 slides
A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13,

A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13,

Testbeds as a Service Building Future Networks A view into a new GN3Plus Service Jerry Sobieski (NORDUnet) TERENA Architecture Workshop Nov 13, 2013 From Innovation to Infrastructure Network Innovation requires testing to prove out...

360 views • 24 slides
2 3 4 Service Server Client Server ConnecOon Recovered!

2 3 4 Service Server Client Server ConnecOon Recovered!

PresentedatDSNDCCS2011inHongKongon6/28/11 TRODS TransparentRecoveryfor ObjectDeliveryServices Wya$Lloyd ,MichaelJ.Freedman PrincetonUniversity 2 3 4 Service

393 views • 36 slides
May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius

May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius

May 9, 2019 SWAC Meeting Transfer of Sanitary Service Certificate No. 2 from Cornelius Disposal Service, Inc. to Evergreen Disposal & Recycling, Inc. Theresa Koppang Solid Waste Management Supervisor May 9, 2019 Certificate Transfer

178 views • 7 slides
Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor

Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor

Network as a Service principle virtual CPE as a Service TERENA Network Architects Workshop Victor Reijs, HEAnet victor.reijs@heanet.ie 22 November 2012 1 Agenda Clouds and XaaS services... OpenFlow, SDN and NaaS... Why Network as a

462 views • 23 slides
TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL

TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL

TCS (eScience) Personal CA Milan Sova Context TCS: TERENA SSL CA TERENA eScience SSL CA TERENA Personal CA TERENA eScience Personal CA TERENA Code Signing CA Concept CA as SAML SP RAs as SAML IdPs

814 views • 10 slides
Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop

Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop

Introduction to eduCONF Service Rui Ribeiro (FCCN) GN3 eduCONF - TERENA NRENum.net Joint Workshop Amsterdam 18 th March 2013 connect communicate collaborate Videoconference Tipical Situation I need to setup a VC meeting! What is the IP

756 views • 10 slides
Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service

Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service

Vermont Public Service Board Certificate of Public Good Review Process Vermont Public Service Department Aaron Kisicki May 28, 2015 NDCAP Meeting 10 V.S.A. 6522 Entergy must receive 248 CPG for ISFSI PSB findings: Adequate

469 views • 4 slides
Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus

Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus

Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus Sjstrm, Linkping University Josef Gustafsson, Linkping University Niklas Carlsson, Linkping University Proc. PAM , Berlin, Germany, Mar. 2018

1.11k views • 72 slides
EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids

EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids

Enabling Grids for E-sciencE EGEE II - Network Service Level Agreement (SLA) Implementation 4th TERENA NRENs and Grids Workshop - AMSTERDAM, 2006-12-06 Vassiliki Pouli (GRNET/NTUA) www.eu-egee.org EGEE-II INFSO-RI-031688 Outline Enabling

407 views • 14 slides
9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio

9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio

TERENA EuroCAMP Workshops Cork, Ireland 18-19 May 2009 Peter Szegedi PDO szegedi@terena.org www.terena.org 9 th EuroCAMP EuroCAMP at TERENA Secretariat Licia Florio florio@terena.org Peter Szegedi

204 views • 6 slides
The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects Raymond Bourges

The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects Raymond Bourges

The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects Raymond Bourges TERENA EuroCAMP 14 - 15 November 2007 Dubrovnik, Croatia Shibboleth-enabled WebDAV server 1) Context Demo (if it works) 2) Protocols

627 views • 40 slides
Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net

Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net

Preliminary Results Rui Ribeiro (FCCN) / Peter Szegedi (TERENA) GN3 eduCONF - TERENA NRENum.net Joint Workshop Amsterdam 18 th March 2013 connect communicate collaborate Objectives Identify a set of policies recommendations that can

400 views • 16 slides
Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February

Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February

Research & Education and Cloud Industry Partnership in Europe Proposal for an EC funded project by TERENA TF-Storage core Peter Szegedi TERENA 20 February 2012 About TF-Storage A Task Force is established under the auspices of the

400 views • 15 slides
Ethernet OAM Victor Olifer (JANET/GEANT JRA1 Task 1) JRA1/TERENA workshop, Copenhagen, 20

Ethernet OAM Victor Olifer (JANET/GEANT JRA1 Task 1) JRA1/TERENA workshop, Copenhagen, 20

Ethernet OAM Victor Olifer (JANET/GEANT JRA1 Task 1) JRA1/TERENA workshop, Copenhagen, 20 November 2012 connect communicate collaborate 1 Agenda Ethernet Service Assurance & Monitoring overview Monitoring standards Service

564 views • 28 slides
Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR Fintech Index is a long-only, USD-based, actively managed total return index. The pace of innovation in financial technology (Fintech) has been

616 views • 26 slides
OVERVIEW OF CERTIFICATE OF NEED Health Service Facilities Regulated by the CON Law [N.C.G.S.

OVERVIEW OF CERTIFICATE OF NEED Health Service Facilities Regulated by the CON Law [N.C.G.S.

NC Division of Facility Services OVERVIEW OF CERTIFICATE OF NEED Health Service Facilities Regulated by the CON Law [N.C.G.S. 131E-176(9b)] Acute Care Hospitals. [N.C.G.S. 131E-176(13)] 1. Inpatient Psychiatric Hospitals. [N.C.G.S.

447 views • 12 slides
Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson Lifecycle of a typical WebPKI certfcate www.liu.se Certificate Certificate Authority Server 1. Issuance www.liu.se Hello 2. Use Certificate

377 views • 10 slides

More recommend