1 / 14

Public Key Activities in the Spanish Academic Network

Public Key Activities in the Spanish Academic Network. PKI-COORD (PKI Coordination for Europe) December 6, 2000. Amsterdam. Outline. IRIS-PCA Objectives and Characteristics Hierarchy Policy Procedures Links PKCS#11 Library PAPI Architecture Status Goals. IRIS-PCA : Objectives.

ebony
Download Presentation

Public Key Activities in the Spanish Academic Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Activities in the Spanish Academic Network PKI-COORD (PKI Coordination for Europe) December 6, 2000. Amsterdam

  2. Outline • IRIS-PCA • Objectives and Characteristics • Hierarchy • Policy • Procedures • Links • PKCS#11 Library • PAPI • Architecture • Status • Goals

  3. IRIS-PCA: Objectives • Explore PK technologies • Establish a hierarchical certification structure in the Spanish Research and Academic Network (RedIRIS constituency) • Establish a common certification framework • Share applications and experiencies between the members of the community • Promote the use of open-source software

  4. IRIS-PCA: The Begginings • PKI activities were started at the end of 1997  GTI-PCA Working Group • 7th WG meeting in November 2000 • IRIS-PCA is in production • Started November 2000 • Two organizations certified • Nine organizations working on their own PKI (candidates to be incorporated)

  5. IRIS-PCA: Characteristics • Scope:Root CAs of organizations under our constituency (Research and Acedmic institutions) • X509 v3 certificate format • RedIRIS operates the root CA • Software: openssl • On dedicated, securified, off-line Linux box • Certificates available through HTTP (plus LDAP in the next future) • Each organization is free to establish its own CA and RA structure, CP and CPS • At least as restrictive as the IRIS-PCA CP

  6. Server certificate Server certificate User certificate User certificate Other certificates Other certificates IRIS-PCA: Hierarchy IRIS-PCA Org-RootCA Org-SubCA

  7. IRIS-PCA: Policy • http://www.rediris.es/cert/iris-pca/docs/politica.html (only Spanish version available) • At the moment, no CP/CPS full compliance to standards (RFC 2527) • Chapters on: • IRIS-PCA identity • Scope • Certification tree • Use of the RAs • Security and privacy requirements • Policiy and procedures for certificates • Policy and procedures for revocations • Validity of the certificates • Naming conventions • CRL and certificate management • Obligations and responsibilities

  8. IRIS-PCA: Procedures • The candidate organization sends • By e-mail (iris-pca@rediris.es) • Certificate request (PKCS#10 or self-signed certificate formats) • By certified postal mail • Certification policy • Request document and legal agreement • Formal appointment to the technical contact • RA@RedIRIS replies • By e-mail (to the organization technical contact) • CA certificate (PEM format), also published byHTTP • By certified postal mail • Secret code for revocation

  9. IRIS-PCA: Links • IRIS-PCA Pilot http://www.rediris.es/cert/proyectos/iris-pca/index.en.html • GTI-PCA Working Group http://www.rediris.es/cert/iris-pca/gti-pca/ • Mailing list GTI-PCA@listserv.rediris.es http://www.rediris.es/list/info/gti-pca.es.html • iris-pca@rediris.es

  10. PKCS#11 Library • Developed by the University of Murcia for their internal PKI project • Open to different formats and sizes of smart-cards • Available for Unix/Linux and Windows • Thoroughly tested in an operational environment • About 10,000 users • Acces control, clock-in, facility reservation,... • The aim of RedIRIS is to distribute the library under GPL • Negotiation is ongoing • Configuration procedures and documentation necessary

  11. PAPI • Was initiated to solve the problems derived from access control based on IP-address filters • Its main objective is the provision of controlled access to information services with • A simple and transparent user interface • Maximum flexibility for • Clients (universities and other centers inside the RedIRIS network) • Information providers • User ubiquity • User privacy with respect to content providers • Started with the collaboration of content providers and client organizations • Liaisons with other academic networks

  12. PAPI: Architecture

  13. PAPI: Status • Functioning prototype • Based on Apache mod_perl and virtual servers • Running from October • http://www.rediris.es/app/papi/ • First real environment testbed available on mid-December • Access to digital library services at a major university in Southern Spain • About 300 initial users • 70,000 potential users • Successful initial tests

  14. PAPI: Short- and mid-term goals • Optimization of system modules based on performance measurements and user feedback • Management facilities • Implementation of a set of basic authentication hooks (user- and group-based) • Installation procedures and documentation set: dissemination • PAPI-on-a-box • Harmonization (standardization?) with similar projects • Essential to effectively involve content providers

More Related