Unamgrid
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

UNAMgrid PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on
  • Presentation posted in: General

UNAMgrid . Alejandro Núñez Sandoval [email protected] Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA. UNAMgrid Certificate Authority. UNAM, is the National University of Mexico, UNAM is one of the biggest Universities in Mexico. Student Comunity is more than 265,000 students.

Download Presentation

UNAMgrid

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Unamgrid

UNAMgrid

Alejandro Núñez Sandoval

[email protected]

Rio de Janeiro, Brazil, 03/27/06

F2F meeting, TAGPMA


Unamgrid certificate authority

UNAMgrid Certificate Authority

  • UNAM, is the National University of Mexico, UNAM is one of the biggest Universities in Mexico.

  • Student Comunity is more than 265,000 students.

  • 70% research in Mexico is doing at UNAM.


Unamgrid overview

UNAMgrid Overview

  • Actually the SuperComputing Deparment of UNAM is working on different grid projects, but these don’t include a robust CA (Globus).

  • Focus to UNAMgrid is R&D Community in the National University and around the country.

  • In first phase, the Supercomputing Deparment will be the principal “customer” to UNAMgrid services.


Other ca projects

Other CA projects

  • FEA project, Firma Electrónica Avanzada – Electronic advanced signature -

  • Provide certificates to all Comunity in Nacional University (students, academics, researchs).

  • RSA Solution.

  • UNAM-CERT Participate on this project 2 years ago.

  • Colaborate on the documents, security issues, etc.


Unamgrid today

UNAMgrid Today

Computer Security Deparment

Supercomputing Deparment

UNAMgrid CA


Unamgrid today1

UNAMgrid Today

  • UNAMgrid CA Members:

  • Juan Carlos Guel

  • UNAM-CERT Manager

  • UNAMgridCA Manager

  • Alejandro Nuñez

  • Technical Contact UNAMgrid

  • Israel Becerril

  • Technical Contact UNAMgrid


Unamgrid certificate authority1

UNAMgrid Certificate Authority

  • Services:

    • Management of PKI services

    • Web interface:

      http://www.unamgrid.unam.mx/

    • Information about CA project in UNAMgrid.

    • Information in spanish and english

    • Research in new technologies CA.


Name space

Name Space

  • The certificate subject name is based in X.501 standard.

  • Three types of CN component:

    • People.

    • Hosts.

    • Services.


Name space examples

Name space examples

  • /C=MX/O=UNAMgridCA/O=organization/OU=organizational-unit/CN=subject-name

    • /C=MX/O=UNAMgridCA/O=dgsca/OU=super/CN=Juan Lopez

  • /C=MX/O=UNAMgridCA/O=organization/OU=org-unit/CN=host/host-dns-name

    • /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=host/pki.super.unam.mx

  • /C=MX/O=UNAMGridCA/O=organization/OU=org-unit/CN=service/host-dns-name

    • /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=ftp/ftp.super.unam.mx


Certificate key sizes

Certificate & Key sizes

  • The certificates issued by UNAMgrid CA must not be used for financial transactions.

  • The subscriber key size at least 1024 bits.

  • The UNAMgrid CA key is 2048 bits length.

    • The CA certificate has a validity period of 10 years


Unamgrid ca architecture

UNAMgrid CA Architecture


Unamgrid certificate life cycle

UNAMgrid Certificate Life-cycle

Re-new

Request

Revocation

Expiration


Subscribe requirements

Subscribe requirements

  • Read and adhere to the procedures described in this document.

  • Use certificate for the permitted purposes only.

  • Authorize procedures and conservation of personal data.

  • Generate a key pair (at least 1024bits).

  • Selecting a strong passphrase.

  • Protecting the pass phrase from others.

  • Never sharing the private key with other users.

  • Notify to UNAMgrid CA in case of private key loss or compromise;


Certificate revocation list

Certificate Revocation List

  • The subscriber has ceased to be a member associated from UNAMgrid.

  • Subscriber private key is lost o suspected to be compromised.

  • The private key of the UNAMgrid CA have been compromised or lost.

    • The CRL have a lifetime of 30 days.

    • A new CRL must be published inmediately after its issuance.

    • A new CRL at least 7 days before the expiration date or inmediately after having a revocation.


Unamgrid ca security

UNAMgrid CA Security

  • Physical access – restricted to authorized people.

    • Cameras.

    • Cops.

  • UNAMgrid CA is offline.(probes will be made with our research community)

  • Backup every night except on weekend and holidays.

    • DVD backup.

  • Auditing security process internal.

  • Incident report-procedure


Unamgrid ca status

UNAMgrid CA Status

  • Review in progress

  • Documents CP/CPS TAGPMA Committe.

  • Draft 0.2 issue March 5, 2006

  • Website UNAMgrid.

  • Technical Test with OpenCA.


Unamgrid ca further work

UNAMgrid CA Further work

  • Spanish documents.

  • OpenCA test with our Research community (Mexico)

  • Risk assesment and contigency plans documents in progress.

  • RA test ( 1 Nuclear Science Department)


Thank you

Thank you

Questions?


  • Login