Unamgrid
Download
1 / 18

UNAMgrid - PowerPoint PPT Presentation


  • 133 Views
  • Uploaded on

UNAMgrid . Alejandro Núñez Sandoval [email protected] Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA. UNAMgrid Certificate Authority. UNAM, is the National University of Mexico, UNAM is one of the biggest Universities in Mexico. Student Comunity is more than 265,000 students.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'UNAMgrid' - yair


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Unamgrid

UNAMgrid

Alejandro Núñez Sandoval

[email protected]

Rio de Janeiro, Brazil, 03/27/06

F2F meeting, TAGPMA


Unamgrid certificate authority
UNAMgrid Certificate Authority

  • UNAM, is the National University of Mexico, UNAM is one of the biggest Universities in Mexico.

  • Student Comunity is more than 265,000 students.

  • 70% research in Mexico is doing at UNAM.


Unamgrid overview
UNAMgrid Overview

  • Actually the SuperComputing Deparment of UNAM is working on different grid projects, but these don’t include a robust CA (Globus).

  • Focus to UNAMgrid is R&D Community in the National University and around the country.

  • In first phase, the Supercomputing Deparment will be the principal “customer” to UNAMgrid services.


Other ca projects
Other CA projects

  • FEA project, Firma Electrónica Avanzada – Electronic advanced signature -

  • Provide certificates to all Comunity in Nacional University (students, academics, researchs).

  • RSA Solution.

  • UNAM-CERT Participate on this project 2 years ago.

  • Colaborate on the documents, security issues, etc.


Unamgrid today
UNAMgrid Today

Computer Security Deparment

Supercomputing Deparment

UNAMgrid CA


Unamgrid today1
UNAMgrid Today

  • UNAMgrid CA Members:

  • Juan Carlos Guel

  • UNAM-CERT Manager

  • UNAMgridCA Manager

  • Alejandro Nuñez

  • Technical Contact UNAMgrid

  • Israel Becerril

  • Technical Contact UNAMgrid


Unamgrid certificate authority1
UNAMgrid Certificate Authority

  • Services:

    • Management of PKI services

    • Web interface:

      http://www.unamgrid.unam.mx/

    • Information about CA project in UNAMgrid.

    • Information in spanish and english

    • Research in new technologies CA.


Name space
Name Space

  • The certificate subject name is based in X.501 standard.

  • Three types of CN component:

    • People.

    • Hosts.

    • Services.


Name space examples
Name space examples

  • /C=MX/O=UNAMgridCA/O=organization/OU=organizational-unit/CN=subject-name

    • /C=MX/O=UNAMgridCA/O=dgsca/OU=super/CN=Juan Lopez

  • /C=MX/O=UNAMgridCA/O=organization/OU=org-unit/CN=host/host-dns-name

    • /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=host/pki.super.unam.mx

  • /C=MX/O=UNAMGridCA/O=organization/OU=org-unit/CN=service/host-dns-name

    • /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=ftp/ftp.super.unam.mx


Certificate key sizes
Certificate & Key sizes

  • The certificates issued by UNAMgrid CA must not be used for financial transactions.

  • The subscriber key size at least 1024 bits.

  • The UNAMgrid CA key is 2048 bits length.

    • The CA certificate has a validity period of 10 years



Unamgrid certificate life cycle
UNAMgrid Certificate Life-cycle

Re-new

Request

Revocation

Expiration


Subscribe requirements
Subscribe requirements

  • Read and adhere to the procedures described in this document.

  • Use certificate for the permitted purposes only.

  • Authorize procedures and conservation of personal data.

  • Generate a key pair (at least 1024bits).

  • Selecting a strong passphrase.

  • Protecting the pass phrase from others.

  • Never sharing the private key with other users.

  • Notify to UNAMgrid CA in case of private key loss or compromise;


Certificate revocation list
Certificate Revocation List

  • The subscriber has ceased to be a member associated from UNAMgrid.

  • Subscriber private key is lost o suspected to be compromised.

  • The private key of the UNAMgrid CA have been compromised or lost.

    • The CRL have a lifetime of 30 days.

    • A new CRL must be published inmediately after its issuance.

    • A new CRL at least 7 days before the expiration date or inmediately after having a revocation.


Unamgrid ca security
UNAMgrid CA Security

  • Physical access – restricted to authorized people.

    • Cameras.

    • Cops.

  • UNAMgrid CA is offline.(probes will be made with our research community)

  • Backup every night except on weekend and holidays.

    • DVD backup.

  • Auditing security process internal.

  • Incident report-procedure


Unamgrid ca status
UNAMgrid CA Status

  • Review in progress

  • Documents CP/CPS TAGPMA Committe.

  • Draft 0.2 issue March 5, 2006

  • Website UNAMgrid.

  • Technical Test with OpenCA.


Unamgrid ca further work
UNAMgrid CA Further work

  • Spanish documents.

  • OpenCA test with our Research community (Mexico)

  • Risk assesment and contigency plans documents in progress.

  • RA test ( 1 Nuclear Science Department)


Thank you
Thank you

Questions?


ad