upki project update l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
UPKI project update PowerPoint Presentation
Download Presentation
UPKI project update

Loading in 2 Seconds...

play fullscreen
1 / 21

UPKI project update - PowerPoint PPT Presentation


  • 269 Views
  • Uploaded on

UPKI project update. Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University. UPKI . B 大の教授. B 大職員. A 大アクセスポイント. C 大電子コンテンツ. Wireles LAN roaming. C 大事務システム. B 大アクセスポイント. UPKI common specification. Campus AAI. Campus AAI. Campus AAI. C 大学. A 大学. B 大学.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'UPKI project update' - betty_james


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
upki project update

UPKI projectupdate

Yasuo Okabe

Academic Center for Computing and Media Studies

Kyoto University

upki inter university authentication and authorization platform for csi

UPKI

B大の教授

B大職員

A 大アクセスポイント

C 大電子コンテンツ

Wireles LAN roaming

C 大事務システム

B 大アクセスポイント

UPKI common specification

Campus AAI

Campus AAI

Campus AAI

C 大学

A 大学

B 大学

UPKI ― Inter-University Authentication and Authorization Platform forCSI
  • Conducted by NII and the information infrastructure centers in 7 universities
    • Supported by Ministry of Education, Science and Technology
upki concept
UPKI: concept
  • Targets various applications
    • SSO of Web services
    • E-mail Digital Signature/Encryption by S/MIME
    • Network Services
      • wireless LAN roaming and VPN
    • Grid computing
  • Utilization of PKI
    • “U” stands University/Universal/Ubiquitous
    • Deployment of Grid/PKI middleware for national academic AA infrastructure

NII International Workshop on Cyber Science Infrastructure

planned schedule of upki

2006FY

2007FY

2008FY

2009FY and later

UPKI

Initiative

founded

・Gathering common interests and opinions, and feedback,

・Interoperability check, knowledge transfer, publicity, tutorial works, …

Campus PKI specification

Model design

Outsource model

Insource model, multi-university cooperative model

UPKI common

Specification

Campus PKI CP/CPS template

・Deployment of campus PKI

at each university

・Connecting universities

・Federation of applications

etc.

Insource model, multi-university cooperative model

Outsource model

Developing, deploying and fostering new applications

Wireless LAN roaming

Applications

Single Sign On to Web Services

S/MIME

CA

software

Development of

CA software package

Distribution and support for deployment of

CA software package

Planned Schedule of UPKI
ongoing subprojects
Ongoing Subprojects
  • Designing Common CP/CPS, Profiles, …
  • Development and Deployment of “NAREGI-CA” Certificate Authority Middleware
  • PKI based Applications
    • InterUniversity Web SSO
      • SAML2.0/Shibboleth + PKI
    • Wireless LAN Roaming
      • 802.1X, EduRoam compatible (www.eduroam.jp)
      • VPN
    • Secure E-mail Service via S/MIME
    • Supercomputing Grid

etc.

subprojects by nii
Subprojects by NII
  • UPKI common CP/CPS【WP1】
  • Public server certificate【WP2】
  • Inter-University W-LAN roaming【WP3】
  • SSO for Digital Library Service by NII and other universities via Shibboleth/SAML【WP4】
  • Development of CA middleware【WP5】
  • Deployment of S/MIME e-mail signature/encryption architecture【WP6】
slide8

Full outsource

provider

  • Univ.

IA

RA

Insource

IA outsource

provider

  • Univ
  • Univ

RA

IA

IA

RA

Operation Models of CA

CP/CPS

naregi
NAREGI

National Research Grid Initiative

  • http://www.naregi.org/
  • collaboration projects among industry, academic sector and the government.
naregi grid middleware stack
NAREGI Grid Middleware stack

http://www.naregi.org/concept/index_e.html#05

nationwide academic grid networks over supersinet experimental
Nationwide Academic Grid Networksover SuperSINET (experimental)

U. Tokyo

Hokkaido U.

Kyoto U.

Tohoku U.

8-center

Grid Computing WG

network

Nagoya U.

Doshisha U.

Doshisha SD

Osaka U.

Kyushu U.

Kyushu I. Tech.

Tokyo I. Tech.

NAREGI

Grid network

Kyushu U.

AIST

(Tsukuba)

I. Molecular Sci.

(Okazaki)

NAREGI NIICluster

NII

NAREGI

core

NAREGI IMSCluster

naregi certification service
NAREGI Certification Service

CA Software

(NAREGI-CA)

- CA/RA

- UI (Character, Web)

Operation

(NII GOC CA)

Policy

Management

(NAREGI-PMA)

  • Operation of CA
  • Authorized by the APGrid
  • PMA Production Level CA
  • - CP/CPS
  • Satisfy APGrid
  • minimum requirement
naregi ca
NAREGI-CA
  • A full-fledged CA (Certificate Authority) Software for PKI
  • Originally developed for Grid computing, but can be used for general purpose
  • Free open source software

Ver2.0 (May.10.2006) is available at http://www.naregi.org/download/

  • Research collaboration
    • Audit of CA :AIST, Japan
    • PMA for international cooperation : APGRID
  • User Sites
    • NAREGI, AIST, Several Universities
comparison among ca softwares
Comparison among CA softwares

○:available、×:not available、△:some restriction

slide15

NAREGI-CA Software Features

  • License ID management
    • Transfer authentication responsibility to Local RA
  • Grid operation extensions
    • Assistance of Grid-mapfile creation
  • Dual interfaces for certificate request
    • Web & command line enrollment
  • CA/RA architecture
    • Independent Registration Authority (RA) Server
    • Practical CP/CPS Template
naregi ca architecture
NAREGI-CA Architecture

Local RA(Site Administrator)

⑤Send CSR

①Get License ID

RA (Registration Authority)

CA(CertificateAuthority)

⑥Issue Certificate

④Pass License ID& Public Key

②Authorize to pass License ID

⑦Get Certificate

⑧Get Grid Map file

③Generate a Key Pair

End User &Host Administrator

Site Administrator

slide17

IC Card

Enhanced procedure to issue certificate

CA

RA

Apply

Identify

License ID

License ID

CA Administrator

RA Administrator

User

License ID

Issue Certificate

CA

RA

Application Server

(web)

RA Administrator

Challenge PIN

Apply

CA Administrator

Delegate

Identify

User

Authorize

RA Operator

Management

Server (web)

Challenge PIN

Issue Certificate

Challenge PIN

slide18

CampusCA

User

IC Card

Super Computer

Super Computer

Super Computer

Campus-Grid PKI Federation

Campus PKI

Grid PKI

NAREGI CA

Issue Certificate

Issue Certificate

LDAP

NAREGI RA

Request Certificate

(Use IC Card

as credential)

Grid System

Access

Certificate

for Grid System

upki initiative

Common specification

NII CSI Headquarter

AAI TWG

UPKI Initiative

Opinions and comments

Hokkaido U

Tohoku U

U. Tokyo

Nagoya U

join

Kyoto U

Osaka U

Kyushu U

Univ

J. College

KEK

Tokyo Tech

Tech. College

NII

Research Institute

etc.

UPKI Initiative
  • Founded in 16 Aug 2006
  • Sponsored by NII AAI TWG
  • Mission
    • Gathering interests and opinions of not only universities but also industries
  • https://upki-portal.nii.ac.jp/
summary
Summary
  • UPKI national academic authentication and authorization infrastructure project has started.
    • Conducted by NII and the information infrastructure centers in the 7 universities
    • As a basic platform of Cyber Science Infrastructure
  • We have started later, so we have get some advantages
  • International federation/collaboration is a very important issue.

NII International Workshop on Cyber Science Infrastructure

apan middleware working group
APAN Middleware Working Group

APAN (Asia-Pacific Advanced Networking)

  • 20th APAN (Taipei, Aug. 2005)
    • National Authentication and Authorization Infrastructure and NREN (proposed session)
  • 21st APAN (Tokyo, Jan. 2006)
    • Middleware Workshop (full day)
    • Middleware Working Group is approved for a period of two years
  • 22nd APAN (Singapore, today)
    • Grid Middleware Workshop
  • 23rd APAN (Manila, Jan. 2007)
    • Grid Middleware Workshop
  • 24th APAN (Xian, Aug. 2007)
    • Middleware Workshop