UPKI Activities - July 2008 -

1. UPKI Activities- July 2008 - NII & UPKI Initiative Hideaki Sone, Tohoku University

2. UPKI Plan in FY2008 (April-March) • UPKI WG in NII • in collaboration with universities and “ac.jp” institutes • Public PKI Layer • Server Certificate Project • Client Certificate (Study) • Campus PKI Layer • Federation between Campus PKIs • Promotion of Campus PKI • R&D of Applications for Campus PKI • Grid PKI • Cooperation with GOC (Grid Op Ctr)

3. Univ IdP Univ IdP NII ＣｉＮii Univ DB E-Journals Univ Univ Collaborating Campus PKI in FY2008 Server Certificate Federation with Univs Client Certificate (study) Public PKI Layer Certificate WTCA Cert DB Federation in LAN Access Int’l Fed’n Use in applications Foregn Universities Univ DB Campus PKI Layer Univ DB Content certification Federation IdP federation IdP Federation Foreign e-Jounals NII IdP Hosting IdP AuthN by Univ DB Grid Certificate Job entry Time Certificate Grid PKI Layer Grid Operation Grid CA Domestic Grid sites Foreign Grid Sites

4. Promotion of Campus PKI (AAI) • Working groups (Chair: Okabe@Kyoto-u) • NII Open-House, events, • Seminars, caravan, lectures • Collaboration with academic/research meetings • TERENA (REFEDS, TNC, etc.) • SWITCH (Shibboleth Fests) • APAN Middleware WG (-2008)

5. Federation between Campus PKIs“UPKI-Fedration” • Trial of Federating SSO over Shibboleth • Mixture of PKI + ID/PW auth. • IdP’s + SP’s in universities (+NII) • Automatic redirection • Mgmt policies forJapanese Univs • Start UPKI-Fed in 2009

6. Activities for “UPKI-Fedration” • 2006 • Study of Shibboleth1.3, SAML2.0 • 2007 • UPKI members visited SWITCH to learn SWITCH AAI. • NII invited Mr. Nate Klingenstein from Internet2 to support UPKI-Fed plan. • Development of Shib-PKI (DS Plug-in). • Development of Testbed including Shib-PKI Plug-in. • Overall Plan and Initial Policy Draft for UPKI-Fed

7. Server Certificate Project • Trial (-- FY2009) • Practical study on various cases • Fault certificate (cancel & re-issue) • Procedure for renewal (after expiration) • Virtual hosts, Mass (bulk) application (450) • Audit • Policies (CP, CPS, etc.) and models • 62 institutes, 492 certificates • Feedback, Survey

8. Number of Server Certificates

9. R&D of Applications for Campus PKI • Network Access Roaming • eduroam (Operation, Promotion, R&D) • Roaming with Commercial ISPs • Next Generation • 1300 High-Edu’s in Japan, Access Ctrl, VPN, etc. • UPKI Specifications (Std of Recmdn) • Sample CP/CPS guidelines • Time Cert., SSO, roaming VPN over SINET3 • S/MIME repository servers

10. UPKI Website • www.upki-portal.jp • (Japanese literacy required)