html5-img
1 / 10

Grid Canada Certificate Authority

Grid Canada Certificate Authority. Darcy Quesnel darcy.quesnel@canarie.ca ca@gridcanada.ca http://www.gridcanada.ca/ca/. About Grid Canada. Project formed by an MOU between CANARIE, NRC, and C3.ca C3.ca is the organization of the high performance computing sites in Canada

kylar
Download Presentation

Grid Canada Certificate Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid CanadaCertificate Authority Darcy Quesnel darcy.quesnel@canarie.ca ca@gridcanada.ca http://www.gridcanada.ca/ca/

  2. About Grid Canada • Project formed by an MOU between CANARIE, NRC, and C3.ca • C3.ca is the organization of the high performance computing sites in Canada • NRC is the federal lab system in Canada • CANARIE operates the Canadian research and education internet backbone (CAnet4) • Develops and deploys infrastructure for use by grid-related projects in Canada

  3. Project Drivers • Customer-managed lightpaths • An OGSA-compliant way for users to provision end-to-end lightpaths • NRC iHPC • Develop and deploy grid infrastructure within NRC • In support of multi-scale modelling • <5 users now, >50? in the future • Atlas Canada • Wants to participate in Data Grid • <10 users now, >30? in the future

  4. Challenges • Right now • Canada is not the U.S. and it is not Europe (or even the U.K.) • No federal granting agency has yet identified grids as a “strategic direction” • We hope that • Funded projects will see the benefits of having an explicit grid component • The NRC and CANARIE will increase their roles

  5. GC CA Details • CA Certificate Valid From: 2002-04-11 • CA Certificate Valid Until: 2007-04-10 • User Certificates: 13 • Host/Service Certificates: 18 • Revocations: 2 • Based on the globus_simple_ca_bundle • Issued to R&E end entities involved in grid activities • Standard set of extensions

  6. CA Requirements Compliance • GC CA machine is dedicated, secure, and non-networked • GC CA private key is • 2048-bit length • Valid for 5 years • Passphrase protected • User and host/service keys are • 1024-bit length • Valid for 1 year • Linked to a specific person or host/service • Generated by the user

  7. CA Requirements Compliance • Namespace is “/C=CA/O=Grid/*” • Subject names have the form “/C=CA/O=Grid /OU=<domainname>/CN=<fullname>” • Published at http://www.gridcanada.ca/ca is the • CP/CPS • CRL • Public Key • Signing Policy • All requests and responses (email), certificates, and CRLs are archived

  8. CA Requirements Differences • RA is based on a small community • User certificates are granted to people I know or who can be vouched for by someone I know • Host/service certificate requests are not signed by a user certificate • Host/service certificates are granted after I’ve talked to (or bugged) someone

  9. Future Directions • Develop scaleable RA infrastructure • North American PMA • Why should EDG WP6 have to deal with me directly? • Develop an XML schema for a CP/CPS • Useable by tools • Easier to create and change

  10. Contact Information • darcy.quesnel@canarie.ca • ca@gridcanada.ca • http://www.gridcanada.ca/ca

More Related