2nd APGrid PMA F2F MeetingOsaka University Convention CenterOsaka University Convention Center
October 15October 15
09:00 - 17:2009:00 - 17:20
# Participants: 26# Participants: 26
Federation of Grid Authentication
Each regional PMA is responsible forEach regional PMA is responsible forcoordination of CA policy within the regioncoordination of CA policy with the other regional PMAs
Three PMAs are the founders of the International Grid Trust FThree PMAs are the founders of the International Grid Trust Federation (IGTF)ederation (IGTF)
CACA CACA
CACACACA
EUGrid PMA
CACA
CACACACA
CACA
CACA
CACA
APGrid PMA
CACA
CACA
CACA
CACA
TAG PMA
Regional PMA is responsible for coordination of security policies within the region
Three PMAs compose IGTF
APGridPMA: Members
Ex Officio MembershipEx Officio MembershipAISTAIST Yoshio Yoshio
TanakaTanakaJapanJapan
APACAPAC David BannonDavid Bannon AustraliAustraliaa
ASGCCASGCC Eric YenEric Yen TaiwanTaiwan
CNIC/CNIC/SDGSDG
Kai NanKai Nan ChinaChina
IHEPIHEP Sun GonxingSun Gonxing ChinaChina
KEKKEK Takashi Takashi SasakiSasaki
JapanJapan
KISTIKISTI Sangwan KimSangwan Kim KoreaKorea
NAREGINAREGI Rumiko MasukoRumiko Masuko JapanJapan
NCHCNCHC Alex WuAlex Wu TaiwanTaiwan
NECTECNECTEC Sornthep VannarSornthep Vannaratat
ThailandThailand
NGONGO Jon LauJon Lau SingapoSingaporere
SDSCSDSC Mason KatzMason Katz USAUSA
ThaiGridThaiGrid Sugree PhatanapSugree Phatanapheromherom
ThailandThailand
General MembershipGeneral MembershipHKUHKU Chen Lin, Chen Lin,
ElaineElaineChinaChina
U. U. HyderabHyderabadad
Arun AgarwalArun Agarwal IndiaIndia
USMUSM Boon Yaik Boon Yaik MalaysiaMalaysia
U. OsakaU. Osaka Susumu Susumu DateDate
JapanJapan
General Architecture of the IGTF
Member PMAs are responsible for accrediting authoritiesMember PMAs are responsible for accrediting authoritiesThe IGTF maintains a set of authentication profiles (APs) thThe IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class at specify the policy and technical requirements for a class of identity assertions and assertion providers.of identity assertions and assertion providers.Each AP is assigned by the IGTF to a specific member PMA.Each AP is assigned by the IGTF to a specific member PMA.
Classic AP (EUGrid PMA)Short Lived Credential Services (SLCS) AP (TAGPMA)Member Integrated Credential Services (MICS) AP (TAGPMA)Experimental AP (APGrid PMA)
Scope of the APGrid PMA
Manage the PMA membershipManage the PMA membershipDefine charter and minimum CA requirementsDefine charter and minimum CA requirementsPublish related documentsPublish related documentsMaintain and revise the documentsMaintain and revise the documentsAccredit authorities with respect to the minimum CA requireAccredit authorities with respect to the minimum CA requirementsmentsCoordinate auditing and re-certification of accredited authorCoordinate auditing and re-certification of accredited authoritiesitiesMonitor member CA signing namespacesMonitor member CA signing namespacesOperate a secure collection point for information about accrOperate a secure collection point for information about accredited CAsedited CAsBe primarily concerned with Grid communities in Asia PacifiBe primarily concerned with Grid communities in Asia Pacific, and their external partnersc, and their external partners
Agenda of the F2F meeting
09:00 - 09:1509:00 - 09:15 WelcomeWelcome Shinji ShimojoShinji Shimojo
09:15 - 09:4509:15 - 09:45 Status UpdatesStatus Updates All CAsAll CAs
09:45 - 10:3009:45 - 10:30 Recap of PMA/IGTFRecap of PMA/IGTF Yoshio TanakaYoshio Tanaka
11:00 - 11:4511:00 - 11:45 AccreditationAccreditation NECTEC GOC CANECTEC GOC CA
11:45 - 12:3011:45 - 12:30 In Depth ReportIn Depth Report KISTI Grid CAKISTI Grid CA
13:30 - 14:1513:30 - 14:15 Invited TalkInvited Talk Yasuo OkabeYasuo Okabe
14:15 - 17:2014:15 - 17:20 Open DiscussionsOpen Discussions
- Procedures for Incident Response- Procedures for Incident Response
- Grid Certificate Profile- Grid Certificate Profile
- Classic Authentication Profile- Classic Authentication Profile
- Short Lived Credential Services AP- Short Lived Credential Services AP
- Member Integrated Credential - Member Integrated Credential Services APServices AP
Highlights of the meeting
NECTEC GOC CA was accredited as a IGTF-Classic compliaNECTEC GOC CA was accredited as a IGTF-Classic compliant Certificate Authority.nt Certificate Authority.
NECEC GOC CA will be included in the IGTF CA distribution after it will be ready for operation.
Agreed that KISTI Grid CA will be removed from a list of accAgreed that KISTI Grid CA will be removed from a list of accredited CAs due to some fundamental problems of its operredited CAs due to some fundamental problems of its operation.ation.PRAGMA CA will be ready to be accredited soon.PRAGMA CA will be ready to be accredited soon.
Being a catch-all CA for PRAGMA communityWe have roughly reviewed the PRAGMA CA compliance with the IGTF Classic AP (minimum requirements)
Animated discussions on reviewing proposed changes for tAnimated discussions on reviewing proposed changes for the Classic APhe Classic AP
Figured out some issues need to be revised.Report to the IGTF as comments from the APGrid PMA
Members (13 + 4)9 Accredited CAs9 Accredited CAs
In operationAIST (Japan)APAC (Australia)ASGCC (Taiwan)CNIC (China)IHEP (China)KEK (Japan)NAREGI (Japan)
Will be in operationNCHC (Taiwan)NECTEC (Thailand)
1 CA under review1 CA under reviewNGO (Singapore)
1 CA will be ready soon1 CA will be ready soonPRAGMA (USA)
PlanningPlanningThaiGrid (Thailand)
Will be accreditedWill be accreditedKISTI (Korea)
General membershipGeneral membershipOsaka U. (Japan)U. Hong Kong (China)U. Hyderabad (India)USM (Malaysia)
Acknowledgements
PRAGMAPRAGMA
PRAGMA LAPRAGMA LADate-sensei, Nozaki-sensei,Takao-san, Nakagawa-san
NEDO (New Energy and Industrial NEDO (New Energy and Industrial Technology Development Organization)Technology Development Organization)
Funding support