We have also begun setting up
our Policy Management Authority, who will be responsible for the
management of the DOESG PKI. The list of PMA members will include all
Registration Authority agents. Currently we have: Mike Helm (ESnet), Von
Welch (Globus), Tony Genovese (ESnet), Mary Thompson (FNC), Doug Olsen (PPDG),
John Volmer (ANL), William Johnson (DOESG PI), Jim Leighton (ESnet PI) and
Keith Jackson (DOESG).
During January we were able to set up our off line and online CAs, plus one
development CA. This architecture
was designed to serve our initial low volume customers.
During our initial roll out a new requirement to handle a large volume
of certificate requests was identified. We
have made an emergency order for additional servers and reengineering the
architecture to handle this. We have begun
issuing certificates to our RA agents - Doug Olsen was the first for PPDG. He
has been able to issue some end entity certificates for his
community.
Input from the community
has been incorporated in the CP/CPS. Version 1.2 is out for
review.
The service is scaling up
slowly as the community requirements are shaken out and our RA agents get
their sea legs. The service may have to redo its root service to meet
these changing requirements. This could be disruptive if we have to
re-issue certificates, but all efforts are being done to allow the
architecture to change.
We have now deployed Registration Authorities at LBNL for PPDG, FNC and DOESG.
PNNL is scheduled to bring up their RA in the February timeframe - but they
may move this date further out. We
have also identified RAs for ANL and NERSC. ANL and NERSC are scheduled to
roll out their service in the next few months. We still need to identify an RA
for ORNL
We have now specified the Hardware and Software for use in the service.
Orders for the new Hardware will be done the week of February 11th.
The schedule for the project:
