- Set up new Remote RMs - testing
- LDAP publishing Directory - Online
- Review Hardware Security Modules - FIPS 140
- PMA guidelines effort
- Equipment status
- iVDGL added as new RA
- European Data Grid CA managers meeting
- Certificate service Statistics as of 6/20
Dhiva has set up a Remote RM on the development system Amber. And continues the testing/evaluating the interaction with the Certificate manager (CM). This work is rolled up in to the RPMs that are used to distribute this software. This type of configuration allows us to limit the interactions (i.e. Certificate Requests) between RAs. There is a limitation though, in that the RA via the RM does not have full access to the CM feature set. But this is not a major limitation, because the RA could always be able to go to the CM for access to its features. The normal work flow of request/authorization can be done on the RM..
We have brought on line the publishing directory of the DOEGrids service. Dhiva has install a http gateway that allows web based access. You can reach it at: http://ldap.doesciencegrid.org/ds/search. You can also reach it via an LDAP client at ldap.doesciencegrid.org on the standard port 389. You can use the Web access to get to all the public certificates of the registered users. This is a handy way of getting the public certificate for encrypting a message for an individual.
Mike Helm and Dhiva has been extensively evaluating this produces from: Rainbow, Chrysalis and Ncipher. The HSM has now become a requirement for the project. To meet the security requirement of EDG, we need to have one. EDG requires the CA to be off line, but because of the size of our certificate service, this would be to costly. We proposed the use of HSM as a means to achieve a level of security that would be acceptable to them. This is a long an detailed process, but should be finished by the October milestone.
Mike has volunteered to author a Grid Forum document on PMA guidelines. He will start with our document and work with the GridCP working group to produce a document for the community. This will be beneficial to both our project and the community.
The security Racks have arrived and are waiting installation in the ESnet Data Center. We expect this work, which requires LBL plant engineering, to be finished in September. This will allow us to meet the October milestone.
Scott Koranda: skoranda@gravity.phys.uwm.edu has been vetted as a new Registration Authority representing the VO iVDGL. International Virtual Data Grid Laboratory has been added to our growing community:
Several new CAs are joining the the EDG CA manager, that are originating in the CrossGrid programme. CrossGrid is an EU project, coordinated by the Poznan HPC Centre in Poland, with partners from several other EU states and associated states. Information is available from <http://www.eu-crossgrid.org/>. This will effectively increase the number of CA that we will trust from the original 11 to 18. Countries being added Slovakia, Cyprus, Germany, Greece, Poland, Portugal and Spain. A full copy of the meeting minutes can be found at:
http://www.dutchgrid.nl/DataGrid/ca-group/CA-coordination-20020627.txt
Presented status of our project and received comments on our architecture. The EDG CA managers require that the CA be off line and that all Certificate signing Requests be handled by a human. This would not meet our operational needs. Mike Helm presented an architecture based on using Hardware Security Modules (FIPS 140). He was able to secure a reasonable concession with this architecture.
