We worked with DOESG engineering staff to identify who we should focus on for our initial roll out. It was determined that we should focus on PPDG, FNC and DOESG as our first customers. A new architecture based on using RAs was decided on to meet the remote user identity problem. It was felt that by assigning RAs the responsibility of identifying the End Entity that we could provide a better level of identity assurance. We will be rolling out 3 RA:
- Doug Olson for PPDG
- Mary Thompson for FNC, DOESG at LBL
- Scott Studham for DOESG at PNL
We have worked out an initial schedule for the roll out of RAs. We are going to get the initial service up in the 1st quarter of 2002 - shooting for early January for RAs and then rolling out new services as we can.
A first cut at the white paper was produced and put on the new website for the project. It is being reviewed, with only minor comments. As our customer evolve their requirements we will modify the white paper to reflect the community view.
PPDG and DOESG contributed to the development of the CP/CPS for our PKI. We started our CP/CPS based on the INFN's CP/CPS. We did this to insure we can work with the European Data grid. This was a requirement that came out of meetings with PPDG. Doug Olson worked with his community to fine tune and specify the RA requirements in the CP/CPS. This will be included as an appendix to the CP/CPS when we finish community review - most likely in the January time frame. This approach of using appendixes to describe a remote community's identity vetting process, may be generalized for each of our RAs.
- Need to work out how to run a PMA for the service.
- Schedule is to aggressive - need to hire Service manager SOON!
- Need to work out license costs - current estimate $6 per cert.