The Grid Professor Steve Lloyd Queen Mary, University of London.
Technical Working Group June 2001 Andrew Nash Steve Lloyd.
-
Upload
olivia-strickland -
Category
Documents
-
view
215 -
download
0
Transcript of Technical Working Group June 2001 Andrew Nash Steve Lloyd.
Agenda
• Agenda praise (in lieu of bashing) – a TWG tradition (praise that is …)
• Introductions– Name, Company,
Vendor/Exploiter/Customer
• Objectives and Ground Rules• Project and White Paper Objectives• Status at end of March Meeting
TWG Agenda for Wednesday 6/20 Thursday 6/21
• Path Construction• CESG Status (UK Govt
Interop Trial)• LDAP white paper• Application certificate
usage• Token Interoperability• CMP Interoperability• TTT Bridge CA
• OCSP• PKI Challenge• AKID/SKID Interop Guide• Wireless certificates • Future Work
Introductions
• Andrew Nash– RSA Security– PKI Vender
• Steve Lloyd– Entrust– PKI Vendor
• Your turn– Name, Company, Vendor/Exploiter/Customer
Objectives and Ground Rules
“… to accelerate the adoption and use of Public-Key Infrastructure (PKI) and PKI-based products and services.”– Leverage the expertise of Members– Projects lead by PKI Forum members– Results clearly PKI Forum effort– Maximum Involvement of all parties– Leverage existing standards, efforts,
skills and organizations
… and other things
• Mailing list signup and use• Project Plans and Status• Business WG organization
– Marketing/Education– Policy & Privacy– Best Practices– Applications/Vert. Markets
Major Project Work Methodology
• Description of task• White papers/educational material/test
cases• Interoperability workshops• Internal documentation of results/lessons
learned/recommendations• External documentation• Focus on making it work!
External Project Report Objectives
• Written materials reporting results– White papers– Matrices– Presentations
• Interim results remain private to PKIF• Consensus on timing and nature of results
– Positive results desired– Describe PKI successes, not disadvantage
products that don’t work during testing
White Paper Objectives
• Address topics that will advance PKI interoperability
• What does PKIF have to add– LDAP– Path Construction– NOT remote path validation!
• May be related to specific Major Projects• Editor responsible to drive• Review/approval on list to assure agreement
Status from San Jose - March 2001
•Meeting minutes are required•We meet this requirement with “real time” PPT notes•If time permits, quick review before Joint Session•Input Solicited
Participants MarchSan Jose
DecemberSydney
SeptemberMontreal
Vendor 14 35%
13 45% 20 43%
ISV/Exploiter 19 48%
12 41% 16 38%
Customer** 7 17%
4 9% 10 24%
40 29 46** Customers include consultants
TWG Progress
In Progress:
4 Major Interoperability Projects
5 White Papers (more in the pipe)
3 PKI Notes
Complete:
1 Major Interoperability Project
1 White Paper
Path ConstructionStephen Farrell/Steve Lloyd
• White paper– Explain functionality and identify recommendations
• Assumptions– Assume complex certificate paths
• Hierarchical/Distributed/Bridge CA/Combination trust models
– Concentrate on LDAP/X.509/HTTP access methods
• CA-CA Interoperability paper relies on this paper to address “path bounding”
• Plan– 1st draft due June 2001– Final submission Sept 2001
Application Certificate UsageDavid Crowe
• Deliverables– Data sheets describing pair wise vendor results
•Product descr, interoperable functionality, config notes•Entrust/Xcert, RSA Security/Xcert, SECUDE/Xcert
– Certificate library – librarian: Tony Rogers
• Parallel activities with the CESG and EEMA• Issues:
– IPSec certificate usage is open– More results required for successful completion
• Future– Direct testing between companies proposed – some results already exist
with companies like Microsoft– Forum assumes a brokerage role (incl coordination of announcements)
Certificate LibraryTony Rogers
• Initial certificates provided by Computer Associates• PKI Forum web site
– FTP down load• certificates, descriptions• possibly associated private keys
• LDAP server to be established as a certificate source• Certificate samples requested from members now
– CA, SSL server, SSL client, e-mail
• Optional CRL• Optional known bad certificate examples
CA-CA InteroperabilitySteve Lloyd
• Address technical aspects of CA-CA interoperability – emphasis on “inter-domain interoperability”
• Discussion paper delivered – project did not include interoperability
demonstrations
• Recommended that non-technical issues (business relationships/legal) be addressed by the Policy & Privacy subgroup
• One activity among others – this activity was purposely focused on inter-domain
interoperability issues
CMP InteroperabilityBob Moskowitz
• No group testing in last quarter (some point-to-point)
• Support DSA and RSA• Supported direct TCP• Press announcement – Feb ’01• Further testing on additional protocol features
LDAPDavid Finkelstein
• Limited progress to date• Initial draft has limited distribution• Focused effort avail from this point forward• Outline
– Schema requirements– Creation, modification search requirements– Access control requirements
• CA vendor use of LDAP imposes unique implications
OCSPAlistair Grant
• Goal: – Promote interoperability between
implementations of OCSP (RFC 2560)
• Project proposal – Dec 2000• Agreed project plan – Feb 2001• Public OCSP responder established – March
2001• BOF planned for Thursday afternoon• Testing planned for April/May
Other Discussions
• XML Key Mgmt System (XKMS) Warwick Ford– Microsoft, VeriSign, webMethods and others– Application enabled to use 2G PKI services– Simplify the application interface– Hides complexity of PKI structure such as trust
models
Other Discussion
• CESG Interoperability Richard Lampard– Heterogeneous CA hierarchy– Interop trial to resolve issues
• Large set of standards• Work with large set of vendors• Understand state of industry and technology
– Application interop included S/Mime interop– 15 vendors– Bake-off 12-16 Feb ’01– Report will distribute test results