terena networking conference 2010


Licia Florio (TERENA)

The eduPKI service being developed within the GÉANT project aims to ease the adoption of digital certificates within the project in a cost-effective way. eduPKI aims to create a service able to support other of the project’s services in defining their security requirements, and to provide them with digital certificates. eduPKI's goal is to enable GEANT services to obtain digital certificates from CAs operated by NRENs participating in the project, that meet those services' requirements. eduPKI was a response to the need for better coordination to address security requirements of the services being developed in the project. Examples of services that can benefit from eduPKI include perfSONAR, eduGAIN and eduroam, plus future services that will have security and trust requirements. To achieve its goal eduPKI will offer three main facilities: (i) *Policy Management Authority (PMA)*, which will define procedures to assess GN3 services' requirements and categorise them into profiles; and also procedures to assess existing national CA operations against the agreed profiles. (ii) *A dedicated Certification Authority (eduPKI CA)*, to test and support the profiles created by the PMA and to support those NREN users that cannot rely on any national CA service. (iii) *An enhanced version of the existing TACAR* (TERENA Academic Certificate Authority Repository), to store and distribute the eduPKI-participating Certificate Authority's root certificates (including the eduPKI CA root) in a secure manner. The poster describes how the three eduPKI's facilities work together and how they relate to the rest of GN3 project.

Download poster (PDF)