Who do you Trust? The roles of certificates, certification authorities and the IGTF in Grid Computing Prof. Vinod Rebello ...
A talk about PKI - Why me? <ul><li>User, resource provider and grid operator </li></ul><ul><li>Manager of the IGTF approve...
The Grid Computing Model Grid/Cloud offering services In this generic model, institutions and businesses own fewer of thei...
What is Grid Security? <ul><li>The Grid problem is to enable   </li></ul><ul><li>“ coordinated resource sharing and proble...
Essentials for Grid Security <ul><li>Access to shared services </li></ul><ul><ul><li>cross-domain authentication, authoriz...
Characteristics of Grid Security <ul><li>Current grid security is largely user centric </li></ul><ul><ul><li>different rol...
Role of Computer Security <ul><li>Identification & Authentication  ( I&A) </li></ul><ul><ul><li>Provide a way of identifyi...
Security Building Blocks <ul><li>Encryption provides </li></ul><ul><ul><li>confidentiality, can provide authentication and...
Asymmetric Cryptography <ul><li>Use non-reversible functions and a  key pair </li></ul><ul><ul><li>What one key encrypts, ...
Assymetric Key Pairs <ul><li>Every user splits a key pair into a private and a public key. </li></ul>The public key is kno...
Authentication Server Client ch =rand(); Same as  ch ? Server needs to keep track of Fred’s public key Challenge - Respons...
Creating a Digital Signature <ul><li>The digital signature locks the document to the signer </li></ul><ul><li>Easily verif...
Verifying a Digital Signature <ul><li>A verified signature proves that </li></ul><ul><ul><li>The corresponding private key...
<ul><li>Correct mapping  is crucial </li></ul><ul><li>Ensure the integrity of the mapping by applying a digital signature ...
X.509 Public Key Certificate <ul><li>A standardised way to associate a public key with an entity </li></ul><ul><li>A digit...
Signing a certificate <ul><li>Normal digital signature procedure </li></ul><ul><li>Non-sensitive information </li></ul><ul...
Verifying a certificate <ul><li>Signature </li></ul><ul><li>Time </li></ul><ul><li>Revocation </li></ul>Digest function ha...
Certification Authority <ul><li>The role of the CA is manage the certificate life cycle: create, store, renew, revoke </li...
Certification Process <ul><li>Subscriber requests Certificate </li></ul><ul><li>RM posts signing request notice </li></ul>...
Certificates <ul><li>CA is the only entity able to create/modify the certificate </li></ul><ul><ul><li>the CA has to be   ...
Authentication <ul><li>…  the server now only needs to keep track of its trust anchors (CA certificates) </li></ul>CA repo...
Trusting the CA <ul><li>Nothing hinders you from setting up your own CA and issuing certificates </li></ul><ul><ul><li>Get...
Establishing Trust <ul><li>The dynamic cross-organizational resource sharing   gives us a problem </li></ul><ul><ul><li>No...
Solving the Trust Problem <ul><li>Trusted Third Parties </li></ul><ul><ul><li>Independent identity assessment providers </...
International Grid Trust Fed. <ul><li>Commissioned: Mar 2003 (Tokyo) - Chartered: October 5 th , 2005 at GGF 16 (Chicago) ...
Building the Federation <ul><li>Providers and Relying Parties together shape the common minimum requirements </li></ul><ul...
Model for Grid Authentication <ul><li>A Federation of many independent CAs </li></ul><ul><ul><li>Policy  coordination  bas...
The Regional PMAs The Americas Grid PMA Asia Pacific Grid PMA European Grid PMA TAGPMA
EUGridPMA <ul><li>www.eugridpma.org </li></ul><ul><li>Member organizations/countries: </li></ul><ul><ul><li>Canonical list...
APGridPMA <ul><li>www.apgridpma.org </li></ul><ul><li>Member organizations/countries: </li></ul><ul><ul><li>Canonical list...
TAGPMA <ul><li>www.tagpma.org </li></ul><ul><li>The newest PMA, first Face-to-Face meeting in Rio de Janeiro, March 2006. ...
TAGPMA Membership <ul><li>CANARIE – Canada  </li></ul><ul><li>DOEGrids (ESNet) – USA  </li></ul><ul><li>EELA – Internation...
IGTF Common Policy IGTF Federation Document Common Authentication Profiles Classic (EUGridPMA) SLCS (TAGPMA) trust relatio...
Policies and Practices <ul><li>Certificate Policy and Certification Practice Statement (CP/CPS) </li></ul><ul><li>RFC 3647...
TAGPMA CA Accreditation <ul><li>Initial Consultation & Review with Mentor </li></ul><ul><li>Submit CP/CPS for review </li>...
What Are Grid PKIs For? <ul><li>Exist to serve the grid community in terms of authentication </li></ul><ul><ul><li>X.509 c...
Fostering NGIs in LA? <ul><li>Fostering National Grid Initiatives  to meet the demands of  Latin America </li></ul><ul><ul...
Acknowledgements   <ul><li>Various slides from </li></ul><ul><li>Michael Helm, ESnet/LBL </li></ul><ul><li>David Groep, NI...
Upcoming SlideShare
Loading in …5
×

Vinod Rebello

547 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
547
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Vinod Rebello

    1. 1. Who do you Trust? The roles of certificates, certification authorities and the IGTF in Grid Computing Prof. Vinod Rebello Instituto de Computação Universidade Federal Fluminense Brazil [email_address] TAGPMA The Americas Grid Policy Management Authority
    2. 2. A talk about PKI - Why me? <ul><li>User, resource provider and grid operator </li></ul><ul><li>Manager of the IGTF approved Brazilian and the Latin American and Caribbean Catch-all Grid Certificate Authorities </li></ul><ul><li>EELA-2 Task leader for Grid CAs and Security </li></ul><ul><li>Current Chair of the TAGPMA </li></ul><ul><li>Former Chair of the IGTF </li></ul><ul><li>There is are worlds outside of Grid Computing… </li></ul><ul><li>Chair of the Brazilian Educational PMA (ICPEDU) </li></ul><ul><li>Brazilian Federal PKI Service </li></ul><ul><li>And these worlds are colliding! </li></ul>
    3. 3. The Grid Computing Model Grid/Cloud offering services In this generic model, institutions and businesses own fewer of their own resources. Third parties provide facilities; users get access to services. Businesses themselves can also offer services over the Grid.
    4. 4. What is Grid Security? <ul><li>The Grid problem is to enable </li></ul><ul><li>“ coordinated resource sharing and problem solving in dynamic, multi-institutional virtual organizations .” </li></ul><ul><li>From The Anatomy of the Grid </li></ul><ul><li>So Grid Security is security to enable VOs. </li></ul><ul><li>Security is about risk assessment , not building a perfect system </li></ul>
    5. 5. Essentials for Grid Security <ul><li>Access to shared services </li></ul><ul><ul><li>cross-domain authentication, authorization, accounting, billing </li></ul></ul><ul><ul><li>common generic protocols for collective services </li></ul></ul><ul><li>Support multi-user collaboration </li></ul><ul><ul><li>may contain individuals acting alone – their home organization administration need not necessarily know about all activities </li></ul></ul><ul><ul><li>organized in ‘Virtual Organizations’ </li></ul></ul><ul><li>Enable ‘easy’ single sign-on for the user </li></ul><ul><ul><li>the best security is hidden from the user as much as possible </li></ul></ul><ul><li>And leave the resource owner always in control </li></ul>
    6. 6. Characteristics of Grid Security <ul><li>Current grid security is largely user centric </li></ul><ul><ul><li>different roles for the same person in the home institution and in the Virtual Organization (VO) </li></ul></ul><ul><li>There is no a priori trust relationship between members or member organizations </li></ul><ul><ul><li>VO lifetime can vary from hours to decades </li></ul></ul><ul><ul><li>VO not necessarily persistent (both long- and short-lived) </li></ul></ul><ul><ul><li>people and resources are members of many VOs </li></ul></ul><ul><li>… but a relationship is required </li></ul><ul><ul><li>as a basis for authorising access </li></ul></ul><ul><ul><li>for traceability and liability, incident handling, and accounting </li></ul></ul>
    7. 7. Role of Computer Security <ul><li>Identification & Authentication ( I&A) </li></ul><ul><ul><li>Provide a way of identifying entities, and controlling this identity </li></ul></ul><ul><li>Confidentiality : protection against data disclosure to unauthorized persons </li></ul><ul><li>Integrity : protection against data modification </li></ul><ul><li>Availability : protection against data disponibility </li></ul><ul><li>Non-repudiability </li></ul><ul><ul><li>Bind an entity to its actions </li></ul></ul><ul><li>Authorisation </li></ul><ul><ul><li>Identity combined with an access policy to grant rights to perform some action </li></ul></ul>
    8. 8. Security Building Blocks <ul><li>Encryption provides </li></ul><ul><ul><li>confidentiality, can provide authentication and integrity protection </li></ul></ul><ul><li>Checksums/hash algorithms provide </li></ul><ul><ul><li>integrity protection, can provide authentication </li></ul></ul><ul><li>Digital signatures provide </li></ul><ul><ul><li>authentication, integrity protection, and non-repudiation </li></ul></ul>
    9. 9. Asymmetric Cryptography <ul><li>Use non-reversible functions and a key pair </li></ul><ul><ul><li>What one key encrypts, the other decrypts </li></ul></ul><ul><li>Keep one key private </li></ul><ul><ul><li>Only you can decrypt </li></ul></ul><ul><li>Let the other be public </li></ul><ul><ul><li>Everyone can encrypt </li></ul></ul><ul><li>Security relies on </li></ul><ul><ul><li>F -1 not being found </li></ul></ul>Hello $w!4& F(x) priv Hello $w!4& F(x) pub
    10. 10. Assymetric Key Pairs <ul><li>Every user splits a key pair into a private and a public key. </li></ul>The public key is known by everybody. The private key should not be known by anyone else. It may be protected by hardware. priv pub
    11. 11. Authentication Server Client ch =rand(); Same as ch ? Server needs to keep track of Fred’s public key Challenge - Response I’m Fred 1423 AxW8 Hi Fred decrypt(AxW8); pub of Fred encrypt(1423) priv
    12. 12. Creating a Digital Signature <ul><li>The digital signature locks the document to the signer </li></ul><ul><li>Easily verifyable for everyone in possession of the public key (next slide) </li></ul>Original Document Digest function hash Original Document hash SHA-1 MD5 priv
    13. 13. Verifying a Digital Signature <ul><li>A verified signature proves that </li></ul><ul><ul><li>The corresponding private key was used to sign the document </li></ul></ul><ul><ul><li>The document has not been altered </li></ul></ul>Original Document Digest function hash Original Document = ? hash hash pub hash
    14. 14. <ul><li>Correct mapping is crucial </li></ul><ul><li>Ensure the integrity of the mapping by applying a digital signature to it: a certificate </li></ul>Distributing the Public Key <ul><ul><li>Version </li></ul></ul><ul><ul><li>Serial number </li></ul></ul><ul><ul><li>Issuer identity </li></ul></ul><ul><ul><li>Validity period </li></ul></ul><ul><ul><li>User identity </li></ul></ul><ul><ul><li>Public key </li></ul></ul><ul><ul><li>Extension fields </li></ul></ul>-> identity
    15. 15. X.509 Public Key Certificate <ul><li>A standardised way to associate a public key with an entity </li></ul><ul><li>A digitally signed identity document </li></ul><ul><ul><li>Can identify people, computers, services, … </li></ul></ul><ul><ul><li>Version </li></ul></ul><ul><ul><li>Serial number </li></ul></ul><ul><ul><li>Issuer identity </li></ul></ul><ul><ul><li>Validity period </li></ul></ul><ul><ul><li>User identity </li></ul></ul><ul><ul><li>Public key </li></ul></ul><ul><ul><li>Extension fields </li></ul></ul>(Extension data: what type of vehicles the person is authorized to drive)
    16. 16. Signing a certificate <ul><li>Normal digital signature procedure </li></ul><ul><li>Non-sensitive information </li></ul><ul><ul><li>Contains public data – is verified with public data </li></ul></ul>Digest function hash issuer’s private key <ul><ul><li>Version </li></ul></ul><ul><ul><li>Serial number </li></ul></ul><ul><ul><li>Issuer identity </li></ul></ul><ul><ul><li>Validity period </li></ul></ul><ul><ul><li>User identity </li></ul></ul><ul><ul><li>Public key </li></ul></ul><ul><ul><li>Extension fields </li></ul></ul><ul><ul><li>Version </li></ul></ul><ul><ul><li>Serial number </li></ul></ul><ul><ul><li>Issuer identity </li></ul></ul><ul><ul><li>Validity period </li></ul></ul><ul><ul><li>User identity </li></ul></ul><ul><ul><li>Public key </li></ul></ul><ul><ul><li>Extension fields </li></ul></ul>priv
    17. 17. Verifying a certificate <ul><li>Signature </li></ul><ul><li>Time </li></ul><ul><li>Revocation </li></ul>Digest function hash hash = ? issuer’s public key But who should sign the certificate? <ul><ul><li>Version </li></ul></ul><ul><ul><li>Serial number </li></ul></ul><ul><ul><li>Issuer identity </li></ul></ul><ul><ul><li>Validity period </li></ul></ul><ul><ul><li>User identity </li></ul></ul><ul><ul><li>Public key </li></ul></ul><ul><ul><li>Extension fields </li></ul></ul><ul><ul><li>Version </li></ul></ul><ul><ul><li>Serial number </li></ul></ul><ul><ul><li>Issuer identity </li></ul></ul><ul><ul><li>Validity period </li></ul></ul><ul><ul><li>User identity </li></ul></ul><ul><ul><li>Public key </li></ul></ul><ul><ul><li>Extension fields </li></ul></ul>pub
    18. 18. Certification Authority <ul><li>The role of the CA is manage the certificate life cycle: create, store, renew, revoke </li></ul>User data Public key Trusted Third Party User data Public key CA signature User certificate CA
    19. 19. Certification Process <ul><li>Subscriber requests Certificate </li></ul><ul><li>RM posts signing request notice </li></ul><ul><li>The RA for the Subscriber retrieves request </li></ul><ul><li>The RA agent reviews request with Grid project </li></ul><ul><li>The agent updates/approves/rejects request </li></ul><ul><li>Approved Certificate Request is sent to CM </li></ul>Subscriber Registration Authority (RA) Agent 3 4 7 <ul><li>CM issues certificate </li></ul><ul><li>RM sends Email notice to Subscriber </li></ul><ul><li>Subscriber picks up new certificate </li></ul>2 Sponsor Project DBMS 4 5 6 Certificate Manager (CM) (Certificate Signing Engine) Registration Manager (RM) CA 4 1 2 8 9
    20. 20. Certificates <ul><li>CA is the only entity able to create/modify the certificate </li></ul><ul><ul><li>the CA has to be trusted </li></ul></ul><ul><li>Certificates enable: </li></ul><ul><ul><li>Clients to authenticate servers </li></ul></ul><ul><ul><li>Servers to authenticate clients </li></ul></ul><ul><ul><li>Public key exchange without Public Key Server </li></ul></ul><ul><li>No disclosure of private/secret keys. </li></ul><ul><li>Special features: </li></ul><ul><ul><li>chains of CAs, to distribute the task of issuing certificates </li></ul></ul><ul><ul><li>Certificate Revocation List, to disable certificates </li></ul></ul>
    21. 21. Authentication <ul><li>… the server now only needs to keep track of its trust anchors (CA certificates) </li></ul>CA repository Server Client ch =rand(); cert .getPubKey(); decrypt(AxW8); Same as ch ? cert .validate() ? cert .getName(); Hello 1423 Hi Fred encrypt(1423) priv AxW8 pub Fred
    22. 22. Trusting the CA <ul><li>Nothing hinders you from setting up your own CA and issuing certificates </li></ul><ul><ul><li>Getting others to trust you is the hard problem! </li></ul></ul><ul><li>Trust anchors </li></ul><ul><ul><li>the CAs that we more or less trust unconditionally </li></ul></ul>
    23. 23. Establishing Trust <ul><li>The dynamic cross-organizational resource sharing gives us a problem </li></ul><ul><ul><li>No initial trust, different policies, different mechanisms </li></ul></ul><ul><ul><li>no central point of control in Grids </li></ul></ul><ul><li>We have to provide tools to make this as painless as possible </li></ul>
    24. 24. Solving the Trust Problem <ul><li>Trusted Third Parties </li></ul><ul><ul><li>Independent identity assessment providers </li></ul></ul><ul><ul><li>The most commonly used today </li></ul></ul><ul><li>Federations </li></ul><ul><ul><li>Organizations trust each other to identify their own users </li></ul></ul><ul><ul><li>Finite “membership” constellations </li></ul></ul><ul><li>Web of Trust </li></ul><ul><ul><li>Users trust each other to identify others </li></ul></ul><ul><ul><li>Less control, scalability arguable </li></ul></ul>
    25. 25. International Grid Trust Fed. <ul><li>Commissioned: Mar 2003 (Tokyo) - Chartered: October 5 th , 2005 at GGF 16 (Chicago) </li></ul><ul><li>Federation of European, Asian, and Western Hemisphere Policy Management Authorities </li></ul><ul><ul><li>Focused on Identity management and authentication for Grids </li></ul></ul><ul><li>Establishment of top level CA registries and related services </li></ul><ul><ul><li>Root CA certificates, CA repositories and CRL publishing points. </li></ul></ul><ul><ul><li>Uses TERENA TACAR (TERENA Academic CA Repository) </li></ul></ul><ul><li>Standards </li></ul><ul><ul><li>Certificate policies, Certification profiles, Accreditation </li></ul></ul><ul><ul><li>Open Grid Forum publishes standards and community best practices. </li></ul></ul>
    26. 26. Building the Federation <ul><li>Providers and Relying Parties together shape the common minimum requirements </li></ul><ul><ul><li>Several profiles for different identity management models </li></ul></ul><ul><ul><ul><li>different technologies </li></ul></ul></ul><ul><ul><li>Authorities testify to compliance with profile guidelines </li></ul></ul><ul><ul><li>Peer-review process within the federation to (re) evaluate members on entry & periodically </li></ul></ul><ul><ul><li>Reduce effort on the relying parties </li></ul></ul><ul><ul><ul><li>single document to review and assess for all Authorities </li></ul></ul></ul><ul><ul><ul><li>collective acceptance of all accredited authorities </li></ul></ul></ul><ul><ul><li>Reduce cost on the authorities </li></ul></ul><ul><ul><ul><li>but participation in the federation comes with a price </li></ul></ul></ul><ul><li>… the ultimate decision always remains with the RP </li></ul>
    27. 27. Model for Grid Authentication <ul><li>A Federation of many independent CAs </li></ul><ul><ul><li>Policy coordination based on common minimum requirements (not ‘policy harmonisation’ ) </li></ul></ul><ul><ul><li>Acceptable for major relying parties in Grid Infrastructures </li></ul></ul><ul><li>No strict hierarchy with a single top </li></ul><ul><ul><li>spread liability and enable failure containment (better resilience) </li></ul></ul><ul><ul><li>maximum leverage of national efforts </li></ul></ul>CA 1 CA 2 CA 3 CA n charter guidelines acceptance process relying party 1 relying party m
    28. 28. The Regional PMAs The Americas Grid PMA Asia Pacific Grid PMA European Grid PMA TAGPMA
    29. 29. EUGridPMA <ul><li>www.eugridpma.org </li></ul><ul><li>Member organizations/countries: </li></ul><ul><ul><li>Canonical list: http:// www.eugridpma.org/members/index.php </li></ul></ul><ul><ul><li>Membership includes many European national and regional (eg Nordunet, Baltic Grid) Grid projects; Canarie (Canada); DOEGrids and FNAL (US); significant relying parties such as LHC, OSG; </li></ul></ul><ul><li>Features: </li></ul><ul><ul><li>~50 members: most from EU, some from closely affiliated countries, Middle east and Africa </li></ul></ul><ul><ul><li>Chaired by David Groep (NIKHEF) </li></ul></ul><ul><ul><li>Completed 14th Face-to-face meeting </li></ul></ul><ul><ul><li>The senior partner </li></ul></ul><ul><ul><li>“ Classic” X.509 Grid Authentication Profile </li></ul></ul>
    30. 30. APGridPMA <ul><li>www.apgridpma.org </li></ul><ul><li>Member organizations/countries: </li></ul><ul><ul><li>Canonical list: https:// www.apgrid.org/CA/CertificateAuthorities.html </li></ul></ul><ul><li>Features: </li></ul><ul><ul><li>18 members from the Asia-Pacific Region, chaired by Yoshio Tanaka (AIST) and Jenny Chin (ASGC), </li></ul></ul><ul><ul><li>10 Production CAs are in operation </li></ul></ul>
    31. 31. TAGPMA <ul><li>www.tagpma.org </li></ul><ul><li>The newest PMA, first Face-to-Face meeting in Rio de Janeiro, March 2006. </li></ul><ul><li>Member organizations/countries: </li></ul><ul><ul><li>Canonical list: http:// www.tagpma.org /members </li></ul></ul><ul><li>Features: </li></ul><ul><ul><li>21 members: CA, US, Mexico and Latin America </li></ul></ul><ul><ul><li>Chaired previously by Darcy Quesnel (CANARIE) and currently by Vinod Rebello (UFF) and Jim Marstellar (PSC) </li></ul></ul>
    32. 32. TAGPMA Membership <ul><li>CANARIE – Canada </li></ul><ul><li>DOEGrids (ESNet) – USA </li></ul><ul><li>EELA – International </li></ul><ul><li>Fermi National Accelerator Laboratory - USA </li></ul><ul><li>HEBCA/USHER/Dartmouth College – USA </li></ul><ul><li>IBDS (ANSP) - Brazil </li></ul><ul><li>LCG – International </li></ul><ul><li>NCSA – USA </li></ul><ul><li>NERSC – USA </li></ul><ul><li>Open Science Grid – International </li></ul><ul><li>Purdue University – USA </li></ul><ul><li>REUNA – Chile </li></ul><ul><li>San Diego Supercomputer Center – USA </li></ul><ul><li>TACC – USA </li></ul><ul><li>TeraGrid – USA </li></ul><ul><li>Texas High Energy Grid – USA </li></ul><ul><li>University of Virginia – USA </li></ul><ul><li>UFF – Brazil </li></ul><ul><li>ULA – Venezuela </li></ul><ul><li>UNAM – Mexico </li></ul><ul><li>UNLP – Argentina </li></ul>IGTF Accredited CA Operators CA Accreditation in progress Interested in accreditation Relying Party
    33. 33. IGTF Common Policy IGTF Federation Document Common Authentication Profiles Classic (EUGridPMA) SLCS (TAGPMA) trust relations Subject Namespace Assignment Distribution Naming Conventions worldwide relying parties see a uniform IGTF “mesh” <ul><li>EUGridPMA </li></ul><ul><li>CA E1 </li></ul><ul><li>CA E2 </li></ul><ul><li>… </li></ul><ul><li>APGridPMA </li></ul><ul><li>CA A1 </li></ul><ul><li>… </li></ul><ul><li>TAGPMA </li></ul><ul><li>CA T1 </li></ul><ul><li>… </li></ul>
    34. 34. Policies and Practices <ul><li>Certificate Policy and Certification Practice Statement (CP/CPS) </li></ul><ul><li>RFC 3647 formatted document that describes policies and procedures followed by the PKI and responsibilities of the parties involved </li></ul><ul><li>Rules for how a CA operates and how users are vetted when registering for certificates </li></ul><ul><ul><li>Certificate Policy (CP): requirements for granting and managing PKI credentials </li></ul></ul><ul><ul><li>Certification Practices Statement (CPS): actual steps an institution takes to implement CP </li></ul></ul><ul><li>Information not only for Relying Parties but also users! </li></ul>
    35. 35. TAGPMA CA Accreditation <ul><li>Initial Consultation & Review with Mentor </li></ul><ul><li>Submit CP/CPS for review </li></ul><ul><li>Present proposal at Face-to-Face meeting </li></ul><ul><li>Once CP/CPS approved then subject to an Operational Review/Audit </li></ul><ul><li>Include CA root certificate in the IGTF distribution and repository </li></ul>
    36. 36. What Are Grid PKIs For? <ul><li>Exist to serve the grid community in terms of authentication </li></ul><ul><ul><li>X.509 certificates are an essential component of Grid security mechanisms </li></ul></ul><ul><ul><li>Authentication supports diverse authorization methods (including ongoing research) </li></ul></ul><ul><ul><li>X.509 Certification Authorities provide a focal point for policy and key lifecycle management </li></ul></ul><ul><ul><li>IGTF and regional PMAs provide coordination and interoperability standards for Grid PKIs </li></ul></ul>
    37. 37. Fostering NGIs in LA? <ul><li>Fostering National Grid Initiatives to meet the demands of Latin America </li></ul><ul><ul><li>Not just computer science, nor is it just e-science, its e-verything! </li></ul></ul><ul><ul><li>Learn from but not necessarily copy other NGIs </li></ul></ul><ul><li>Sustainability </li></ul><ul><ul><li>Maintenance support for large scale, production class infrastructures </li></ul></ul><ul><ul><li>Tools to improve accessibility </li></ul></ul><ul><ul><li>More users </li></ul></ul><ul><ul><li>Integrate Grid PKI with other broader scoped PKIs </li></ul></ul><ul><ul><ul><li>UFF BrGrid CA will be an integral part of the Brazilian Educational and Research PKI (ICPEDU). </li></ul></ul></ul>
    38. 38. Acknowledgements <ul><li>Various slides from </li></ul><ul><li>Michael Helm, ESnet/LBL </li></ul><ul><li>David Groep, NIKHEF </li></ul><ul><li>Darcy Quesnel, CANARIE </li></ul><ul><li>Mehran Ahsant, KTH </li></ul><ul><li>Argentinean National Grid CA – UNLP Grid CA http://www.pkigrid.unlp.edu.ar </li></ul><ul><li>Questions? </li></ul><ul><li>Contact information – [email_address] </li></ul>

    ×