EU Policy Management Authority for Grid Authentication in e-science Charter Version 1.1. EU Grid PMA Charter

Similar documents
SSL Certificates Certificate Policy (CP)

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

DECISION OF THE EUROPEAN CENTRAL BANK

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

WP doc5 - Test Programme

ISO/IEC INTERNATIONAL STANDARD

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

ISO/IEC INTERNATIONAL STANDARD

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

International Grid Trust Federation

Apple Inc. Certification Authority Certification Practice Statement

ISO/IEC INTERNATIONAL STANDARD

This document is a preview generated by EVS

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Draft Applicant Guidebook, v3

Certificate Policy for Deployment and Operation of European Cooperative Intelligent Transport Systems (C-ITS)

Apple Inc. Certification Authority Certification Practice Statement

Certification Standing Committee (CSC) Charter. Appendix A Certification Standing Committee (CSC) Charter

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

The General Assembly (GA) was established as part of the DNSO. The original guiding rules for establishment and participation can be found here.

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Entity authentication assurance framework

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

MODEL CERTIFICATE FOR FISH AND FISHERY PRODUCTS CAC/GL

ARTICLE 29 DATA PROTECTION WORKING PARTY

ISO/IEC INTERNATIONAL STANDARD

IEEE Electronic Mail Policy

ECLIPSE FOUNDATION, INC. INDIVIDUAL COMMITTER AGREEMENT

CERTIFICATE POLICY CIGNA PKI Certificates

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

ING Public Key Infrastructure Technical Certificate Policy

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

The Global Research Council

PEFC Norway Standard Document PEFC Norway ST 2002:2009 Issue

Revised November EFESC Handbook

SDLC INTELLECTUAL PROPERTY POLICY

International Accreditation Forum, Inc. APPLICATION FOR MEMBERSHIP IN IAF

EU Code of Conduct on Data Centre Energy Efficiency

Grid Security Policy

SC27 WG4 Mission. Security controls and services

ISO INTERNATIONAL STANDARD. Information and documentation Records management Part 1: General

Does Research ICT KALRO? Transforming education using ICT

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

PKI Disclosure Statement Digidentity Certificates

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

QUICKSIGN Registration Policy

Constitution Towson University Sport Clubs Organization Campus Recreation Services. Article I Name. Article II Membership

SAFE-BioPharma RAS Privacy Policy

Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

IPv4 depletion & IPv6 deployment in the RIPE NCC service region. Kjell Leknes - June 2010

CEN & ETSI standards & eidas Compliance

Way to new challenges

The International Laboratory Accreditation Cooperation (ILAC) & The International Accreditation Forum (IAF)

TCG. TCG Certification Program. TNC Certification Program Suite. Document Version 1.1 Revision 1 26 September 2011

SLAS Special Interest Group Charter Application

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Pronouncement 7 CPD v3.0

An Overview of ISO/IEC family of Information Security Management System Standards

Outline. Infrastructure and operations architecture. Operations. Services Monitoring and management tools

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

Development Authority of the North Country Governance Policies

Enterprise Certificate Console. Simplified Control for Digital Certificates from the Cloud

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

ISO INTERNATIONAL STANDARD. Health informatics Service architecture Part 3: Computational viewpoint

SECTION III: SEED AND REFERENCE DATA

This is a preview - click here to buy the full publication TECHNICAL REPORT. Programmable controllers

South African Forestry Assurance Scheme SAFAS 6:2018. Certification and Accreditation Procedures. Issue SAFAS Council SAFAS

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Management Assertion Logius 2013

SWITCHaai Service Description

Certification Practice Statement

INSPIRE status report

ICANN Policy Update & KSK Rollover

UNCONTROLLED IF PRINTED

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Digi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Signe Certification Authority. Certification Policy Degree Certificates

Emsi Privacy Shield Policy

ILNAS/PSCQ/Pr004 Qualification of technical assessors

GDPR: A QUICK OVERVIEW

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Certification Authority

Report on the Election Markup Language (EML) Interoperability Demonstration held 29/30 October 2007 in Ditton Manor UK

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

Afilias DNSSEC Practice Statement (DPS) Version

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

This is a preview - click here to buy the full publication TECHNICAL REPORT. Part 101: General guidelines

P1547.X Standard Title, Scope and Purpose

Taiwan-CA Inc Global Certification Authority Certification Practices Statement (CPS) (Version1.3) Effective Date:2017/09/26

ISO/TR TECHNICAL REPORT. Financial services Information security guidelines

OISTE-WISeKey Global Trust Model

European Code of Conduct on Data Centre Energy Efficiency

By-laws of the Board of AusIMM Chartered Professionals

ehealth Network ehealth Network Governance model for the ehealth Digital Service Infrastructure during the CEF funding

standards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

OpenADR Alliance Certificate Policy. OpenADR-CP-I

Transcription:

EU Grid PMA Charter This charter defines the policies, practices, and bylaws of the European Policy Management Authority for Grid Authentication in e-science. 1 Introduction The European Policy Management Authority for Grid Authentication in e-science (hereafter called EUGridPMA) is a body to establish requirements and best practices for grid identity providers to enable a common trust domain applicable to authentication of end-entities in inter-organisational access to distributed resources. As its main activity the EUGridPMA coordinates a Public Key Infrastructure (PKI) for use with Grid authentication middleware. The EUGridPMA itself does not provide identity assertions, but instead asserts that within the scope of this charter the certificates issued by the Accredited Authorities meet or exceed the relevant guidelines. 1.1 Background This body is an evolution of the Certification Authorities Coordination Group (CACG) that was established by the EU 5 th Framework Programme projects DataGrid and CrossGrid and included other projects worldwide. The CACG was established to facilitate the deployment of international test beds for Grid computing by having a commonly recognised way to assert identities. The group was composed of the Certification Authority managers (typically one per country) that were usually not funded by the project, and chaired by a delegate from the test bed work package from the DataGrid project. The group was chartered to coordinate the CA infrastructure for the DataGrid (and later also CrossGrid) partners, and to make recommendations to relying parties inside the project regarding the acceptance of the certificates issued by the participating CAs. 2 Objectives and Scope of the PMA The PMA is responsible for accreditation of authorities issuing identity assertions for Grid Authentication. The PMA will - define and issue minimum requirements and best practice documents; these minimum requirements may govern any aspect of certificate issuance and reliance. - maintain and revise these documents according to current developments; - accredit Authorities with respect to the minimum requirements; - accredit Authorities only for those applications that relate to inter-organisational distributed resource sharing in a scientific context, i.e., Grids for e-science; - be primarily concerned with Grid communities in Europe, and their external partners; 1 of 6

- foster trust relations within the context of inter-organisational resource sharing. 2.1 Excluded activities The PMA will not: - issue identity assertions for the end-entities; - define policies and practices for long-term data encryption; - define policies and practices for the use of identity assertions for purposes of non-repudiation; - define policies and practices for the use of identity assertions in any financial transaction or transaction having an explicit monetary value. 3 Membership The PMA membership will consist of representatives of each accredited Authority, and representatives of major relying parties of the accredited Authorities. 3.1 Accredited Authority members Member Authorities that constitute the PMA serve specific, identifiable communities. Wherever possible there shall be at most one Authority per country, or per international treaty organisation, unless the size of the country or community would prevent adequate authentication of subjects. All Accredited Authorities are members of the PMA. The representative of the Authorities are understood to also represent the best interest of their national or local communities. 3.2 Community and relying party members Major relying parties and communities that span the domain of several authorities may request direct representation in the PMA. All such requests are to be approved by the PMA. 3.3 Chair The PMA will elect a chair to manage the PMA. This position is to be filled from the accredited Authority membership of the PMA. The term as chair is to be one year and is renewable. The chair may resign by written notification to the PMA members. The PMA, by vote can remove the Chair. The chair is responsible for: 1. the Point of Contact for the PMA 2. running the PMA meetings 3. ensuring minutes are taken and published. 4. ensuring that all voting is recorded and published 4 Responsibilities and Activities 4.1 PMA Documents The PMA owns and maintain at least the following documents: 2 of 6

- this charter document; - a document describing the minimum requirements on certificate authorities that issue identity assertions to end-entities; - a document describing the accreditation process. Revisions will be required to keep pace with the development of Grid technologies. 4.2 Accreditation functions The PMA will accredit Authorities according to the procedures and requirements defined in the relevant PMA documents mentioned above. 4.3 Publication and Repository The PMA will maintain a public on-line repository that contains: - The PMA charter and all versions thereof; - The PMA membership; - All released PMA documents and all versions thereof; - All meeting announcements and minutes; - Names, key fingerprints, naming constraints and all other data of the accredited Authorities relevant to the operation of the common trust domain; - A link to third-party sources for obtaining certificates. Root certificate validation The PMA must make known widely such information as is necessary to validate the roots of trust of its accredited CAs, and allow independent validation of these roots of trust. It will publish widely the validation information, such as fingerprints and the actual root certificates, and promote the distribution of those data to enable relying parties to do such validation in an easy and reliable way. In particular, it is recognised that a authoritative source for verifying such roots of trust not only for grid authentication for e-science, but also for other applications that rely on trusted third parties in the academic community is needed. 4.4 Audit The PMA aims to assure that the Authorities operate in accordance with the minimum requirements and other approved documents and to that end the accredited Authorities must be auditable. The auditing requirements on accredited Authorities must be described in the documents. The PMA may decide that the public availability of the results of the audit is to be limited. 4.5 Liability The PMA is not liable for any damages, including but not limited to lost profit, lost savings and incidental or consequential damages resulting from its activities. The PMA is not responsible for the actions or defaults of any of its members. Accreditation of an Authority does not imply any assumption of liability by the PMA. 3 of 6

5 Bylaws This section describes the rules for specific requirements the PMA must carry out as part of its operations. It lists a number of areas of responsibilities and the procedures for carrying out those duties. 5.1 Meetings The PMA meets as required, to conduct routine business at a time and place announced by the Chair. An agenda is prepared in advance and distributed by the chair on the PMA mailing list. The meeting can be at a physical site or conducted with Audio or Video conferencing. The Chair can invite individuals to the meetings. Typically the agenda will include the following items: Accept the minutes of the previous meeting and formal acceptance of decisions Applications for membership to PMA Pending changes to policies or other management directives Review matters of consideration presented by members Review of the minimum requirements and best practices Incidents and non-routine events Interfaces with other organizations Changes in standards or technology There shall be a regular PMA meeting but at least twice a year. Any member of the PMA can request a meeting of the PMA by sending this request to both the Chair and to the PMA mailing list. The Chair is required to call a meeting if at least 25% of the members of the current PMA membership express their support for such a meeting on the mailing list. The PMA must provide the ability for members to conference remotely, such as by telephone conference, H.323, or VRVS. Minutes of each meeting that include the list of attendees must be taken and archived. The minutes must be approved by the PMA. 5.2 Voting rules PMA approval is arrived at by either clear consensus as determined by the chair or by a vote. A voting process should only be started if it has proven impossible to reach consensus within a reasonable period of time. Then, during a face-to-face meeting of the PMA, the Chair or any two members of the PMA can call for a vote. Each member organisation will have one vote. Only items on the agenda can be voted on. When the PMA must vote, that vote will be valid only if more than 50% of the Accredited Authority membership is present. A positive vote will be recorded if more than 50% of the votes are cast in favour of the proposal. The vote must be carried out at an official meeting of the PMA. The proposal and its associated vote will be recorded in the minutes of the meeting. These minutes will be the official record of the voting process. The vote can also occur over email, with the mail archive acting as the official record. If the vote is to be over email the voting period will be a minimum of 10 working days 1, unless stated otherwise in this Charter or in the guidelines documents. 1 Working days are considered as such when they apply in at least half of the EU member states 4 of 6

The minutes and decisions are to be considered as approved unless contested on the mailing list within one month of publication of the minutes. 6 Transition process and initial documents - Until the PMA has decided upon a guidelines document, the minimum requirements document version 2 of the EU DataGrid CA Coordination Group (CACG), as amended during the meetings of the CACG, shall be the authoritative guideline document. - Initial PMA membership will consist of the CACG members. 5 of 6

Annex A: Contact Information The on-line repository for the EUGridPMA is available at http://www.eugridpma.org/ The following electronic mail addresses in the eugridpma.org domain are provided to contact the PMA, the PMA Chair, and the PMA discussion forum: info chair discuss generic information regarding the EU Grid PMA the acting chair of the EU Grid PMA the public mailing list for the EU Grid PMA (this address refers to the dg-eur-ca mailing list, use discuss-request for administrative questions) Messages to be sent to the PMA as a body should be addressed to the Chair for forwarding. A paper document containing all of the fingerprints of all root certificates is available on request from the Chair: EUGridPMA, c/o address to be formally decided in the meeting. This document will also be made available widely at major European Grid events. The EUGridPMA Chair will foster the registration of the gridpma.eu domain when registration for the.eu TLD becomes available. 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback