![[Go to /]](/ic-100x43.png){kind=small}
Structures
Membership
IGTFAPGridPMA
TAGPMA
TERENA TACAR
Documents
Charter
Guidelines
One Statement Policies
CAOPS-WG
Wiki (closed)
Technical Info
CA Distribution download
Subject Locator
Find your local CA
Newsletter issues
Subscribe
Service notices
Nagios monitoring
Tools download and fetch-crl
Technical documentation
IGTF OID Registry
Meetings
Copenhagen, May 26-28, 2008
Overview
Agendas
Intranet and Reviews
Joining?
Authorisation Operations WG
switch to print layout
EUGridPMA Guidelines and Authentication Profiles
- Classic X.509 CAs with secured infrastructure
Formats available: Adobe PDF; Microsoft Word; HTML.This is an Authentication Profile of the International Grid Trust Federation describing the minimum requirements on traditional X.509 PKI CAs. Traditional X.509 Public Key Certification Authorities (traditional PKI CAs) issue long-term credentials to end-entities, who will themselves posses and control their key pair and their activation data. These CAs act as an independent trusted third party for both subscribers and relying parties within the infrastructure. These authorities will use a long-term signing key, which is stored in a secure manner as defined in the Profile.
- Accreditation Guidelines
Formats available: Adobe PDF; Microsoft Word.The PMA will accredit Authorities based on the positive outcome of an initial review respect to all relevant guideline documents, and a successful registration process.
- High Level CA Profile (draft)
Formats available: Adobe PDF.This is an Authentication Profile of the International Grid Trust Federation describing the minimum requirements on higher-level CA certificates that are exclusively used to sign subordinate (end-entity issuing) CAs.
- One Statement Certificate Policies
The one statement certificate policies define specific policies that are references in issued end-entity certificates.
Profiles from the other PMAs
- Short-lived Certificate Services Profile
Formats available: MS Word
Managed by: TAGPMA
Original source: all versions.
Status: approved by all PMAsThis is an Authentication Profile of the International Grid Trust Federation describing the minimum requirements on a Short Lived Credential Service (SLCS) X.509 PKI CAs. SLCS X.509 Public Key Certification Authorities (SLCS PKI CAs) issue short-term credentials to end-entities, who will themselves posses and control their key pair and their activation data. These CAs act as an independent trusted third party for both subscribers and relying parties within the infrastructure. These authorities will use a long-term signing key, which is stored in a secure manner as defined in the Profile.
- Member Integrated Credential Services
Formats available: PDF
Managed by: TAGPMA
Source: all versions
Status: approved by IGTF (all PMAs)This is an Authentication Profile of the International Grid Trust Federation describing the minimum requirements for a Member Integrated X.509 PKI CAs. MICS X.509 Public Key Certification Authorities (MICS PKI CAs) issue credentials to end-entities, who will themselves posses and control their key pair and their activation data. These CAs act as an independent trusted third party for both subscribers and relying parties within the infrastructure. These issuing authorities will use a long-term signing key, which is stored in a secure manner as defined in the Profile.
- Experimental CA
Formats available: MS Word (note: embedded text in larger document).
Managed by: APGridPMA
Status: approved by all PMAsProfile for experimental CAs. No aggregate distribution for these CAs is provided.