Olle ---------- OCSP Requirements Since last time --- Missing sections added; complete reformat; corrections based on feedback Thanks for Tony going to TERENA -- Additional comments from Spain Updated architecture (see diagram) Outstanding issues Do requests need to be signed? Responses are signed, not clear why requests would be signed. Does there need to be differentiation between suspension & revocation There already is a mechanism for temporary revocation, so why is this mechanism needed? XKMS work going on in Europe and Japan. There are problems with getting OCSP extended to work in this environment. There are race conditions involved with using OCSP that sometimes limits its usability. (e. g. can't login if can't check OCSP and can't check OCSP responder because not logged in). Moving forward ..... Address Spanish contributions. Move towards last call Have document in editor pipeline before GGF14 -------------------------------------------------------------- Tony - Authentication Profiles New auth services will fragment current global trust model Need to allow for innovation Consistent model for relying parties to judge an authentication mechanism Authentication Services provide: Someone is actually behind the technology - a governance body Specify membership and operational requirements Trusted model for relying parties to find information Federation Document - 12 areas to include reflecting the normal questions relying parties want to know Discussion of what is the purpose of the federation document EUPMA and TAGPMA are going to try to implement this to see how it all sorts out Federation document contains the common elements and the authentication profile contains the technology specific items Will provide feedback in Chicago as the results of trying to use the document ---------------------------------------- Yoshio Tanaka ------------ auditing a regional PMA must audit the CAs in its region Who audits the PMAs? Example of WebTrust seal of approval - may be too much for Grid CA Going to do a 1 day audit using the proposed criteria on March 29th. Proposed criteria has been provided to CA-OPS and is on GridForge Will probably take 3 people to do the audit Will audit each CA once per year Great to have a presentation about the experiences at next GGF ----------------------------------------