Date: Fri, 11 Mar 2005 08:33:19 -0800 From: fkw Subject: proposal for CA vetting from Open Science Grid To: info@eugridpma.org, yoshio.tanaka@aist.go.jp, tagpma-general@tagpma.org Greetings on behalf of the Open Science Grid, (www.opensciencegrid.org) The Open Science Grid is a national collaborative science grid operating in the United States and collaborating with organizations across the globe. There are a growing number of authorities issuing credentials to identify individuals within those organizations. As a major relying party, we wish to ask you to serve as accreditation bodies for CAs in your regional areas. In order for such an effort to be successful at a global scale, a number of principles are important. We propose: 1) ... that you utilize or develop accepted standard accreditation profiles sufficient to assure approximate parity in CAs operating to that profile. We ask that each of you perform peer reviews on CAs within your region to categorize CAs by profile. 2) ... you monitor your member CA signing namespaces for name overlaps, and arbitrate any overlaps. We request you distribute only non-overlapping CA signing_policy files from your member CAs. Secure Grid authentication depends on each CA issuing certificates with globally unique subject distinguished names. 3) ... that you operate a forum where we can participate as a relying party. We wish to make our needs known and the opportunity to raise issues to you and your members. 4) ... that you operate a secure collection point for information about CAs which you accredit. We wish to automatically, and reliably, update lists of members, CA certificates, links to policy and contact references by a (common) method you specify. 5) ... that you continue to coordinate your regional activities, work with the appropriate standards organizations, and encourage common practices where possible. While the choice of which authentication systems to trust remains ultimately the decision of individual resource providers, we intend to encourage our membership to rely on your accreditation. We see significant value in your role as a community of common service providers and encourage you to accept this requested role as an accreditation body. Sincerely yours, Frank Wuerthwein (UCSD) Chair of the OSG Interim Executive Board Members of the OSG Interim Executive Board and their affiliations: Lothar Bauerdick (FNAL/CMS) Ian Foster (ANL/UChicago/Globus) Rob Gardner (UChicago/ATLAS) Howard Gordon (BNL/ATLAS) Mark Green (SUNY Buffalo) Albert Lazzarini (Caltech/LIGO) Miron Livny (U.Wisconsin/Condor) Richard Mount (SLAC) Harvey Newman (Caltech/CMS) Doug Olson (LBNL/STAR) Ruth Pordes (FNAL/CMS) Jim Shank (Boston University/ATLAS) Frank Wuerthwein (UCSD/CMS) For a complete list of organizations represented on the OSG council please refer to Appendix 1 of the OSG by-laws as linked in at http://www.opensciencegrid.org/