Minutes for the 12th EUGridPMA meeting, January 14-16 2008 by Dusan Radovanovic ------------------------------------------------------------------------------ TAGPma update - Vinod Rebello They have contacted the developers of OpenCA, and they would like to hear what we want to see in the next release. - Policy update: Recent security incidents pose the question if the CRL's SHOULD be a requirement? David should be able to offer summary on Express Authentication Profile document. Vinod needs some more feedback on robot certificates. ----- Ukraine Grid CA presentation. No comments, accepted. ----- Macedonian Grid CA presentation. They need to change Macedonia to FYROM in their CP/CPS. CP/CPS does not clearly state what CA and RA do. CP/CPS is missing the staff list in section 9.6 It is agrees that these probles be sorted out via e-mail, and the acceptance will be done via e-mail. ----- Iran-grid presentation They will proceed into the accreditation process. ----- Christian presentation be-grid They are looking for a new software solution for their CA, and are open to ideas and suggestions. ----- Effect of the Grid Cert Profile on the Classic AP - discussion Question: Can we reference to this document? We should reference it as to uors (IGTF will publish, but we want to reference it to ours). Who does the relaying party contact if he has a question about the document, IGTF or us? Currently AP has random set of guidances of what a new CA should do? conclusion: "... all cetificates... SHOULD comply with the contents of GFD-C.XX as published by the open grid forum and base on the IGTF operastional experience." ---- Mike Helm SLCS profile updates When TAGPMa approves it, we're happy with it. Accepted. ----- Arsen presentation Comment: OpenCA is too complex. ----- Jacek Gajewski presentation Deadline is April 1st to apply for a workshop to be held in september or october. We should choose one person who will make a list of speakers. Make a special interest group who will focus on this. ----- Yoshio presentation no comments ----- Christos self-audit presentation no comments ----- Andreas (Cyprus) self-audit presentation Reviewers (they should help him with solving problems and answering questions): mike helm, christos t, jens ----- Audit process discussion more frequent operational audits... remotely, 2 external reviewers... they will look at issued certificates and website Emir and David O'Callaghan will do one each ----- Alisia - Tacar issues She would like (when a new CA registers) to know under what policy CA was registered (PMA Classic AP, SLCS, MICS...). ----- Dave Kelsey Policy management for grid authorization presentation Yoshio and someone else from APGridPMA will join, as well as Emir. ----- Latvia new CA presentation Agreed that they will go to the accreditation stage Reviewers: Jens and Hardy. ----- Christos - CA ops working group Make an agenda in the next fortnight for the OFG22 in Boston ----- Jens prezentation How to collaboratively write a CP/CPS? Jens presented a simple template for constructing CP/CPS. Setup a mailing list for this. ----- Effect of the Grid Cert Profile on the Classic AP - discussion Question: Can we reference to this document? We should reference it as to uors (IGTF will publish, but we want to reference it to ours). Who does the relaying party contact if he has a question about the document, IGTF or us? Currently AP has random set of guidances of what a new CA should do? conclusion: "... all cetificates... SHOULD comply with the contents of GFD-C.XX as published by the open grid forum and base on the IGTF operastional experience." -- Mike Helm SLCS profile updates When TAGPMa approves it, we're happy with it. Accepted. ----- Arsen presentation Comment: OpenCA is too complex. ----- Jacek Gajewski presentation Deadline is April 1st to apply for a workshop to be held in september or october. We should choose one person who will make a list of speakers. Make a special interest group who will focus on this. ----- Yoshio presentation no comments ----- Christos self-audit presentation no comments ----- Andreas (Cyprus) self-audit presentation Reviewers (they should help him with solving problems and answering questions): mike helm, christos t, jens ----- Audit process discussion more frequent operational audits... remotely, 2 external reviewers... they will look at issued certificates and website Emir and David O'Callaghan will do one each ----- Alisia - Tacar issues She would like (when a new CA registers) to know under what policy CA was registered (PMA Classic AP, SLCS, MICS...). ----- Dave Kelsey Policy management for grid authorization presentation Yoshio and someone else from APGridPMA will join, as well as Emir. ----- Latvia new CA presentation Agreed that they will go to the accreditation stage Reviewers: Jens and Hardy. ----- Christos - CA ops working group Make an agenda in the next fortnight for the OFG22 in Boston ----- Jens prezentation How to collaboratively write a CP/CPS? Jens presented a simple template for constructing CP/CPS. Setup a mailing list for this. ----- Effect of the Grid Cert Profile on the Classic AP - discussion Question: Can we reference to this document? We should reference it as to uors (IGTF will publish, but we want to reference it to ours). Who does the relaying party contact if he has a question about the document, IGTF or us? Currently AP has random set of guidances of what a new CA should do? conclusion: "... all cetificates... SHOULD comply with the contents of GFD-C.XX as published by the open grid forum and base on the IGTF operastional experience." -- Mike Helm SLCS profile updates When TAGPMa approves it, we're happy with it. Accepted. ----- Arsen presentation Comment: OpenCA is too complex. ----- Jacek Gajewski presentation Deadline is April 1st to apply for a workshop to be held in september or october. We should choose one person who will make a list of speakers. Make a special interest group who will focus on this. ----- Yoshio presentation no comments ----- Christos self-audit presentation no comments ----- Andreas (Cyprus) self-audit presentation Reviewers (they should help him with solving problems and answering questions): mike helm, christos t, jens ----- Audit process discussion more frequent operational audits... remotely, 2 external reviewers... they will look at issued certificates and website Emir and David O'Callaghan will do one each ----- Alisia - Tacar issues She would like (when a new CA registers) to know under what policy CA was registered (PMA Classic AP, SLCS, MICS...). ----- Dave Kelsey Policy management for grid authorization presentation Yoshio and someone else from APGridPMA will join, as well as Emir. ----- Latvia new CA presentation Agreed that they will go to the accreditation stage Reviewers: Jens and Hardy. ----- Christos - CA ops working group Make an agenda in the next fortnight for the OFG22 in Boston ----- Jens prezentation How to collaboratively write a CP/CPS? Jens presented a simple template for constructing CP/CPS. Setup a mailing list for this. ----- Effect of the Grid Cert Profile on the Classic AP - discussion Question: Can we reference to this document? We should reference it as to uors (IGTF will publish, but we want to reference it to ours). Who does the relaying party contact if he has a question about the document, IGTF or us? Currently AP has random set of guidances of what a new CA should do? conclusion: "... all cetificates... SHOULD comply with the contents of GFD-C.XX as published by the open grid forum and base on the IGTF operastional experience." -- Mike Helm SLCS profile updates When TAGPMa approves it, we're happy with it. Accepted. ----- Arsen presentation Comment: OpenCA is too complex. ----- Jacek Gajewski presentation Deadline is April 1st to apply for a workshop to be held in september or october. We should choose one person who will make a list of speakers. Make a special interest group who will focus on this. ----- Yoshio presentation no comments ----- Christos self-audit presentation no comments ----- Andreas (Cyprus) self-audit presentation Reviewers (they should help him with solving problems and answering questions): mike helm, christos t, jens ----- Audit process discussion more frequent operational audits... remotely, 2 external reviewers... they will look at issued certificates and website Emir and David O'Callaghan will do one each ----- Alisia - Tacar issues She would like (when a new CA registers) to know under what policy CA was registered (PMA Classic AP, SLCS, MICS...). ----- Dave Kelsey Policy management for grid authorization presentation Yoshio and someone else from APGridPMA will join, as well as Emir. ----- Latvia new CA presentation Agreed that they will go to the accreditation stage Reviewers: Jens and Hardy. ----- Christos - CA ops working group Make an agenda in the next fortnight for the OFG22 in Boston ----- Jens prezentation How to collaboratively write a CP/CPS? Jens presented a simple template for constructing CP/CPS. Setup a mailing list for this. ----- ----- Majid Teheran presentation Repository needs a little work Extrensions in EE certificates need to be checked (dO they match the current profile?) OGF Grid certificate profile Reviewers: Asli, David & Arsen If IANA doesn't deliver OID, a number freom IGTF branch will be given. A physical presentation is not needed for the accreditation, it will be done via e-mail. ----- Miroslav Dobrocki presentation Operational changes Self-audit Reviewer: Emir - operational reviewer ----- Yan, Tel Aviv Self-audit Some issues: He should present the results in the Copenhagen meeting. ----- Asli self-audit presentation no comments ----- Arsen Armenian CA updates and self-audit Reviewer: David O'Callaghan ----- Ursla presentation OpenSSL config file allowing this package to be used in grids should be included in the distribution. ----- Self-audits for the next meting: GyGRID KFKI NIIF PLGRID GRID-Ireland -----