KEK Grid CA Self Audit Report Overview

KEK Grid CA conducted a self-audit in late February, resulting in no issues found. The report provides insights into the classic X.509 CA approved by APGridPMA in January 2006, serving the Japanese high-energy physics and related communities. It includes statistics on active users, certificates issued, and a minor change in the CP/CPS document. The audit report showcases the commitment to maintaining a secure and reliable certification authority.

• KEK Grid CA
• Self Audit Report
• X.509 CA
• APGridPMA
• Certification Authority

townsendw Follow

Uploaded on Sep 14, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. KEK Grid CA Self Audit Report Sari Kaneko, Wataru Takase, Hiroyuki Matsunaga Computing Research Center, KEK, Japan APGridPMA Meeting, March 2021 1

2. Staff CA User administrator: Sari Kaneko, Wataru Takase, Hiroyuki Matsunaga, Takashi Sasaki Two Grid experts (KEK staff) in Belle II group (since 2018) Interview Belle II collaborators (mostly in Japan and in US) Because of the service termination of the OSG CA, KEK GRID CA will issue a user certificate to US collaborators in Belle II Security officer: Shunsuke Takahashi, Go Iwai 2 CA operators RA 2 operators Help Desk 2

3. Overview Classic X.509 CA. Approved by APGridPMA in January 2006. Serves Japanese high-energy physics and related communities. Major players: Belle II, ATLAS, ALICE, ILC Belle II has started Physics run since March 2019. In June 2020, SuperKEKB collider for Belle II experiment, achieved the world's highest luminosity. System is built with naregi-ca software. OCSP responder: Open CA CP/CPS Current version: 2.3.2 (February 2021) The CA system was renewed.

4. Statistics (as of March 1st) CA users Active users: 161 User certificates Total: 3116 Valid: 147 Host certificates Total: 3712 Valid: 189 Robot certificates Total: 99 Valid: 28

5. Self Audit Conducted in late February We conducted an internal audit for FY2020 based on AssuranceAssessment-v04-20190124.xlsx IGTF-CAs-Auditing_v1.xlsx 5

6. Result of Self Audit AssuranceAssessment v04 1B 1C IGTF CAs Auditing v1 No issues

7. Rated B : Minor change in the CP/CPS Whenever there is a material change in the CP/CPS the OID of the document must change and the major changes must be announced to the accrediting PMA and approved before signing any certificates under the new CP/CPS. Our CP/CPS said that it is not necessary to update the OID when making minor changes. In order to improve the CP/CPS, the following sentence has been deleted in February. 'New OID will not be assigned to the revised document when such minor changes would be made. '

8. Rated C CP/CPS documents should be structured as defined in RFC 3647. Structured as defined in RFC 2527. Long-standing issue, but not yet done. Will revise the documents if we have time.