Hi Maarten,
Maarten Litmaath wrote:
> David Groep wrote:
>> I see that unfortunately the FNAL KCA dropped out of the new
>> CA list. Although the KCA is not an accredited EUGridPMA RPM, it
>
> Can't it be made into an accredited rpm?
The FNAL KCA is fundamentally different from the "classic" CAs:
it is a "site-integrated proxy server" (SIPS), and although is
is a well managed service with defined procedures and guidelines,
is does not follow the minimum requirements as defined by the
EUGridPMA. For that reason is cannot be accredited today.
The EUGridPMA is currenty discussing alternate guidelines
documents that will deal with SIPS-type CAs, credential-issuing
CAs, and active certificate stores (essentially MyProxy servers with
an integrated CA at the back).
A timeline for these new guideline documents has not been fixed yet.
If and when such guidelines are defined and approved, alternative CAs
can also be accredited -- albeight under this different set of
guidelines. It is then up to the relying parties (like LCG) to
pick one or more bundles of accredited CAs and incorporate them
in the infrastructure.
Cheers,
DavidG.
PS:
For the time being, the KCA is provided as an "other" CA also
via the EUGridPMA web site. It can be retrieved on-demand from
the distribution web site, but the "ca_policy_eugridpma" meta-RPM
does not include it.
>
>> is a very valid CA for LCG, as far as I know.
>>
>> Maarten, Ian, shouldn't this be added back to the list:
>>
>> lcg_ca_FNAL_KCA-0.1-1
>
>
> Will do that right now and let you know ASAP.
>
>> Cheers,
>> DavidG.
>>
>> Maarten Litmaath wrote:
>>
>>> Hernath Szabolcs wrote:
>>>
>>>> EUGridPMA has released an updated version of the CA rpm's (0.26-1) on
>>>> the 17th
>>>> of December
>>>>
>>>> (see http://www.eugridpma.org/distribution/0.26/accredited/RPMS).
>>>>
>>>> It also includes the new KFKI RMKI CA, extending coverage to
>>>> authentication in
>>>> Hungary. We are currently issuing our first user/host certificates
>>>> mainly for
>>>> new LCG-sites, and therefore need them to be recognized by LCG. [...]
>>>
>>>
>>>
>>>
>>> The new rpm list has been prepared. Please refer to this page:
>>>
>>> http://grid-deployment.web.cern.ch/grid-deployment/lcg2CAlist.html
>>>
>>> Admins: please update your nodes ASAP.
>>>
>>> Specific instruction for YAIM will follow later.
>>
>>
>>
>>
>> --
>> David Groep
>>
>> ** National Institute for Nuclear and High Energy Physics, PDP/Grid
>> group **
>> ** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam
>> NL **
>
>
>
--
David Groep
** National Institute for Nuclear and High Energy Physics, PDP/Grid group **
** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
|