Skip to topic | Skip to bottom
Main.TagPma17thr1.8 - 24 Jun 2013 - 14:51 - AlejandraStolktopic end

Start of topic | Skip to actions
We thank the NCAR, Mesa Laboratory of the University Corporation for Atmospheric Research, Boulder, Colorado, U.S.A for hosting our successful TAGPMA 17 meeting, May 6-7, 2013.

We had 20 attendees at TAGPMA 17, 14 on site and 6 remotely via RedCLARA? VC Espresso video teleconference.

Attending TAGPMA 17 in person were:

  • Derek Simmel
  • Scott Sakai
  • Jim Basney
  • Keith Chadwick
  • Adam Slagell
  • Steve Beaty
  • Scott Rea
  • Jim Marsteller
  • Dhiva Murugananthan
  • Dave Kelsey
  • Andres Holguin
  • David Groep
  • Shreyas Cholia
  • Alan Sill

Attendees via VCespresso Internet video teleconference included:

  • Eric Yen
  • John Wynkoop
  • Nicolas Macia
  • Ale Stolk
  • Sergio Lietti
  • Manuel Quintero

TAGPMA 17th Minute

Presentation slides are available on the TAGPMA 17 timetable at: Indico,

Monday 06 May 2013

Welcome and brief history of UCAR by Steve Beaty

Welcome session and TAGPMA update

Officer elections planned for Fall. Fall Meeting first week of November in La Plata @ UNLP

Updates from APgridPMA?

2 F2F meetings a year - Spring/Fall Require members to have annual audit. SHA-2 capability after March 2013, some are running behind, expect after June 2013 SHA-1 EE certs to cease in September 2013 Next F2F meeting hosted by CNIC in October 2013

Update from EUgripPMA? and IGTF

  • Membership update: Ireland pulled Grid funding in 2012. Ireland Grid CA decommissioned in 2012. Moved to TCS for service.

  • SHA-2 Updated Timeline: September 2014 CAs may publish SHA-256 or SHA-512 CRLs. Middleware must be aware of this date. Plan is to have pilot users with SHA-2

  • Kantara LoA2? & MICS update: Modify the MICS profile - Jim B. and David G. to send Derek proposed text, leave it open for discussion.

  • Online HSM proposal: $25 HSM + $25 Rasberry pie + locked safe = Level 3 HSM?

  • OCSP support: two documents: one guidance for CA, one for relying parties. Please review and provide comments.

  • IPv6: 22 CAs offering working v6 CRLs. 72 endpoints to go.

NCAR presentation

  • NCAR is pursuing TAGPMA accreditation, now in it's second revision and Steve is awaiting comments from reviewers.
  • A second reviewer is needed to replace Shreyas.
  • At the moment they have a need for host certs but will need user/robot certs in the future.

InCommon Presentation

InCommon offers 1) Identity Federation, 2) Certificate Service (x.509) and Multifactor AuthN? (OTP and smart cards) to members.

237 of the 500 members are subscribed to the certificate service.

Existing CA does not satisfy IGTF Namespace and Certificate lifetimes, therefore a new CA was needed.

InCommon IGTF Server CA: RAs sign agreement with InCommon to issue certs for the domains in their control. In Second review at the moment.

David G. Comment: Baseline requirement (CAB forum) for pub CA is that the O is not present, if it is present it must be validated and either state or locality. CA has to validate.

Attribute Authorities update

Not much new to report. Goal is to develop a "how to run a trustworthy attribute authority" profile for VOMs. Version 1 of the document can be found here: . Next steps are to create an assessment spreadsheet and some volunteers (FermiLab? & CERN) test for compliance. Could we have a first pass for the next IGTF All Hands Meeting in November?

Registrar Policy Statement review

SHA-2 deployment schedule

DOEGrids Transition Timeline

Tuesday 07 May 2013

Agenda review

Identity Federations and TAGPMA contribution

NERSC Presentation

Membership review

-- Main./C=VE/O=Grid/O=Universidad de Los Andes/OU=CeCalCULA/CN=Alejandra Stolk - 16 May 2013
to top

You are here: Main > TagPma17th

to top

Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback