CAOPS Authentication Profiles

1
CA-OPSAuthentication Profiles

• Tony Genovese
• ATF team ESnet
• Lawrence Berkeley National Laboratory

2
Outline

• Authentication Profiles
• Why authentication profiles?
• What is in it?
• General Federation document

3
Why Authentication Profiles?

• New Authentication services will fragment the
  current global trust model.
• Yet, we must allow for innovations in
  Authentication services.
• Classic PKI procrustean bed no longer works.
• Currently a draft GGF informational doc.

4
Authentication Profile what is in it?

• Authentication Services must provide basic
  information on
• The governance of authentication service.
• A set of membership and operational requirements.
• Publishing model that Relying parties can trust.

5
General Federation Document

• Federation definition - description
• General architecture
• Identity management
• Operational requirements
• Site security.
• Publication and repository responsibilities
• Liability
• Financial responsibilities
• Audits and compliance
• Privacy and confidentiality
• Compromise and disaster recovery
• Federation administration

6
New Federations that can be profiled

• Any Federation with common AuthN services.
• SIPS - Site Integrated Proxy services
• KCA example
• Site SSL support - Host certificate service
• RAF - RADIUS Authentication Fabric
• Active Credential Stores

7
Status of document

• Mostly guidance material being added
• Change name to reflect focus
• Authentication Federations for Grids
• Grid Federation template
• Trust Federation setup
• Being used by the Americas Grid PMA for
  chartering.