Difference between revisions of "2016-bidding/Online CA"
Jump to navigation
Jump to search
Line 5: | Line 5: | ||
* '''Delegation service''': this is the service that provides the actual token translation between SAML and X.509. | * '''Delegation service''': this is the service that provides the actual token translation between SAML and X.509. | ||
** The service is an highly sensitive component that require a secure hardware setup including physical security. | ** The service is an highly sensitive component that require a secure hardware setup including physical security. | ||
** Based on the CIlogon product, and the integration work done in AARC | |||
* '''Certificates signing component''': is the certificate-generation component | |||
** Certificate creations must be protected by hardware security modules | |||
** The delegation service must have a private local network physical connection (or equivalent) with the certificates generation component | |||
Policy requirements: | |||
** The delegation service must | * The Online CA must be certified as an IOTA CA in IGTF | ||
* The delegation service must be R&S and Sirtifi compliant | |||
* The service should be registered as a Service Provider in a national federation participating to eduGAIN | |||
= Service level targets = | = Service level targets = | ||
= Effort = | = Effort = |
Revision as of 18:14, 17 October 2016
Introduction
Technical description
The components that are part of this core activity are:
- Delegation service: this is the service that provides the actual token translation between SAML and X.509.
- The service is an highly sensitive component that require a secure hardware setup including physical security.
- Based on the CIlogon product, and the integration work done in AARC
- Certificates signing component: is the certificate-generation component
- Certificate creations must be protected by hardware security modules
- The delegation service must have a private local network physical connection (or equivalent) with the certificates generation component
Policy requirements:
- The Online CA must be certified as an IOTA CA in IGTF
- The delegation service must be R&S and Sirtifi compliant
- The service should be registered as a Service Provider in a national federation participating to eduGAIN