Revision as of 18:14, 17 October 2016

Introduction

The components that are part of this core activity are:

Delegation service: this is the service that provides the actual token translation between SAML and X.509.
- The service is an highly sensitive component that require a secure hardware setup including physical security.
- Based on the CIlogon product, and the integration work done in AARC
Certificates signing component: is the certificate-generation component
- Certificate creations must be protected by hardware security modules
- The delegation service must have a private local network physical connection (or equivalent) with the certificates generation component

Policy requirements:

The Online CA must be certified as an IOTA CA in IGTF
The delegation service must be R&S and Sirtifi compliant
The service should be registered as a Service Provider in a national federation participating to eduGAIN

@@ Line 5: / Line 5: @@
 * '''Delegation service''': this is the service that provides the actual token translation between SAML and X.509.
 ** The service is an highly sensitive component that require a secure hardware setup including physical security.
+** Based on the CIlogon product, and the integration work done in AARC
+* '''Certificates signing component''': is the certificate-generation component
+** Certificate creations must be protected by hardware security modules
+** The delegation service must have a private local network physical connection (or equivalent) with the certificates generation component
-* '''Certificates signing component''': is the certificate-generation component
+Policy requirements:
-** The delegation service must have a local network physical connection (or equivalent) with the certification authority
+* The Online CA must be certified as an IOTA CA in IGTF
+* The delegation service must be R&S and Sirtifi compliant
+* The service should be registered as a Service Provider in a national federation participating to eduGAIN
 = Service level targets =
 = Effort =