2016-bidding/Online CA
Introduction
Technical description
The components that are part of this core activity are:
- Delegation service: this is the service that provides the actual token translation between SAML and X.509.
- The service is an highly sensitive component that require a secure hardware setup including physical security.
- Based on the CIlogon product, and the integration work done in AARC
- Certificates signing component: is the certificate-generation component
- Certificate creations must be protected by hardware security modules
- The delegation service must have a private local network physical connection (or equivalent) with the certificates generation component
Policy requirements:
- The Online CA must be certified as an IOTA CA in IGTF
- The delegation service must be R&S and Sirtifi compliant
- The service should be registered as a Service Provider in a national federation participating to eduGAIN