Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "VT Federated Identity Providers Assessment Task 1:Ireland"

From EGIWiki
Jump to navigation Jump to search
(Created page with '* ''Are personal e-Science certificates available through the Terena Certificate Service in your country?'' ** ''If yes, contact the NREN/institute/company that provides TCS in y…')
 
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{EGI_Activity_groups_menubar}}
{{Menubar_VT}}
{{TOC_right}} 
[[Category:Virtual_Teams]]
* ''Are personal e-Science certificates available through the Terena Certificate Service in your country?''
* ''Are personal e-Science certificates available through the Terena Certificate Service in your country?''
** ''If yes, contact the NREN/institute/company that provides TCS in your country and check that the information about the available certificate types is up to date on the on the [http://www.terena.org/activities/tcs/participants.html Terena webpage]. If the information is in the list is incorrect, what needs to be fixed?''
** ''If yes, contact the NREN/institute/company that provides TCS in your country and check that the information about the available certificate types is up to date on the on the [http://www.terena.org/activities/tcs/participants.html Terena webpage]. If the information is in the list is incorrect, what needs to be fixed?''
** ''If no, are there any plans to introduce the service (including timelines, obstacles identified, etc.)?''
** ''If no, are there any plans to introduce the service (including timelines, obstacles identified, etc.)?''


Yes, TCS is provided via the NREN operator (CESNET)
No. Other TCS services are available
The information on the Terena webpages is up to date. The only inaccuracy is the "Czech Republic (CESNET)" link pointing to the manual for TCS server certificates, instead of a general TCS service at CESNET.
 
The Terena webpage says "Personal: No" but https://certificates.heanet.ie/ claims "limited personal certificates" are supported via TCD.
 
See comments for some information on the "obstacles".


* ''In order to obtain a personal e-Science certificate from TCS, a user has to be affiliated with an institute that is part of the national identity federation and that has established an appropriate Subscriber Agreement. Please collect information about the institutes from which your NGI expects users (e.g. universities, research institutes) and indicate whether:''
* ''In order to obtain a personal e-Science certificate from TCS, a user has to be affiliated with an institute that is part of the national identity federation and that has established an appropriate Subscriber Agreement. Please collect information about the institutes from which your NGI expects users (e.g. universities, research institutes) and indicate whether:''
** ''are those institutes members of your country's identity federation,''
** ''are those institutes members of your country's identity federation,''
Yes
** ''have those institutions signed the Subscriber Agreement with the NREN, i.e. whether they allow to issue TCS personal e-Science certificates to their members.''
** ''have those institutions signed the Subscriber Agreement with the NREN, i.e. whether they allow to issue TCS personal e-Science certificates to their members.''


The majority of Czech universities participate in the SAML nation-wide identity federation. A lot of grid users come from the Academy of Sciences of the Czech Republic, which hasn't joined the federation yet. Some piloting in this regard has been started but no particular deadlines are known at the moment.
No. I believe they *do* use other TCS certs.


The Academy of sciences has signed Subscriber Agreement.
* ''What is the process to get a personal e-Science certificate from TCS in your country?''


* ''What is the process to get a personal e-Science certificate from TCS in your country?''
Not supported in Ireland.
The process is mediated via a web portal, which is provided by CESNET and which is connected to the TCS. Users authenticate in the usual way, i.e. they select their home organization from a list of institutes that joined TCS. After authentication with their home institute, the users select the type of the certificate to request (ordinary or e-science) and they're navigated through the whole process. The key pair is generated in the browser or users can choose to generate it by other means. The portal requires users to re-authenticate before the certificate is actually issued. The resulting certificate is automatically stored in the browser and bound with the private key.


* ''What are the rules for an institution in your country to join the identity federation and TCS?''
* ''What are the rules for an institution in your country to join the identity federation and TCS?''
** ''Is there any special fee that an institution pays for joining TCS and/or the identity federation?''
** ''Is there any special fee that an institution pays for joining TCS and/or the identity federation?''


The eduid.cz federation is open to any research institution, which has access to the Czech NREN. In order to join the TCS service the organization must fill in a set of forms (essentialy the TCS Subscriber Agreement) and make sure they comply with the requirements of the CPS (esp. they cover sufficiently the user's life cycle, etc.). After the forms are processed CESNET enables the access for the institution.
Join the federation: http://www.edugate.ie/membership
 
Apply for TCS access: https://certificates.heanet.ie/node/4
There is no fee for joining eduID.cz nor for TCS.


* ''Does your NGI or NREN provide any service similar to the TCS? Please choose zero or more from the following and provide a brief description:''
* ''Does your NGI or NREN provide any service similar to the TCS? Please choose zero or more from the following and provide a brief description:''


There is no such a service.
National grid CA is exploring possibility of using federated identity to populate user certificate request web form to classic CA, and possibly to support SLCS, portal and other services.


* ''Any comments you have to TCS utilization in your NGI''
* ''Any comments you have to TCS utilization in your NGI''


The TCS is not well advertised in our country. TCS solves just a part of the credentials management problems since people are still required to handle the files with keys/certificates, which cause problems.
Many Irish IdPs cannot confirm "face-to-face" identity checking of entries in their identity db, and are probably unwilling to modify their procedures to meet the needs of TCS e-Science Personal. This makes these IdPs ineligible.

Latest revision as of 10:15, 20 June 2015

EGI Activity groups Special Interest groups Policy groups Virtual teams Distributed Competence Centres


EGI Virtual teams: Main Active Projects Closed Projects Guidelines
  • Are personal e-Science certificates available through the Terena Certificate Service in your country?
    • If yes, contact the NREN/institute/company that provides TCS in your country and check that the information about the available certificate types is up to date on the on the Terena webpage. If the information is in the list is incorrect, what needs to be fixed?
    • If no, are there any plans to introduce the service (including timelines, obstacles identified, etc.)?

No. Other TCS services are available

The Terena webpage says "Personal: No" but https://certificates.heanet.ie/ claims "limited personal certificates" are supported via TCD.

See comments for some information on the "obstacles".

  • In order to obtain a personal e-Science certificate from TCS, a user has to be affiliated with an institute that is part of the national identity federation and that has established an appropriate Subscriber Agreement. Please collect information about the institutes from which your NGI expects users (e.g. universities, research institutes) and indicate whether:
    • are those institutes members of your country's identity federation,

Yes

    • have those institutions signed the Subscriber Agreement with the NREN, i.e. whether they allow to issue TCS personal e-Science certificates to their members.

No. I believe they *do* use other TCS certs.

  • What is the process to get a personal e-Science certificate from TCS in your country?

Not supported in Ireland.

  • What are the rules for an institution in your country to join the identity federation and TCS?
    • Is there any special fee that an institution pays for joining TCS and/or the identity federation?

Join the federation: http://www.edugate.ie/membership Apply for TCS access: https://certificates.heanet.ie/node/4

  • Does your NGI or NREN provide any service similar to the TCS? Please choose zero or more from the following and provide a brief description:

National grid CA is exploring possibility of using federated identity to populate user certificate request web form to classic CA, and possibly to support SLCS, portal and other services.

  • Any comments you have to TCS utilization in your NGI

Many Irish IdPs cannot confirm "face-to-face" identity checking of entries in their identity db, and are probably unwilling to modify their procedures to meet the needs of TCS e-Science Personal. This makes these IdPs ineligible.

Retrieved from "https://wiki.egi.eu/w/index.php?title=VT_Federated_Identity_Providers_Assessment_Task_1:Ireland&oldid=80782"