Requirements, Issues & Actions

R. Requirements

R1 - minimal revocation privilege

Requirement from OSG that all agents should not be able to revoke all certificates.

R2 - 3,5 year ID revetting

Requirement from IGTF that ID is re-vetted every 5 years for 2K bit keys, 3 years for 1K bit keys.

R3 - improved notification for VOs & subscribers

Requirement from OSG community that status of certificate request processing is more transparent and that managers from the VOs can monitor requests in their domain.

R4 - ability to monitor actions of Agents and Grid Admins

Neede by OSG RA.

Requirements gathering

Some workshops are being planned.

I. Issues and Problems

I1 - single supplier risk

Identified in OSG contingency planning as a risk.

I2 - integration of NCSA CA

I3 - rearrange CPS RA appendices

I4 - validating email addresses in cert requests

It would be VERY useful if the CA web software would validate email addresses in the certificate requests automatically.

S. Possible Solutions

S1 - CA cloning

Esnet has project in motion to clone the DOEGrids CA. This addresses I1.

S2 - alternate CA supplier

Jim & NCSA will provide a CA that OSG can use. This addresses I1.

S3 - separate Registration Manager for OSG

This addresses R3.

S4 - "Replicate" DOEGrids CA database

Means to copy data out of the CA and store it into an SQL database that supports analysis and monitoring. Addresses R4.

A. Actions and Goals

A1 - meet R1

Doug, Mike, Dhiva to work something out.

A2 - meet R2

Mike, Dhiva and Doug to work something out.

A3 - Jim Basney to supply another CA

Addresses I1.

A3.1 - discuss integration of NCSA CA

A4 - fix I3

Doug to work with Vicky to extract and re-organize RA appendices.