CILogon Basic CA Policy V5

posted Aug 29, 2016, 11:16 AM by Jim Basney

Version 5 of the CILogon Basic CA Policy was reviewed by TAGPMA in July 2016 and is now in operation. This update enables CILogon to allow identification and authentication of certificate applicants using international identity providers via eduGAIN (Section 3.2.2) and support Robot certificates at Fermilab (Section 3.1.1).

CILogon OSG CA in IGTF Distribution

posted Oct 26, 2015, 3:12 AM by Jim Basney   [ updated Oct 26, 2015, 3:14 AM ]

The CILogon OSG CA, which supports the Open Science Grid Certificate Service, is now accredited by the Interoperable Global Trust Federation and included in the IGTF CA distribution starting in the October 2015 version 1.69 release. The CILogon OSG CA is operated by XSEDE in collaboration with OSG.

CP/CPS Update: CILogon Replica at NICS

posted Dec 3, 2014, 2:38 PM by Jim Basney   [ updated Dec 3, 2014, 2:39 PM ]

We have updated Section 5.1 of the CILogon Certificate Policy and Certification Practice Statement (CP/CPS) documents at http://ca.cilogon.org/policy to add descriptions of the physical controls for the equipment at NICS that is hosting a secure CILogon replica. This replica will provide continuity of service in case of an outage of our primary equipment at NCSA. Thanks to NICS and XSEDE for this improvement in CILogon's reliability!

CILogon Basic CP/CPS V3

posted Jul 1, 2014, 11:27 AM by Jim Basney

The CILogon Basic CA policy has been updated to version 3 to comply with the IGTF IOTA AP. The CA was accredited by IGTF in June 2014.

CILogon OpenID CP/CPS V3

posted Mar 31, 2011, 2:08 PM by Jim Basney

We have updated Section 3.1 (Naming) of the CILogon OpenID CA Certificate Policy and Practice Statement (CP/CPS). Now certificate subjects include the subject's name, as provided by the OpenID Provider, rather than the OpenID Identifier URL. Also, the CILogon OpenID CA will now include email addresses in certificate subject alternative names.

CILogon Silver CA Accredited by IGTF

posted Feb 7, 2011, 7:12 AM by Jim Basney

Today's announcement of the IGTF 1.38 distribution marks the final step in the accreditation of the CILogon Silver CA by the International Grid Trust Federation (IGTF). This follows the approval in October of the CILogon Silver CA Policy by The Americas Grid Policy Management Authority (TAGPMA). The CILogon Silver CA relies on campus authentication that satisfies the InCommon Silver Identity Assurance Profile, so it will not be fully operational until the first InCommon campuses are accredited at the Silver level under the InCommon Identity Assurance program. To serve researchers from campuses that are not (yet) at the InCommon Silver level, CILogon also operates Basic and OpenID CAs at https://cilogon.org.

CILogon CAs Migrating to SHA-256

posted Feb 4, 2011, 9:17 AM by Jim Basney

We are changing the hash algorithm (i.e., message digest algorithm) that the CILogon CAs use when signing certificates from SHA-1 to SHA-256, per NIST recommendations. The Open Science Grid provides hash algorithm compatibility information. If this change causes any problems for your applications, please contact help@cilogon.org.

CP/CPS Update: CA Generation of Subscriber Private keys

posted Feb 3, 2011, 3:14 PM by Jim Basney

New versions of the CILogon Silver, Basic, and OpenID CA Certificate Policy and Certification Practice Statement (CP/CPS) documents are now available. The new policies allow for CA generation of subscriber private keys in cases where it eases the subscriber enrollment process. We believe this update will enable significant improvements to the usability and compatibility of the CILogon Service (https://cilogon.org). This policy change has been discussed in TAGPMA and EUGridPMA. For more details, see our TAGPMA wiki page on the topic.

CILogon Silver CA Policy Accredited by TAGPMA

posted Oct 6, 2010, 2:05 PM by Jim Basney

The Americas Grid Policy Management Authority (TAGPMA) today voted to accredit the CILogon Silver CA Policy under the Member Integrated Credential Services (MICS) Profile, allowing the CA to issue certificates valid for up to 13 months. This accreditation is a step forward for certificates from https://cilogon.org being accepted by members of the International Grid Trust Federation (IGTF) including TeraGrid, Open Science Grid (OSG), European Grid Infrastructure (EGI), and Worldwide LHC Computing Grid (WLCG). Following an operational review by TAGPMA, the CILogon Silver CA will achieve "accredited" status in the IGTF Trust Anchor Distribution. The CILogon Silver CA relies on campus authentication that satisfies the InCommon Silver Identity Assurance Profile, so it will not be fully operational until the first InCommon campuses are accredited at the Silver level under the InCommon Identity Assurance program. To serve researchers from campuses that are not (yet) at the InCommon Silver level, CILogon also operates Basic and OpenID CAs at https://cilogon.org.

CILogon CA Certificates in IGTF Distribution

posted Sep 28, 2010, 7:13 AM by Jim Basney

The International Grid Trust Federation CA distribution version 1.37, released today, includes the self-signed CILogon Silver, Basic, and OpenID CA certificates (and associated configuration files) in the "experimental" area. This provides to relying parties a trusted distribution path for the CILogon CA's self-signed certificates, which are also available directly from the CILogon CA web site (http://ca.cilogon.org/). Note that this does not imply that the CILogon CAs have been accredited by IGTF. Only CAs included in the "accredited" area of the distribution have completed the IGTF accreditation process, not those in the "experimental" area where the CILogon CA certificates can currently be found. The CILogon Silver CA is under review by the TAGPMA for IGTF accreditation. The next opportunity for a TAGPMA accreditation vote for the CILogon Silver CA is the upcoming TAGPMA Face-to-Face Meeting October 4-7 in Lubbock, Texas.

1-10 of 14