Basic CA Policy

CILogon Basic Certification Authority Certificate Policy and Practice Statement

Revision History

• 1.3.6.1.4.1.34998.1.2.6 (Mar 16 2021): Modifications to Section 5.1 (Physical Controls) to allow cloud operation of the CILogon web front-end.

  • cilogon-basic-policy-v6.pdf

  • cilogon-basic-policy-diffs-v5-to-v6.pdf

• 1.3.6.1.4.1.34998.1.2.5 (Jul 19 2016): Allow identification and authentication of certificate applicants via eduGAIN (Section 3.2.2). Support Robot certificates (Section 3.1.1). Document use of OAuth for grid portals (Section 4.1.2). Add E-mail Protection to X509v3 Extended Key Usage certificate extension (Section 7.1.2).

  • cilogon-basic-policy-v5.pdf

• 1.3.6.1.4.1.34998.1.2.4 (Dec 3 2014): Added ORNL site information (Section 5.1).

• 1.3.6.1.4.1.34998.1.2.3 (Feb 4 2014): Reference IGTF IOTA AP. Increase CRL validity period from two weeks to 30 days (Section 2.3). Documented optional eduPersonPrincipalName and eduPersonTargetedID certificate extensions (Section 7.1.2).

• 1.3.6.1.4.1.34998.1.2.2 (Feb 3 2011): Allow subscriber private keys to be generated by the CA and delivered securely to subscribers (Section 4.1.2). Update CA certificate locations (Section 2.2) and CRL locations (Section 4.10 and 7.1.2). Support use of GivenName and Surname attributes in Section 3.1.1. Document additional personnel controls in Section 5.3. Add SHA-2 OIDs in Section 7.1.3.

• 1.3.6.1.4.1.34998.1.2.1 (Jan 25 2010): Initial version.