1st APGrid PMA Meeting

CAs and Members
APGrid PMA Membership
CAs in Asia Pacific
Members only page
Members only page
Related Links
International Grid Trust Federation
The Americas Grid PMA
1st APGrid PMA Meeting

Computer Network Information Center (CNIC),
Chinese Academy of Sciences (CAS),
November 29, 2005

Date 09:00 - 17:00, November 29, 2005
Venue Room508, The main building of CNIC, No.4, 4th South Street, Zhong Guan Cun, Beijing, China
Access Map Access map by CNIC
Detailed map (for showing to a taxi driver)
Registration and Participants The meeting is closed for APGrid PMA members and representatives from EUGrid PMA and TAGPMA. Registration is NOT required. A list of participants is available on this page.
Visa information If you need a visa for entering China, please contact to Sun GongXing and Gang Cheng at IHEP/China. If you will attend the HPCAsia 2005 conference, you may obtain an invitation letter from the HPCAsia 2005 secretariat. Please visit here for more details about visa.
Accomodation If you will attend the HPCAsia 2005 conference, you can stay at the hotel recommended by the HPCAsia 2005 organizer with the special discount rate for the conference. Please visit here for more details about registration and accomodation. If you will not attend the HPCAsia 2005, please ask Kai Nan and Morrise Xu (CNIC/CAS) to give advices on your accomodation.
Access map to the Crown Plaza Beijing -- Park View Wuzhou is available.
Access map to the Beijing Continental Grand Hotel is also available.
9:00 - 9:15 Opening and introduction of participants [slides]
9:15 - 10:00 Introduction of the IGTF and regional PMAs
  • IGTF and EUGrid PMA (David Groep) (30min) [slides]
  • TAGPMA (Darcy Quesnel) (15min) [slides]

10:00 - 10:30 Status reports of accredited CAs (1)
  • AIST (Yoshio Tanaka) [slides]
  • ASGCC (C. C. Chang) [slides]

10:30 - 10:45 coffee/tea break
10:45 - 11:30 Status reports of accredited CAs (2)
  • IHEP (Sun Gongxing) [slides]
  • KISTI (Sangwan Kim) [slides]
  • NAREGI (Masataka Kanamori) [slides]

11:30 - 13:30 lunch
13:30 - 14:30 Examination for accreditation of new CAs
14:30 - 15:30 Status reports of potential CAs
15:30 - 15:45 coffee/tea break
15:45 - 17:00 Discussions: items TBD
  • Short lived certificate service (Tony Genovese) [slides]
  • Review of minimum CA requirements
    • draft of the new requirements
  • Web server certificates [slides]
  • Certificates used by GT4

18:00 - Dinner at Wu-Ming-Ju
Photos Meeting web site by CNIC (including some photos)
  • We realized that KISTI CA has some problems as a production-level CA. Yoshio promised to give comments for improving their CA operation. After the PMA meeting, Yoshio talked with Sangwan and give comments that KISI CA has three major problems:
    • the CA server (internal Web server) must be disconnected to any network, but the server is connected to the database server (though it is temporal), The internal Web server must be disconnected or use HSM if it allows connection to the database server.
    • KISTI CA (RA) does not identify end entities by in-person meeting and photo-id (or official document). KISTI CA (RA) must identify end entities by in-person meeting and photo-id (or official document).
    • CA serve (internal Web server) is located on Sangwan's desktop, but the location seems to be too un-safe. The CA server must be moved to the computer room to which access is limited.
    Yoshio also gave comments about some minor problems (e.g. sending password by a plan text email is inappropriate, etc.), but the above three points are the major problems.
  • We approved APAC GRID CA and SGD CA as production-level CAs. Both CAs are not yet ready for operation, but will be in operation shortly. SDG CA was given one condition to be accredited. The condition is to select an appropriate namespace which has no conflict with the current CA's namespace.
  • We reviewed the minimum CA requirements. According to the Classic CA Profile 4.0, we need to revise the requirements. The revision was proposed by Yoshio, but could not have enough time for discussion. Yoshio will send the draft of the new requirements and will continue discussion via email.