1st APGrid PMA Meeting

The meeting is closed for APGrid PMA members and representatives from EUGrid PMA and TAGPMA. Registration is NOT required. A list of participants is available on this page.

Visa information

If you need a visa for entering China, please contact to Sun GongXing and Gang Cheng at IHEP/China. If you will attend the HPCAsia 2005 conference, you may obtain an invitation letter from the HPCAsia 2005 secretariat. Please visit here for more details about visa.

Accomodation

If you will attend the HPCAsia 2005 conference, you can stay at the hotel recommended by the HPCAsia 2005 organizer with the special discount rate for the conference. Please visit here for more details about registration and accomodation. If you will not attend the HPCAsia 2005, please ask Kai Nan and Morrise Xu (CNIC/CAS) to give advices on your accomodation.
Access map to the Crown Plaza Beijing -- Park View Wuzhou is available.
Access map to the Beijing Continental Grand Hotel is also available.

Agenda

9:00 - 9:15	Opening and introduction of participants [slides]
9:15 - 10:00	Introduction of the IGTF and regional PMAs IGTF and EUGrid PMA (David Groep) (30min) [slides] TAGPMA (Darcy Quesnel) (15min) [slides]
10:00 - 10:30	Status reports of accredited CAs (1) AIST (Yoshio Tanaka) [slides] ASGCC (C. C. Chang) [slides]
10:30 - 10:45	coffee/tea break
10:45 - 11:30	Status reports of accredited CAs (2) IHEP (Sun Gongxing) [slides] KISTI (Sangwan Kim) [slides] NAREGI (Masataka Kanamori) [slides]
11:30 - 13:30	lunch
13:30 - 14:30	Examination for accreditation of new CAs APAC (David Bannon) CP/CPS slides CNIC (Morrise Xu) CP/CPS slides
14:30 - 15:30	Status reports of potential CAs KEK (Takashi Sasaki) [slides] NECTEC (Sornthep Vannarat) [slides] NGO (Jon Lau) [slides] PRAGMA (Mason Katz) [slides]
15:30 - 15:45	coffee/tea break
15:45 - 17:00	Discussions: items TBD Short lived certificate service (Tony Genovese) [slides] Review of minimum CA requirements draft of the new requirements Web server certificates [slides] Certificates used by GT4
18:00 -	Dinner at Wu-Ming-Ju

Photos

Meeting web site by CNIC (including some photos)

Summary

We realized that KISTI CA has some problems as a production-level CA. Yoshio promised to give comments for improving their CA operation. After the PMA meeting, Yoshio talked with Sangwan and give comments that KISI CA has three major problems:
- the CA server (internal Web server) must be disconnected to any network, but the server is connected to the database server (though it is temporal), The internal Web server must be disconnected or use HSM if it allows connection to the database server.
- KISTI CA (RA) does not identify end entities by in-person meeting and photo-id (or official document). KISTI CA (RA) must identify end entities by in-person meeting and photo-id (or official document).
- CA serve (internal Web server) is located on Sangwan's desktop, but the location seems to be too un-safe. The CA server must be moved to the computer room to which access is limited.
Yoshio also gave comments about some minor problems (e.g. sending password by a plan text email is inappropriate, etc.), but the above three points are the major problems.
We approved APAC GRID CA and SGD CA as production-level CAs. Both CAs are not yet ready for operation, but will be in operation shortly. SDG CA was given one condition to be accredited. The condition is to select an appropriate namespace which has no conflict with the current CA's namespace.
We reviewed the minimum CA requirements. According to the Classic CA Profile 4.0, we need to revise the requirements. The revision was proposed by Yoshio, but could not have enough time for discussion. Yoshio will send the draft of the new requirements and will continue discussion via email.