Motivation
Many projects have launched Grid portals in which uses do not need to
take care about certificate managements. Most of the portals are
running thier own Certificate Authorities, but their policy,
practices, and assurance level are not clear. In order to categorize
these CAs and provide information for relying parties, it is desired
to document an authentication profile which is appropriate for such
CAs.
Issues need to be considered
- Key Generation
Not at the client's side but at the central server
- CA server
Online, but may not use HSM
- Identity Vetting
Some portal uses an email address as a source of identity vetting.
- Lifetime of EE certs
Long-lived or shortt-lived.
- Revocation
May not be necessary for short-lived certificates.
- Plans
Got possitive comments from the TAG members, but need haven't yet
decided the details of the profile.
Draft an AP by the next EUGrid PMA or GGF19.