Asia Pacific Grid Policy Management Authority

Minimum CA Requirements
Presentation slides
CAs and Members
APGrid PMA Membership
CAs in Asia Pacific
Members only page
Members only page
Related Links
International Grid PMA
The Americas Grid PMA
Agenda and Minutes of the VTC (2006/02/28)
  • Opening Remarks (Yoshio Tanaka)
    • Satus updates
      • APAC, KEK, and NAREGI CAs have been included in a new distribution of a CA package.
      • Once your CA is included in the package os IGTF-accredited CAs, you must ensure that your CA is operated in compliant with CPS. For example, CRL must be issued at least 7 days before expiration. CA repository must be operated for 24x7 in best-effort basis. EUGrid PMA uses automatic tools for downloading CRL, etc., and it will contact to you if it will detect any troubles.
      • Please let me know any scheduled maintenance to the APGrid PMA ML. Yoshio will put the information to the APGrid PMA Web site.
  • Brief status reports of each CA
    • AIST: Some user certificates will be expired in this April. We are considering procedures for renewing certificates.
    • ASGCC: 3 user certs and 26 host certs have been issued. ASGCCA internal CP/CPS review will be in this March. We will have Grid admin's tutorial in mid of March.
    • APAC: No special updates. Need certificates for testing. Yoshio mentioned that AIST launches new CAs, one is for production and the other one is for experiments. Experimental CA can be used for issuing certificates for testing.
    • SDG/CNIC: Version 3.0 is deployed. Links are https://ca.sdg.grid.cn/ and https://ca.grid.cn/ . DOEGrid CA does not describe propagation of revocation information between root and sub CAs. Yoshio will ask David to show some examples.
    • IHEP: If CA certificate is changed, finger print is changed as well. Yoshio will forward an email from David which describes how to update CA certificate.
    • KEK: Started operation in Feb. 10, but have issued no certificates. KEK has improved NAREGI CA software to implement automatic notification of expiration. Give feed back to NAREGI.
    • KISTI: Deployed a new hardware for the web server which is located in a secure place. Yoshio mentioned that KISTI CA must ensure that CRL must be updated at least 7 days before expiration.
    • NAREGI: No updates. NAREGI CA was unavailable in last weekend due to the maintenance of building.
    • NCHC: Will be examined for accreditation.
    • NECTEC: email from Sornthep
      Yoshio mentioned that NAREGI CA software is not appropriate for off-line CAs.
    • NGO: no updates.
    • SDSC: GAMA/NAREGI CA integration is still going. CA RPM signed by APGrid PMA will be completed this week.
  • Decisions
    • Accreditation
      • NCHC GRID CA NCHC GRID CA has been accredited as a production-level CA.
  • Discussions
    • PMA Member list
      • We agreed to create a list of all members of the APGrid PMA. Yoshio will create a list of links to member's list of each site.
    • Reports from GGF16
      • Release frequency of the IGTF distribution will be increased to two weeks. The time to deployment of any such regular update release is left to the descretion of the relying parties.
      • APGrid PMA will launch a web page for CA monitoring using Nagios (see CA monitoring page by EUGrid PMA (use guest/guest)).
    • Audit
      • APAC: Will be audited in March 30th (by Yoshio).
      • KISTI: Yoshio is planning to audit after improvements.
      • NAREGI: Looking for auditos.
      • AIST: Looking for auditors.
    • Next F2F meeting
      • Oct 15, in Osaka, co-located with PRAGMA 11
    • Other topics