Versions Compared

Old Version 1

changes.mady.by.user Unknown User (swinter)

Saved on

compared with

New Version 2

changes.mady.by.user Unknown User (swinter)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: first draft of eduPKI stuff

...

  • an oversight body, the "eduPKI Policy Management Authority" (eduPKI-PMA) was created and produced a document with defined Quality Assurance criteria for CAs which would like to become part of the eduroam trust model. It is open for applicant CAs world-wide. The rules are set forth in section "CA Accrediation Process" at https://www.edupki.org/edupki-pma/pma-governing-documents/Image Removed
  • a X.509 trust profile for the eduroam service was created, which designates two so-called "policy OID" fields to eduroam IdP and SP servers. The trust profile can be found on this page: https://www.edupki.org/edupki-pma/edupki-trust-profiles/Image Removed
  • this trust profile requires that CAs which use this policy OID will check the authorisation of a certificate applicant whether or not he is actually an eduroam IdP and/or SP server operator.

This way, it can be assured that only authorised eduroam operators get eduroam certificates and can establish connections to other eduroam servers.

Managing accredited CAs in eduroam servers

The number of accredited CAs and the list of certificates can change at any time. It is important that all eduroam servers consult an up-to-date list of accredited CAs. The list of currently accredited CAs is maintained in a TERENA repository of the TACAR service. A browsable list can be found here: https://www.tacar.org/cert/list/Image Added

eduroam operations will make available scripts for easy regular download and update of the accredited CAs. On UNIX-like systems, this script should be executed in a cron job on a regular basis (we suggest daily).

Please refrain from manually downloading CAs as a one-time action. Otherwise, your CA list will eventually become outdated and this will create service disruption for some eduroam users!

eduroam Certificates in the world regions

...

There is currently one accredited Certification Authority: the eduPKI CA, located at https://www.edupki.org/edupki-ca/Image Removed . Further CAs are welcome to apply for eduPKI PMA accreditation.

eduroam operators should request their eduPKI CA eduroam certificate as defined in the following last subsection.

Americas

No information.

...

No information.

Africa

No information.

Obtaining a server certificate

...

with eduPKI CA

Please follow the instructions on the eduPKI CA eduroam RA pages at: http://www.eduroam.org/index.php?p=europe&s=edupkiImage Added