Versions Compared

Old Version 4

changes.mady.by.user Dick Visser

Saved on

compared with

New Version Current

changes.mady.by.user Reimer Karlsen-Masur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By centrally providing these as "building blocks", projects do not have to do this themselves and can focus on the service.

ALready Already existing building blocks should be better "marketed".

This would improve efficiency.

It will also unify By unifying policies across and between different service operators within the project.This in turn will make it , it would be easier to relocate services.

...

  • VMs  
  • Service Monitoring 
  • Backup/restore/archiving - data retention (ties into GDPR)
  • Git repos Source code repositories (non-public and public)
  • PKI:
    • Strategy
    • certbot
    • tcsTCS
    • edpki caeduPKI CA
    • let'sRadsec <= very eduroam specific? i.e. s
    • cab forum (related, mayb maybe come down to lobby work?)
    • Certificate transparencyTransparency
  • Security Operations Centre (SOC) - in edugain ops in whitepaper
  • FirstLevelSupport FLS (service desk)

WHAT

...

PKI:

  • Develop a PKI strategy for GN4 that will somehow put the PKI related GN services (such as TCS, eduPKI (knowledge center & CA), let'sRadSec, certbot, Certificate Transparency efforts and potential lobbying work at fora and organisation) into perspective. Shaping the services.
  • Develop and enhance tools and services (like certbot, let'sRadSec, TCS and eduPKI CA) to ease and broaden the use of PKI within the GN world.
    • certbot should be able to be used by server admins of standard web-servers and RadSec-servers to request and deploy certificates from ACMEv2 compatible CAs, like from TCS and eduPKI CA
    • Research how certbot can be fit into an Organisation Validated (OV) certificate issuing environment like it is currently for TCS & eduPKI
    • implement changes to certbot and/or a server component to connect to eduPKI CA's SOAP-API, for use with Let'sRadSec.
  • Providing independent services to strengthen the trust into public web-PKI and NREN / GN internal PKI by making the used PKI more transparent.
  • Providing certificate services that are based on GN/NREN requirements but independent from PKI developments outside of control GN and NRENs → "internal PKI"
  • Lobbying for GN/NREN specifics as an interested 3rd party at CA/Browser Forum. Though it's currently unclear what the goal or expected outcome of such task is. Except for the goal to research how GN participation could be possible in the forum and what it's possible impact could be.

HOW/WHEN

tbd



Post-Its:

AAI Pilots also need PROD stuff like securing, monitoring, policy

...