Versions Compared

Old Version 60

changes.mady.by.user David Groep

Saved on

compared with

New Version 61

changes.mady.by.user Nicole Harris

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

After August 28th, the old "GEANT IGTF MICS Personal" and "GEANT IGTF MICS Personal Robot" will be removed from the SAML portal. At the same time, the "GEANT Personal" profile (which will be renamed to "email signing and encryption") will become a public-trust S/MIME only email signing and encryption profile. This public S/MIME will use the sponsor-validated profile to insert the givenName and surname of the applicant alongside the organisation name.

  • GÉANT Personal email signing and encryption
    • this is a public certificate and thus follows the new issuance/validation rules
    • issued via SAML Self-Enrollment
    • since the Subject CN contains a person's name, this must be based on the new Public S/MIME Sponsored Validation Multipurpose certificate template
    • since this template is of new sub-type Public Sponsored Validated, *it can only be issued to person's with a validation type of High*.  This will block issuance of this profile to brand new persons created during the enrollment flow.  New persons start with a validation type of Standard.
  • GÉANT Organisation email signing
    • this is a public certificate and thus follows the new issuance/validation rule
    • issued via Invite
    • since the Subject does not contain any person information it should be based on the new Public S/MIME Organization Validation Multipurpose certificate template
    • it can be issued to newly created persons with validation type of Standard
  • GÉANT Personal Authentication – RSA
  • GÉANT Personal Authentication – ECC
    • two profiles needed that show as one option in the self enrollment service – there are two private CAs and thus two certificate templates
    • this is a private certificate
    • issued via SAML Self-Enrollment
    • same as old IGTF Personal
  • GÉANT Personal Automated Authentication – RSA
  • GÉANT Personal Automated Authentication – ECC
    • two profiles needed that show as one option in the self enrollment service – there are two private CAs and thus two certificate templates
    • this is a private certificate
    • issued via SAML Self-Enrollment
    • same as old IGTF Personal Robot
  • GÉANT Organisation Automated Authentication - RSA
  • GÉANT Organisation Automated Authentication - ECC
    • two profiles needed that show as one option in the self enrollment service – there are two private CAs and thus two certificate templates
    • this is a private certificate
    • issued via invite
    • same as old IGTF Robot Email

Q: I have relying parties using client authentication for services (web site access, IdP login, eduroam, ...). Do they need to act?

...