Purpose

The current CA operations for NorduGRID is a manual, highly person-dependent process which does not scale to more than a few GRID-users. The purpose of this project is to automate the identity proofing and CA issuance processes.

...

• Stand up an Online-CA for a sub-arc of the NorduGRID CA trust using a SAML-based federated login operated in the Kalmar Union cross-federation.
• Describe and deploy any new/changed RA-processes resulting from this change.
• Certify the Online-CA against the IGTF policy.

Timeline

Activities

...

One way to delegate responsibility for identity proofing is to use a SAML identity federation to request authentication from any of the member organizations of that federation. Technically the SAML federation is a trust bridge using signed XML metadata documents to convey that a federation operator has vetted the identity management processes against a policy defined by the federation. In other words the members of the federation (which in our case would include the NorduGRID CA) can trust that identity proofing process is equally good (or bad depending on the policy) at comparable across all members of the federation.

...