Standards » Security Area » CAOPS WG

Grids use X.509 certificates for authentication and authorization. These certificates are issued to subscribers that comprise a virtual organization, and are typically issued by Certification Authorities operated by real institutions. In order to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies or procedures, these Certification Authorities (CAs) should be externally audited periodically. The International Grid Trust Federation (IGTF) has, based on templates established by OGF, established such sets of operational policies and procedures. This document provides an audit checklist which describes auditing items to be considered by CAs accredited by the IGTF to be compliant with the ‘Classic’ Authentication Profile, and provides the acceptable evidence for the verification of these items. Detailed processes of auditing are also described in this document which is intended as guidelines for auditing Grid CAs. Spread sheets of the check list for ‘Classic’, ‘Short Lived Credential Services (SLCS)’, and ‘Member Integrated Credential Services (MICS)’ profiles are provided as separate documents and available on the IGTF web site. This document as well as the spread sheets will be maintained and updated when there is a newer version of authentication profiles available than it refers.

Grids use X.509 certificates for authentication and authorization. These certificates are issued to subscribers that comprise a virtual organization, and are typically issued by Certification Authorities operated by real institutions. In order to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies or procedures, these Certification Authorities (CAs) should be externally audited periodically. The International Grid Trust Federation (IGTF) has, based on templates established by OGF, established such sets of operational policies and procedures. This document provides an audit checklist which describes auditing items to be considered by CAs accredited by the IGTF to be compliant with the ‘Classic’ Authentication Profile, and provides the acceptable evidence for the verification of these items. Detailed processes of auditing are also described in this document which is intended as guidelines for auditing Grid CAs. Spread sheets of the check list for ‘Classic’, ‘Short Lived Credential Services (SLCS)’, and ‘Member Integrated Credential Services (MICS)’ profiles are provided as separate documents and available on the IGTF web site. This document as well as the spread sheets will be maintained and updated when there is a newer version of authentication profiles available than it refers.

Grids use X.509 certificates for authentication and authorization. These certificates are issued to subscribers that comprise a virtual organization, and are typically issued by Certification Authorities operated by real institutions. In order to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies or procedures, these Certification Authorities (CAs) should be externally audited periodically. The International Grid Trust Federation (IGTF) has, based on templates established by OGF, established such sets of operational policies and procedures. This document provides an audit checklist which describes auditing items to be considered by CAs accredited by the IGTF to be compliant with the ‘Classic’ Authentication Profile, and provides the acceptable evidence for the verification of these items. Detailed processes of auditing are also described in this document which is intended as guidelines for auditing Grid CAs. Spread sheets of the check list for ‘Classic’, ‘Short Lived Credential Services (SLCS)’, and ‘Member Integrated Credential Services (MICS)’ profiles are provided as separate documents and available on the IGTF web site. This document as well as the spread sheets will be maintained and updated when there is a newer version of authentication profiles available than it refers.