Matthew Viljoen
RAL

grid operations
largest in the world?
97 RA's, 120 people
good statistics!
lots of help to users

=

Yoshio Tanaka
AIST

auditing CA's
promised a document!
interview and physical inspection

=

Jens Jensen
CCLRC

certificate profiles
ca:false doesn't mean "false"!?
what must be a "must"?
must have policyIdentifier for oid of cp/cps
keyUsage must be present and critical
basicConstraints by convention
commonName is full name, but what about pseudonyms, and character sets
extendedKeyUsage should not be critical
serialNumber in DN is what kind of string? to disambiguate CN's?
be conservative because of all different middleware
who is the audience?  CA operators?  developers?
do we get the start of a document out of this?

=

CAOPS
how do we fit in ggf structure?
a security area in community function?
new charter for authentication federation?
how does this interact with gridshib?
make things clearer in the charter
do we need a name change?

=

OCSP
punt on proxy certificate revocation? yes
need more experience
relying parties would like OCSP

=

we need regular, focused telecons