Olle ----------

OCSP Requirements

Since last time ---
Missing sections added; complete reformat; corrections based on feedback
Thanks for Tony going to TERENA -- Additional comments from Spain

Updated architecture (see diagram)

Outstanding issues

Do requests need to be signed?
Responses are signed, not clear why requests
would be signed.

Does there need to be differentiation between suspension & revocation
There already is a mechanism for temporary revocation, so why is 
this mechanism needed?

XKMS work going on in Europe and Japan. There are problems with
getting OCSP extended to work in this environment.

There are race conditions involved with using OCSP that sometimes
limits its usability. (e. g. can't login if can't check OCSP and
can't check OCSP responder because not logged in).

Moving forward .....
Address Spanish contributions.
Move towards last call
Have document in editor pipeline before GGF14
 
--------------------------------------------------------------
Tony - Authentication Profiles

New auth services will fragment current global trust model
Need to allow for innovation
Consistent model for relying parties to judge an authentication mechanism

Authentication Services provide:
Someone is actually behind the technology - a governance body
Specify membership and operational requirements
Trusted model for relying parties to find information

Federation Document - 12 areas to include reflecting the normal
questions relying parties want to know

Discussion of what is the purpose of the federation document
EUPMA and TAGPMA are going to try to implement this to see
how it all sorts out
Federation document contains the common elements and the
authentication profile contains the technology specific
items
Will provide feedback in Chicago as the results of trying to
use the document


----------------------------------------

Yoshio Tanaka  ------------ auditing

a regional PMA must audit the CAs in its region
Who audits the PMAs?
Example of WebTrust seal of approval - may be too much for Grid CA
Going to do a 1 day audit using the proposed criteria on March 29th.
Proposed criteria has been provided to CA-OPS and is on GridForge
Will probably take 3 people to do the audit
Will audit each CA once per year

Great to have a presentation about the experiences at next GGF

----------------------------------------
