??ࡱ?>?? W|????V}??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@?(`???  ?  ?n??Zhttp://www.ripe.net/ripe/docs/irt-object.html?r/? 0??|?DTimes New Roman?Xn????d? 0?? & 0?DSymbolew Roman?Xn????d? 0?? & 0 ?DMonotype Sorts?Xn????d? 0?? & 00?DTimesNewRomanPSMT????d? 0?? & 0@?DTimesNewRomanPS-ItalicMT?? & 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? r?j???i*&3?2   + S ?~??????????1???????????0? ??????n?@???8?????+?g??4BdBdd? 0??????????p?pp?0 ? <?4BdBd???@ 0`??u?ʚ;2N??ʚ;<?4!d!d???= 0??<?4dddd???= 0???????___PPT9??/? 0?z?Z?Z?B?????????????-?@May 14, 2003. RIPE-45, Barcelona ?JTechSec WG: Related activity overviewO? ?=?m3???BTechSec WG: Related activities overview Information and discussion?HC /'/ ?;??DTechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko ?"E!$"?$ ?xJ??Outline?? ???TechSec WG liaison with CSIRT community Results and developments in CSIRT community Other possible areas of interest PKI and AuthN/AuthZ developments Discussion: Interest from RIPE community and possible forms?j(,!!<(,!!<????U??Developments in CSIRT community???TF-CSIRT  Task Force for Computer Security Incident Response Team Coordination for Europe - http://www.terena.nl/tech/task-forces/tf-csirt/ TI  Trusted Introducer Service - http://www.ti.terena.nl/ Training for new CSIRT members  TRANSITS project http://www.ist-transits.org/ Next training course  May 2003 CHIHT - Clearinghouse of Incident Handling Tools - http://chiht.dfn-cert.de/ BCP working group to assist new CSIRTs with focus for East European countries Mailing list archive - http://hypermail.terena.nl/csirt-bcp/ Prospects for closer cooperation - TF-CSIRT meetings: 29-30 May, 2003 Warsaw 27-28 September, 2003 Amsterdam?t ?=77 ?=77 ???/J/0 v  p??m 0?8h?G:??!IETF INCH WG (INCident Handling) ?""?(   ??OINCH WG - http://www.ietf.org/html.charters/inch-charter.html Status and recent developments Requirements for Format for INcident Report Exchange (FINE) http://www.ietf.org/internet-drafts/draft-ietf-inch-requirements-00.txt To be updated before IETF-57 The Incident Data Exchange Format Data Model and XML Implementation Document Type Definition http://www.ietf.org/internet-drafts/draft-ietf-inch-iodef-01.txt Planned implementation CERT/CC AIRCERT project - http://www.cert.org/kb/aircert/ eCSIRT Project - http://www.ecsirt.net/ Interest from AP region, GRID community (EEGE Project)??]??? "4""="H""^"A"" " 2  ` " ??];g\6:>??m 0?]???m 0??[??m 0????B5??Registry services for CSIRTs?  ??Trusted Introducer for CSIRTs Formal procedure of accreditation Special information services for members, i.e. maintained trust relations Accredited teams  more than 30 (NRENs, Com, Gov) Not limited by region and type of CSIRT FIRST (Forum for Incident Response Security Teams) More than 120 teams No formal procedure, no accreditation, no maintained trust relations IRT Object in RIPE NCC database???3Y ?,Y ?? ???V??IRT Object in RIPE NCC database??JInitiative by TF-CSIRT and RIPE NCC  two years project RIPE NCC document ripe-254 - http://www.ripe.net/ripe/docs/irt-object.html Purpose to allow search for IRT/CSIRT responsible for specific IP address space Prospectively by automatic tools Registration procedure: Individual CSIRTs via ISP/LIR or by Trusted Introducer Service, also considerably by FIRST Number of IRT objects created  not available at the moment ??8KP!\<8KP!\<  ?ZJ       # ??m 0?U???Y??0PKI related development by IETF, ETSI and others???X.509 PKI is a basic technology for trusted secure communications, protocols and services IETF PKIX WG - Public-Key Infrastructure (X.509) http://www.ietf.org/html.charters/pkix-charter.html Profiles and Identitfies: PK Certificate, Qualified Cert, Attribute Cert for AuthZ/PMI, Proxy Certificate, etc. Using LDAP for PKI Protocols and services for PKI management, e.g. CVP (Certificate Validation Protocol), OCSP (Online Certificate Status Protocol), Timestamping, etc. European Electronic Signature Standardisation Initiative (EESSI) by ETSI - http://www.ict.etsi.org/EESSI/EESSI-homepage.htm Number of practical documents are published Next joint meeting between IETF PKIX and EESSI at IETF57 in Vienna?p?},C?|$?,C??? ? ]p??m 0?????Z??!PKI and AuthN/AuthZ (AA) services???PKI also creates a basis for AuthN/AuthZ services and Identity management They are intending to become  killer -applications for PKI IETF Standards An Internet Attribute Certificate Profile for Authorization (RFC 3281)  defines AC for X.509 role-based Privilege Management Infrastructure (PMI) RFC2902-RFC2906  Authentication, Authorisation, Accounting Framework  mostly oriented for mobile communications ITU-T Rec. X.812(1995) | ISO/IEC 10181-3:1996, Information technology - Open systems interconnection - Security frameworks in open systems: Access control framework OASIS developments SAML (Security Assertion Markup Language) XACML (eXtensible Access Control Markup Language) Web Services Security (actually SOAP Security) ??K;??K;? " d ?.Y"  P?vE??,Existing OpenSource solutions for AA and PMI?--? ??vPERMIS (PrivilEge and Role Management Infrastructure Standards Validation Project) - http://sec.isi.salford.ac.uk/permis/ SPOCP (Simple POlicy Control Protocol) - http:/www.spocp.org/ Internet2 PubCookie/WebISO - http://middleware.internet2.edu/webiso/ Shibboleth AuthZ Service - http://shibboleth.internet2.edu/ A-Select (AuthN and SSO) - http://a-select.surfnet.nl/ ?vwU%$?8$?*?!$?$??? O ;.??S??3Liberty Alliance Project (LAP) and Network Identity???Liberty is a set of protocols that collectively provide a solution for identity federation management, cross-domain authentication, and session management. New set of LAP specifications Version 1.1 was published in April 2003 - http://www.projectliberty.org/ Using SAML and Web Services technology The Liberty architecture contains three actors: Principal, Identity provider, and Service provider Circles of trust are initiated and controlled by user/principal ?|?g'c@?g'c@ ?????T??Liberty Identity and Protocol???Liberty protocol provides federation of Principal s identity between the Identity provider and the Service provider. Principal is authenticated to the Identity provider Identity provider provides an authentication assertion to the Principal Principal can present the assertion to the Service provider Principal is then also authenticated to the Service provider if the Service provider trusts the assertion. An identity federation is said to exist between an Identity provider and a Service provider when the Service provider accepts authentication assertions regarding a particular Principal from the Identity provider ??v?l?v ?l? ??[??RDiscussion  Interest from RIPE community??HProvide information on PKI and AA/Identity development Including BCP and Use cases Provide training courses  in support of the proposed RIPE NCC PKI based Secure service model PKI basics Setup own Certification Authority Using PKI for Authentication and Authorisation Any other suggestions???7^\7^\  /?? P?????P? `? ????????f??????`? ???3?????????????`? ???___?????????????>???" dd=??????????????" dd?=?????????????uA?4? d?O?" ?i ?n???" dd??????????   @@``P?P   4 O i`? p?@??@    ? ?)? ?( ? ??p ? ? ?H??????d???? ?'W??? ? ? ?Z?$h?a????a?????????? ??x8????  ?T?? Click to edit Master title style?!? !?: ? ? ?T? f?a????a????????? ??Sg???  ???RClick to edit Master text styles Second Level Third Level Fourth Level Fifth Level?!    ? S? ?  ?`??T?a????a??????????? ?? ?????  ?`??*? ???=44OOii?  ?   ?`?????a????a??????????? ?? `???   ?b??*? ???=44OOii?$ ?!  ?`??rn?a????a??????????? ??!?????  ?|??Slide_*?( ???=44OOii?Z?F ?1?lY ?$ ??~???~ ?" ? ?N?????????2?????1?l$?~ ?# ? ?N?????????2?????1IlY??F ??? ?) ???c?8 ?% s ?B?C{DE?8F?@??????????????????@????????F??h??=?Zhz?zFz?\F3? @???????????????????0 ?& s ?B?C?DE?4F?<??????????????????@????? ????i??<?????<??#i?????@???????????????g?5?0 ?' s ?B-C?DE?4F?<??????????????????@????? ??o?????*l??,J??????Jz?o@???????????????Arn*? ?( ? ??BKCoDE?4F?<?????????? ??(%+(J27JQ+E%nEQ7@???????????????????H ? ? ?0??@??޽h??? ?? ??????????f?????? ?International?? ? ??0?% ?E?( ??4p? ~?p? ? ?^ ? ? ?6??????? ?@_??p ? ? ?H??????d???? ??_??? ? ? ?Z?`?n?a????a?????????? ???????? n ?T?? Click to edit Master title style?!? !?? ? ? ?Z???n?a????a?????????? ??HZjG ?? n ?W??#Click to edit Master subtitle style?$? $? ?  ?`???n?a????a??????????? ???????? n ?\??*????=44OOii? ?  ?`? ??a????a??????????? ???S ???  n ?^??*????=44OOii? ?  ?`?? ??a????a??????????? ???????? ? ?n??Slide 2_*?  ???=44OOii?H ? ? ?0??@??޽h??? ?? ??????????f?????????? 0 ??P??*?( ? ?? ? ? ?T??\??jJ??jJ??????? ???? K3??  ? ?h??*? ?? ? ??? ? ? ?T?l^??jJ??jJ??????? ????? ?3?? ? ?j??*? ?? ? ???p ? ? ?0?????1? ???8?] ?? ??: ? ? ?T??o???g?ֳ??g?ֳ?????? ??? V?%?? ? ???RClick to edit Master text styles Second level Third level Fourth level Fifth level?!    ? S?  ? ? ?Z??z??jJ??jJ???????? ??? K???  ? ?h??*? ?? ? ???  ? ? ?Z?????jJ??jJ???????? ???? ???? ? ?j??*? ?? ? ???H ? ? ?0??޽h?????? ?? ??????̙33????????? ??p??0?( ? ??H ? ? ?0???޽h????? ?? ??????̙33??????????? 0?( ????( ? ??? ? # ?l????g????g????????????? ? ??x$?? ? ? ??? ? # ?l????g????g????????????? ? ?H????? ? ? ??H ? ? ?0???@??޽h?? ?? ??????????f????????? ? ???`?x?$?( ? ?x?r ?x S ??PA????x8????  ? ? ??r ?x S ????????Sg??? ? ? ??H ?x ? ?0???@??޽h?? ?? ??????????f????????? ? ??????0?( ? ???x ?? c ?$?$??????x8????  ? ? ??x ?? c ?$????????Sg??? ? ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???????x8????  ? ? ??r ?? S ????????Sg??? ? ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ??????0?( ? ???x ?? c ?$???????x8????  ? ? ??x ?? c ?$??-????Sg??? ? ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ????????x8????  ? ? ??r ?? S ??l?????Sg??? ? ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???n???x8????  n ? ??r ?? S ???n???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ??????:?( ? ???r ?? S ????????x8????  ? ? ??? ?? S ????????Sg??? ? ?"???5?H ?? ? ?0???@??޽h?? ?? ??????????f???????? ? ???d?F?( ? ?d?x ?d c ?$???????x8????  ? ? ??? ?d c ?$????????Sg??? ? ?"???5?H ?d ? ?0???@??޽h?? ?? ??????????f????????? ? ??????$?( ? ???r ?? S ?? ?????x8????  ? ? ??r ?? S ????????Sg??? ? ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ??? ???$?( ? ???r ?? S ??????x8????   ? ??r ?? S ??&???Sg???  ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???0???$?( ? ???r ?? S ??0?U???x8????  U ? ??r ?? S ???M???Sg???  ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? 0 ???@??? ?( ????? ???X ?? C ?????8?] ??  ??? ?? S ????????? V?%??  ? ?"?? ?H ?? ? ?0???޽h????? ?? ??????̙33???????rh`IX+_?@?___PPT9? /? 0?z????-?@May 14, 2003. RIPE-45, Barcelona ?JTechSec WG: Related activity overviewO? ?=??7???BTechSec WG: Related activities overview Information and discussion?HC /'/ ?;??DTechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko ?"E!$"?$ ?xJ??Outline?? ???TechSec WG liaison with CSIRT community Results and developments in CSIRT community Other possible areas of interest PKI and AuthN/AuthZ developments Discussion: Interest from RIPE community and possible forms?j(,!!<(,!!<????U??Developments in CSIRT community???TF-CSIRT  Task Force for Computer Security Incident Response Team Coordination for Europe - http://www.terena.nl/tech/task-forces/tf-csirt/ TI  Trusted Introducer Service - http://www.ti.terena.nl/ Training for new CSIRT members  TRANSITS project http://www.ist-transits.org/ Next training course  May 2003 CHIHT - Clearinghouse of Incident Handling Tools - http://chiht.dfn-cert.de/ BCP working group to assist new CSIRTs with focus for East European countries Mailing list archive - http://hypermail.terena.nl/csirt-bcp/ Prospects for closer cooperation - TF-CSIRT meetings: 29-30 May, 2003 Warsaw 27-28 September, 2003 Amsterdam?t ?=77 ?=77 ???/J/0 v  p??m 0?8h?G:??!IETF INCH WG (INCident Handling) ?""?(   ??OINCH WG - http://www.ietf.org/html.charters/inch-charter.html Status and recent developments Requirements for Format for INcident Report Exchange (FINE) http://www.ietf.org/internet-drafts/draft-ietf-inch-requirements-00.txt To be updated before IETF-57 The Incident Data Exchange Format Data Model and XML Implementation Document Type Definition http://www.ietf.org/internet-drafts/draft-ietf-inch-iodef-01.txt Planned implementation CERT/CC AIRCERT project - http://www.cert.org/kb/aircert/ eCSIRT Project - http://www.ecsirt.net/ Interest from AP region, GRID community (EEGE Project)??]??? "4""="H""^"A"" " 2  ` " ??];g\6:>??m 0?]???m 0??[??m 0????B5??Registry services for CSIRTs?  ??Trusted Introducer for CSIRTs Formal procedure of accreditation Special information services for members, i.e. maintained trust relations Accredited teams  more than 30 (NRENs, Com, Gov) Not limited by region and type of CSIRT FIRST (Forum for Incident Response Security Teams) More than 120 teams No formal procedure, no accreditation, no maintained trust relations IRT Object in RIPE NCC database???3Y ?,Y ?? ???V??IRT Object in RIPE NCC database??nInitiative by TF-CSIRT and RIPE NCC  two years project RIPE NCC document ripe-254 - http://www.ripe.net/ripe/docs/irt-object.html Purpose to allow search for IRT/CSIRT responsible for specific IP address space Prospectively by automatic tools Registration procedure: Individual CSIRTs via ISP/LIR or by Trusted Introducer Service, also considerably by FIRST Number of IRT objects created  total 16 By TI maintainer  9 By ISP/CSIRT - 7??8KP!\)&8KP!\)  &?ZJ        &??m 0?U???Y??0PKI related development by IETF, ETSI and others???X.509 PKI is a basic technology for trusted secure communications, protocols and services IETF PKIX WG - Public-Key Infrastructure (X.509) http://www.ietf.org/html.charters/pkix-charter.html Profiles and Identitfies: PK Certificate, Qualified Cert, Attribute Cert for AuthZ/PMI, Proxy Certificate, etc. Using LDAP for PKI Protocols and services for PKI management, e.g. CVP (Certificate Validation Protocol), OCSP (Online Certificate Status Protocol), Timestamping, etc. European Electronic Signature Standardisation Initiative (EESSI) by ETSI - http://www.ict.etsi.org/EESSI/EESSI-homepage.htm Number of practical documents are published, e.g.  ETSI TR 102 044 Requirements for role and attribute certificates - http://webapp.etsi.org/action\PU/20021203/tr_102044v010101p.pdf Next joint meeting between IETF PKIX and EESSI at IETF57 in Vienna?|?  !"#$%&'()*+,-./0123456789:;<=Y?????ABCDEFGHIJKLMNOPQRSTU?????X????Z[\]^_`abcdefghijklmnopqrstuvwxyz{@?????????Root Entry??????????d?O?????)??d???~?Current User????????????EJSummaryInformation(????????@ PowerPoint Document(???? DocumentSummaryInformation8????????????1????????????????????????????????????? Sorts?Xn????d? 0?? & 00?DTimesNewRomanPSMT????d? 0?? & 0@?DTimesNewRomanPS-ItalicMT?? & 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? r?j???i*&3?2   + S ?~??????????1???????????0? ??????n?@???8?????+?g??4BdBdd? 0??????????p?pp?0 ? <?4BdBd???@ 0`??u?ʚ;2N??ʚ;<?4!d!d???= 0??<?4dddd???= 0???????___PPT9??/? 0?z?Z?Z?B?????????????-?@May 14, 2003. RIPE-45, Barcelona ?JTechSec WG: Related activity overviewO? ?=??7???BTechSec WG: Related activities overview Information and discussion?HC /'/ ?;??DTechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko ?"E!$"?$ ?xJ??Outline?? ???TechSec WG liaison with CSIRT community Results and developments in CSIRT community Other possible areas of interest PKI and AuthN/AuthZ developments Discussion: Interest from RIPE community and possible forms?j(,!!<(,!!<????U??Developments in CSIRT community???TF-CSIRT  Task Force for Computer Security Incident Response Team Coordination for Europe - http://www.terena.nl/tech/task-forces/tf-csirt/ TI  Trusted Introducer Service - http://www.ti.terena.nl/ Training for new CSIRT members  TRANSITS project http://www.ist-transits.org/ Next training course  May 2003 CHIHT - Clearinghouse of Incident Handling Tools - http://chiht.dfn-cert.de/ BCP working group to assist new CSIRTs with focus for East European countries Mailing list archive - http://hypermail.terena.nl/csirt-bcp/ Prospects for closer cooperation - TF-CSIRT meetings: 29-30 May, 2003 Warsaw 27-28 September, 2003 Amsterdam?t ?=77 ?=77 ???/J/0 v  p??m 0?8h?G:??!IETF INCH WG (INCident Handling) ?""?(   ??OINCH WG - http://www.ietf.org/html.charters/inch-charter.html Status and recent developments Requirements for Format for INcident Report Exchange (FINE) http://www.ietf.org/internet-drafts/draft-ietf-inch-requirements-00.txt To be updated before IETF-57 The Incident Data Exchange Format Data Model and XML Implementation Document Type Definition http://www.ietf.org/internet-drafts/draft-ietf-inch-iodef-01.txt Planned implementation CERT/CC AIRCERT project - http://www.cert.org/kb/aircert/ eCSIRT Project - http://www.ecsirt.net/ Interest from AP region, GRID community (EEGE Project)??]??? "4""="H""^"A"" " 2  ` " ??];g\6:>??m 0?]???m 0??[??m 0????B5??Registry services for CSIRTs?  ??Trusted Introducer for CSIRTs Formal procedure of accreditation Special information services for members, i.e. maintained trust relations Accredited teams  more than 30 (NRENs, Com, Gov) Not limited by region and type of CSIRT FIRST (Forum for Incident Response Security Teams) More than 120 teams No formal procedure, no accreditation, no maintained trust relations IRT Object in RIPE NCC database???3Y ?,Y ?? ???V??IRT Object in RIPE NCC database??JInitiative by TF-CSIRT and RIPE NCC  two years project RIPE NCC document ripe-254 - http://www.ripe.net/ripe/docs/irt-object.html Purpose to allow search for IRT/CSIRT responsible for specific IP address space Prospectively by automatic tools Registration procedure: Individual CSIRTs via ISP/LIR or by Trusted Introducer Service, also considerably by FIRST Number of IRT objects created  not available at the moment ??8KP!\<8KP!\<  ?ZJ       # ??m 0?U???Y??0PKI related development by IETF, ETSI and others???X.509 PKI is a basic technology for trusted secure communications, protocols and services IETF PKIX WG - Public-Key Infrastructure (X.509) http://www.ietf.org/html.charters/pkix-charter.html Profiles and Identitfies: PK Certificate, Qualified Cert, Attribute Cert for AuthZ/PMI, Proxy Certificate, etc. Using LDAP for PKI Protocols and services for PKI management, e.g. CVP (Certificate Validation Protocol), OCSP (Online Certificate Status Protocol), Timestamping, etc. European Electronic Signature Standardisation Initiative (EESSI) by ETSI - http://www.ict.etsi.org/EESSI/EESSI-homepage.htm Number of practical documents are published, e.g.  ETSI TR 102 044 Requirements for role and attribute certificates - http://webapp.etsi.org/action\PU/20021203/tr_102044v010101p.pdf Next joint meeting between IETF PKIX and EESSI at IETF57 in Vienna?|?}?C?|$?v@C??? ? ]wD??m 0?????m 0?? ??Z??!PKI and AuthN/AuthZ (AA) services???PKI also creates a basis for AuthN/AuthZ services and Identity management They are intending to become  killer -applications for PKI IETF Standards An Internet Attribute Certificate Profile for Authorization (RFC 3281)  defines AC for X.509 role-based Privilege Management Infrastructure (PMI) RFC2902-RFC2906  Authentication, Authorisation, Accounting Framework  mostly oriented for mobile communications ITU-T Rec. X.812(1995) | ISO/IEC 10181-3:1996, Information technology - Open systems interconnection - Security frameworks in open systems: Access control framework OASIS developments SAML (Security Assertion Markup Language) XACML (eXtensible Access Control Markup Language) Web Services Security (actually SOAP Security) ??K;??K;? " d ?.Y"  P?vE??,Existing OpenSource solutions for AA and PMI?--? ??vPERMIS (PrivilEge and Role Management Infrastructure Standards Validation Project) - http://sec.isi.salford.ac.uk/permis/ SPOCP (Simple POlicy Control Protocol) - http:/www.spocp.org/ Internet2 PubCookie/WebISO - http://middleware.internet2.edu/webiso/ Shibboleth AuthZ Service - http://shibboleth.internet2.edu/ A-Select (AuthN and SSO) - http://a-select.surfnet.nl/ ?vwU%$?8$?*?!$?$??? O ;.??S??3Liberty Alliance Project (LAP) and Network Identity???Liberty is a set of protocols that collectively provide a solution for identity federation management, cross-domain authentication, and session management. New set of LAP specifications Version 1.1 was published in April 2003 - http://www.projectliberty.org/ Using SAML and Web Services technology The Liberty architecture contains three actors: Principal, Identity provider, and Service provider Circles of trust are initiated and controlled by user/principal ?|?g'c@?g'c@ ?????T??Liberty Identity and Protocol???Liberty protocol provides federation of Principal s identity between the Identity provider and the Service provider. Principal is authenticated to the Identity provider Identity provider provides an authentication assertion to the Principal Principal can present the assertion to the Service provider Principal is then also authenticated to the Service provider if the Service provider trusts the assertion. An identity federation is said to exist between an Identity provider and a Service provider when the Service provider accepts authentication assertions regarding a particular Principal from the Identity provider ??v?l?v ?l? ??[??RDiscussion  Interest from RIPE community??HProvide information on PKI and AA/Identity development Including BCP and Use cases Provide training courses  in support of the proposed RIPE NCC PKI based Secure service model PKI basics Setup own Certification Authority Using PKI for Authentication and Authorisation Any other suggestions???7^\7^\  /?? P??????? ? ???????$?( ? ???r ?? S ???n???x8????  n ? ??r ?? S ???n???Sg??? n ? ??H ?? ? ?0???@??޽h?? ?? ??????????f??????rkz????Y?Gz????E?(`???   !"#$%&'()*+,-./0????23456789:;<=>?@ABCD????F????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????>????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Oh??+'??0 px??? ? ( 4 @ LX`?? HTTP и CGI TP=D:\msoffice\Templates\Presentation Designs\International.potfYuri Demchenkop391Microsoft PowerPoint 7.0sen@@2?!?@??G?}Y?@`??X7?@PJ????G? ?????y  K<&?????? &????&#????TNPP??2??OMig & TNPP? &????&TNPP   ?? ????-?-- !???-????-??-????--- !?T?F--?-&????u??&????-?-????- $u?u?~~????-? $~?~???????-? $???????>>?-? $????????-? $??????-?--&????&????--BPM:--???w???w@c          .--??"System !??????w-?&TNPP &????????՜.??+,??D??՜.??+,????????? ? ?? ????  u?A4 Paper (210x297 mm). d 2 Times New RomanSymbolMonotype SortsTimesNewRomanPSMTTimesNewRomanPS-ItalicMTInternation}?C?|$?v@C??? ? ]wD??m 0?????m 0?? ??Z??!PKI and AuthN/AuthZ (AA) services???PKI also creates a basis for AuthN/AuthZ services and Identity management They are intending to become  killer -applications for PKI IETF Standards An Internet Attribute Certificate Profile for Authorization (RFC 3281)  defines AC for X.509 role-based Privilege Management Infrastructure (PMI) RFC2902-RFC2906  Authentication, Authorisation, Accounting Framework  mostly oriented for mobile communications ITU-T Rec. X.812(1995) | ISO/IEC 10181-3:1996, Information technology - Open systems interconnection - Security frameworks in open systems: Access control framework OASIS developments SAML (Security Assertion Markup Language) XACML (eXtensible Access Control Markup Language) Web Services Security (actually SOAP Security) ??K;??K;? " d ?0Y"  P?vE??,Existing OpenSource solutions for AA and PMI?--? ??vPERMIS (PrivilEge and Role Management Infrastructure Standards Validation Project) - http://sec.isi.salford.ac.uk/permis/ SPOCP (Simple POlicy Control Protocol) - http:/www.spocp.org/ Internet2 PubCookie/WebISO - http://middleware.internet2.edu/webiso/ Shibboleth AuthZ Service - http://shibboleth.internet2.edu/ A-Select (AuthN and SSO) - http://a-select.surfnet.nl/ ?vwU%$?8$?*?!$?$??? O ;.??S??3Liberty Alliance Project (LAP) and Network Identity???Liberty is a set of protocols that collectively provide a solution for identity federation management, cross-domain authentication, and session management. New set of LAP specifications Version 1.1 was published in April 2003 - http://www.projectliberty.org/ Using SAML and Web Services technology The Liberty architecture contains three actors: Principal, Identity provider, and Service provider Circles of trust are initiated and controlled by user/principal ?|?g'c@?g'c@ ?????T??Liberty Identity and Protocol???Liberty protocol provides federation of Principal s identity between the Identity provider and the Service provider. Principal is authenticated to the Identity provider Identity provider provides an authentication assertion to the Principal Principal can present the assertion to the Service provider Principal is then also authenticated to the Service provider if the Service provider trusts the assertion. An identity federation is said to exist between an Identity provider and a Service provider when the Service provider accepts authentication assertions regarding a particular Principal from the Identity provider ??v?l?v ?l? ??[??RDiscussion  Interest from RIPE community??HProvide information on PKI and AA/Identity development Including BCP and Use cases Provide training courses  in support of the proposed RIPE NCC PKI based Secure service model PKI basics Setup own Certification Authority Using PKI for Authentication and Authorisation Any other suggestions???7^\7^\  /?? P??????? ? ???????$?( ? ???r ?? S ??? _???x8????  _ ? ??r ?? S ????U???Sg??? _ ? ??H ?? ? ?0???@??޽h?? ?? ??????????f??????r?????V?????