Dear colleagues,
As we have been communicating with you over the past several months, ESnet will be fully transitioning support for the DOE Grids certificate service to a new service operated by the Open Science Grid (OSG).
We have reached a critical juncture in the transition where it is necessary for you to begin solidifying your organization’s future certificate service plans to ensure no interruption of service. We encourage you to read the following information carefully.
In mid-March 2013 the DOE Grids PKI will cease issuing new certificates. The exact timing will coincide with the planned Large Hadron Collider (LHC) shutdown. The exact date of the shutdown is still being determined and we will share that specific date as soon as it is set. After DOE Grids concludes offering certificate services, all users will either need to use the OSG certificate service (the “OSG PKI”), or some other provider, to obtain or renew certificates. All certificates issued by DOE Grids prior to its cessation of service in mid-March 2013 will continue to function for 12 months after the date of issue.
To help ensure a seamless transition of service, beginning October 1, 2012, the OSG PKI will begin issuing production-ready certificates. This will allow you time to transition to the new service and resolve any issues that may arise before the DOE Grids service ends. The new OSG PKI will have a new look and feel, but effort has been made to keep the workflow and processes similar to the DOE Grids PKI. There is friendly testing already underway. If you would like to participate in this current trial, please contact Von Welch at vwelch@indiana.edu.
Your organization should begin planning for the effort involved in the transition. Specifically, please note the following action items that will need to be taken:
* Registration Authorities (RAs) and Grid Admins will need to register with the OSG PKI. This will involve making a formal request for the service and accepting the OSG/DigiCert agreement. A draft process can be found here: https://twiki.grid.iu.edu/bin/view/Operations/OSGPKITrustedAgent
* In the new OSG PKI, the role of the Grid Admin will change. Virtual Organization (VO) RAs will approve users in their VO and Grid Admins will approve hosts in a given domain (e.g., iu.edu).
* In the new service, users identities (distinguished names) will change. VOs will need to prepare for the extra effort for handling this change. For example, VOs will need to be prepared to re-register users in the Virtual Organization Management System (VOMS) or other access control mechanisms, if applicable.
* The DigiCert CA used by the new OSG PKI is in the IGTF CA distribution starting with the January 2012 v1.44 distribution. VOs and Sites should ensure they update as soon as possible. Please see: https://dist.eugridpma.info/distribution/igtf/current/accredited/
* Beginning in October 2012, training and other resources will be available to help organizations prepare for the service transition. We will be sending an update to this mail list when training is scheduled or otherwise available. Please contact Von (vwelch@indiana.edu) if you have interest in participating in this training so we can plan appropriate venues and delivery mechanisms. For more information, visit: https://opensciencegrid.org/bin/view/Security/DigiCertTrainingPlan
Von is also currently hosting weekly calls on Tuesdays at 3pm ET focused on details of the transition. All are invited to join these calls to discuss your needs and to learn the progress of the roll-out. Call-in details can be found below and on the OSG PKI Planning Website, which provides up to date information on all aspects of the transition.
Ruth Pordes (ruth@fnal.gov) and Von (vwelch@indiana.edu) together with our ESnet staff are available at anytime for individual conversations about the service to answer any questions you may have. We will be contacting each of you in the coming weeks to schedule a one-on-one conversation to answer questions and ensure your transition planning is underway. We look forward to speaking with you soon.
Regards,
Von Welch
OSG PKI Transition Project Lead
For the latest information:
https://twiki.grid.iu.edu/bin/view/Security/OSGCATransition2012
Conference call details:
Weekly calls Tuesday at 3pm ET
Phone Number: (800) 940-6112 or (812) 856-3600
Participant PIN: 001174#
skip to main |
skip to sidebar
News and Announcements from OSG Operations.
Search This Blog
OSG Operations Team
Open Science Grid Operations Center
Based at Indiana University, the OSG Operations Group provides a single point of operational support for the Open Science Grid (OSG). Operations performs real time Grid monitoring and problem tracking, provides support to users, developers and systems administrators, maintains grid services, provides security incident response, and maintains information repositories.
Operations Service Status Overview
Contact: Phone +1 317-278-9699; Email goc [at] opensciencegrid.org; Submit ticket.
Please visit the Operations Git Pages for more information on every day activities of OSG Operations.
Operations Service Status Overview
Contact: Phone +1 317-278-9699; Email goc [at] opensciencegrid.org; Submit ticket.
Please visit the Operations Git Pages for more information on every day activities of OSG Operations.
OSG Operational Services
Upcoming Events - OSG Operations Calendar
Blog Archive
-
▼
2012
(77)
-
▼
September
(8)
- OSG 1.2.30 Has Been Released
- OSG Software release 3.1.9
- OSG Campus Infrastructures Community Workshop at U...
- GOC Service Update - Tuesday, September 25th at 13...
- OSG PKI Training registration now available for RA...
- Special Maintenance window for GOC Production Glid...
- DOE Grids service transition
- GOC Service Update - Tuesday, September 11th at 13...
-
▼
September
(8)
Posts
GOC News | MyOSG | BDII | GOC Ticket | OIM | OSG Software Cache | TWiki | Report Bugs
Copyright 2009 Indiana University - Developed for Open Science Grid