Index of /distribution/egi-1.82-1/ca-policy-egi-cam-1.82-1

[ICO]NameLast modifiedSize

[PARENTDIR]Parent Directory  -
[DIR]RPMS/2017-03-25 10:02 -
[DIR]SRPMS/2017-03-25 10:02 -
[DIR]dists/2017-03-25 10:02 -
[DIR]headers/2017-03-25 10:02 -
[DIR]meta/2017-03-25 10:02 -
[DIR]repo-files/2017-03-25 10:02 -
[DIR]repodata/2017-03-25 10:02 -
[DIR]tgz/2017-03-25 10:02 -
[   ]GPG-KEY-EUGridPMA-RPM-32017-03-25 10:02 889
[TXT]release.xml2017-03-25 10:02 77


European Grid Infrastructure EGI Trust Anchor release 1.82          2017.03.27

------------------------------------------------------------------------------
   For release DOCUMENTATION available on this EGI Trust Anchor release see   
               https://wiki.egi.eu/wiki/EGI_IGTF_Release                      
------------------------------------------------------------------------------

This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA
distribution version 1.82-1 with the specific DOGWOOD CA in
meta-package "ca-policy-egi-combined-adequacy-model-1.82-1"
that supports the model of joint assurance provision as detailed in the
EGI Policy on Acceptable Authentication Assurance.

  IMPORTANT NOTICE:
   This release contains a new "cam" (combined assurance/adequacy) package 
   based on the approved policy on differentiated assurance. See details on
   the EGI Wiki at <https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl>
  TECHNICALLY THIS MEANS THAT
   you must ONLY install the new ca-policy-egi-cam packages if you ALSO
   at the same time implement VO-specific authorization controls in your
   software stack. This may require reconfiguration or a software update. See
     https://wiki.egi.eu/wiki/EGI_IGTF_Release#cam-impl
  OTHERWISE
   just only install the regular ca-policy-egi-core package. There are 
   no changes in this case. The ca-policy-egi-core package is approved
   for all VOs membership and assurance models.

The following notices are republished from the IGTF, inasfar as pertinent to
this release. Details are found in the newsletter https://www.eugridpma.org/

Changes from 1.81 to 1.82
-------------------------
(27 March 2017)

* Added new G2 UGrid trust anchor (UA)
* Extended validity for AEGIS CA (RS)
* Withdrawn discontinued FNAL KCA (US)
* Extended valitity for REUNA CA (CL)

The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM)
and Conflicts/Replaced clauses (Debian)  have been incorporated in the above-
mentioned meta-packages.  This release is best enjoyed with  fetch-crl v3  or 
better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian,
and from the IGTF at https://www.igtf.net/fetch-crl

Policy on Acceptable Authentication Assurance (Updated 1 Feb 2017)
------------------------------------------------------------------
If a VO registration service or e-Infrastructure registration service is
accredited by EGI to meet or exceed the approved authentication assurance
profiles, an IGTF accredited Authority meeting the Assurance Profile DOGWOOD
- used solely in combination with said registration service - is also
adequate for user authentication. This policy has been adopted on Feb 1st,
2017, and is available at <https://documents.egi.eu/document/2930>
In the PKI Technology Rendering, EGI thus approves the IGTF SLCS, MICS, and
Classic APs for general use (egi-core), and in addition the IOTA AP for use 
in combination with VO registration services that themselves meet the 
aforementioned requirements. This additional restriction must be implemented
by each service in the authorization software. The "combined assurance"
model package must not be installed unless the additional authorization is
in place. You will need to reconfigure and may need to install upgrades.

Version information: ca-policy-egi-combined-adequacy-model = 1.82-1