Table of Contents
Participants
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Panel | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||
#Enter the persons who are participating in the team that works on this Activity - delete this line after using the template#
|
...
Panel | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||
|
Activity overview
Panel | ||
---|---|---|
| ||
The GN4-3 WP5 T2 (Incubator - Preparatory Phase) investigated the applicability of a low-cost open-source HSM appliance developed by Diamond Key Security (https://www.dkey.org/) and based on Cryptech (https://cryptech.is/) modules to a set of use cases consisting of GÉANT and other community T&I services. It concluded that the capability of the appliance was suited to support a range of GÉANT use cases encompassing, principally, CA key storage and certificate signing together with metadata and code signing, although the current capabilities of the appliance was were insufficient for some services that needed higher performance, such eduGAIN MDQ . The Diamond Key enterprise has ceased operating, however the GN4-3 project has already acquired two of the Diamond Key appliances and these have been installed in a datacentre at SURFnet. The objective of this activity is to investigate the demand for an HSM testbed service using these appliances to . This will enable interested projects and services who wish , who typically are unable to develop using an HSM, to investigate the use of an HSM to to improve the security and integrity of their offerings to do so. Assuming there is such demand, this activity will define the goals and scope of such a service, and how the infrastructure should be configured to support it, with the intention of transferring the on-going management and maintenance to a suitable entity within the GN4-3 project. |
...
Panel | ||
---|---|---|
| ||
|
Activity Details
Panel | ||
---|---|---|
| ||
|
Panel | ||
---|---|---|
| ||
Many organisations are working on projects or developing T&I services for the R&E sector that need to securely store and use secret key material to ensure trust in the operations they perform is not undermined. Operations such as issuing and signing certificates used by a PKI, signing of SAML assertions , and OIDC tokens is are crucial to the operation of identity federations. Promoting best security practice among such organisations is in accord with the needs of GDPR - "organisations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data”, and provision of the testbed service will enable them to gain exposure to HSM usage and (hopefully) will increase the number of services using HSMs in the future. |
...
Panel | ||
---|---|---|
| ||
This activity will be considered complete when:
|
...
Panel | ||
---|---|---|
| ||
The aim of this activity is to make a testbed service available to interested services and projects within the community. |
Activity Results
Panel | ||
---|---|---|
| ||
#Please provide pointers to completed and intermediary results of this activity - delete this line after using the template# |
Meetings
Date | Activity | Owner | Minutes |
---|---|---|---|
January 1, 2017 | Kickoff meeting | ||
Documents
Attachments |
---|