OSG Area Coordinators Meeting

Meeting Phone Coordinates

Wednesday, 2:00 PM Central Time
Phone (866) 740-1260 Meeting ID 8405618, followed by #


Brian, Rob Q., Gabriele, Von Welch, Ruth

New Items for OSG Calendar

Jemise will update Indico

Follow-up Action Items

OSG PKI Project Briefing for OSG Area Coordinatoris - Von Welch (15 minutes)

Von presents the DigiCert project, now better referred to as OSG PKI Project. He reviewed the info at the links above.


How will OSG users be affected? Heavier than usual load to RA: no automatic re-issuing of credentials for the first time.

GG: how will OSG software be affected? Software affected are the scripts written to request certificates directly to the CA, typically done by administrators. We change one REST API with a different one. Jeremy Fisher at IU will write a guide about this.

BB: These scripts have been written because of lack of functionalities with the CA to request certificates in bulk. VW: Supporting of the scripts should be the responsibility of who supports the CA front end service. This is only a proposal for now.

BB: Admins would probably be willing to beta test the service. VW: testing will go in phases from more to less experts. Will get in touch for suggestions on names.

BB: WN certificates: today sites request 1 for all the WN. This is the easiest for internal-only certificates (gLExec, condor authn, Zabbix, etc.). Are these going to be handled differently? VW: We plan to support the same level of usage as DOEGrids for OSG. With DigiCerts we'll have a contract to support a certain number. We'll need to check for run-away requests (e.g. requests for 10,000 WN) RP: I would like to understand how we can move away from the need of WN certs.

GG: what is the costing model? VW: single contract to cover up to N certificate (somewhat more than today). Then incremental costs that we'd like to avoid.

BB: do certs need to point to DNS names? VW: yes: is it a problem? BB: maybe for internal nodes. RQ: we look forward to streamline some internal processes with OIM

BB: what is the time for average site transition? For rpms it was 6 months VW: unclear now, but it's going to be more of a gradual transition than with rpm.

VW: we don't have a contract with DigiCert yet, but they can issue some limited number of certs for testing.

Stakeholder Request Management - Gabriele Garzogio

Discussion on idle OSG stakeholder requests

Request of CVMFS Trash/Trash/Blueprint meeting at the end of Apr will touch on this. BB: we are looking into pairing CVMFS with parrots to deploy clients on the flight wherever the CVMFS/Fuse client is NOT enabled.

-- GabrieleGarzoglio - 07 Mar 2012

Topic revision: r12 - 06 Dec 2016 - 18:12:50 - KyleGross
Hello, TWikiGuest


TWiki | Report Bugs | Privacy Policy

This site is powered by the TWiki collaboration platformCopyright by the contributing authors. All material on this collaboration platform is the property of the contributing authors..