Open Grid Forum

WHAT ARE OGF DOCUMENTS?

OGF DOCUMENT SERIES
Recommendation
Informational
Community Practice
Experimental

PUBLIC COMMENTS
Archived Comments

DRAFT DOCUMENTS


EGA DOCUMENTS

OGF Public Comments

Public comments are a very important part of the OGF document approval process.  Through public comments, documents are given scrutiny by people with a wide range of expertise and interests. Ideally, a OGF document will be self-contained, relying only on the other documents and standards it cites to be clear and useful.  Public comments of any type are welcomed, from small editorial comments to broader comments about the scope or merit of the proposed document.  The simple act of reading a document and providing a public comment that you read it and found it suitable for publication is very useful, and provides valuable feedback to the document authors.

Thank you for making public comments on this document!


Comments for Document: Guidelines for Auditing Grid CAs Version 1.0
Author(s):Y Tanaka, M Viljoen, S Rea
Type:INFO
Area:Security
Group:CAOPS-WG
Public Comment End:1 Apr, 2009

To make anonymous comments, please use 'anonymous' and 'guest' as the un/pw.


Comments:


Posted by: anonymous 2009-03-05 16:47:13This is a valuable informational document.
I know that this document is already widely used by IGTF CAs. I understand that this fact proofs that this is a valuable informational document. I strongly support this document to be published as an OGF document.


Posted by: zhengc 2009-03-05 17:29:56Guidelines for Auditing Grid CAs Version 1.0
I read this and sounds fine to me.


Posted by: kejun_dong 2009-03-05 20:17:38Good guideline for Grid CA Auditing
The document can be a good guideline for Grid CA Auditing. It sounds good and will be benifit for our CA auditing. - SDG Grid CA/CNIC Grid CA


Posted by: anonymous 2009-03-26 05:59:35Still a few things to do
1. Technical

o the included checklist (chapter 3 "Auditing checklist") is a list against an old outdated Classic AP. Update is needed to reflect the current (Classic) AP

o also the document does not state that it must be updated when there is a newer version of the Classic AP available than it references

o the "Auditing checklist" would be of more use if it is split out into a separate referenced document or appendix in spreadsheet format; this way it is easier to create additional spreadsheets for the other IGTF-APs and include them as appendix or external reference as well

2. Layout nit-picks:

o all bullets of bulleted lists should be standard bullet dots

o for smoother reading all the text paragraphs should be printed justified


Posted by: maryrthom 2009-03-26 23:30:27I second the idea of a spreadsheet
I used an earlier version of this document during an audit of the DOEGrids CA, and the first thing we did was to create a spread sheet of the check list. I would keep the current form which is more readable and add a reference document that has it in spread sheet form where the auditors would have space to add their comments.

The addition of the rfc 2527 paragraph numbers is helpful for those CAs that have not updated their CPS.

Would it be possible to add a reference to the IGTF Audit checklist for Grid CAs Version 4.1. I didn't find it starting from the IGTF home page.

Mary Thompson, LBNL


Posted by: anonymous 2009-03-30 10:20:00On the discussed spreadsheets
In reality there is a need for one spreadsheet per Authentication Profile: Classic, MICS & SLCS.

Keeping and more important maintaining up-to date information duplicated in two or more documents in different formats is a lot of effort.


Posted by: aida 2009-03-30 20:50:11Guidelines for Auditing Grid CAs Version 1.0
I think that this document presents valuable information for the grid operation community. I support this document.

Below is minor comment:

The checklist (15) defines how to keep the pass phrase of the encrypted private key, but the evaluation method describes an evaluation method for the CA private key backup.

There is a TYPO, "??", in the table of the checklist (23).


Posted by: anonymous 2009-03-31 17:32:41
I used a preliminary version of this document a year ago while performing an internal audit (self-review) of the KFKI RMKI CA, and found it very useful.

Some minor comments:

- this document should come in many flavours, one for each AP. Each of those should bear the version of the corresponding AP in their name

- consequently, the Auditing Guideline documents should be revised & updated everytime the correspondig AP changes (i.e. following every PMA meeting:)

- I agree on the usefulness of spreadsheet versions

- two short remarks on particular cheklist items:

(2) Is there a single CA organisation per country, large region or international organization?

This should rather be discussed within the PMAs, and in some cases could be hard to judge/assess for an external auditor.

(52) How is the procedure of auditing described in the CP/CPS? (for RFC 3647)

This might seem out of place here as this is the very document that describes such an audit - CPS documents, on the other hand, are written against APs, RFCs and minimum requirements, and may or may not comply with anything written here abut the specifics of an audit. Perhaps the audit requirements / specifications described in a CPS (if there are any) could be recorded in the pre-examination phase of an audit?


Posted by: anonymous 2009-04-01 06:11:27
I have read this, and strongly support it.


Posted by: SoilaVill 2010-01-01 14:31:12Quick question
Hello, Awesome website that you have.

Adore the layout, do you mind telling where you downloaded the design from?

Thanks
Soila
http://collectionmshops.blogdns.org

> login   RSS RSS Contact Webmaster

OGFSM, Open Grid ForumSM, Grid ForumSM, and the OGF Logo are trademarks of OGF