Back to Home
  • FAQs
  • CONTACT US
  • SITEMAP
  • COOKIE POLICY
  • GEANT GATEWAY
  • About GEANT
    • Partners
      • NREN Development and Support
    • Governance and Management
      • Partners' Assembly
      • Executive Board
    • Activities
    • European e-Infrastructure
      • Europe 2020 and GEANT
      • GEANT Expert Group
      • Women in ICT
    • Value of GEANT
      • History of GEANT
  • Network
    • The Network
    • Network Operations
      • Operations Teams
      • Operations Centre
      • Network Security
    • Global Connectivity
      • Global Connectivity: The Benefits
      • Global Connectivity: World Regions
      • Global Users and Applications
      • How to Connect to the network
      • Global Service Collaboration
    • Research and Education Networks
    • Campus Best Practice
    • Environmental Impact
      • Carbon accounting
      • Adopting a Greener Corporate Outlook
      • Events & Case Studies
      • Sustainability Policy
  • Innovation
    • Research Programmes
      • Network Architectures for Horizon 2020
      • Technology Testing for Specific Service Applications
      • Identity and Trust Technologies for GEANT Services
    • Testbeds
    • Foresight
    • Open Call
    • Standards
  • Services
    • Connectivity Services
      • GEANT IP
      • GEANT L3VPN
      • GEANT Plus
      • GEANT Lambda
      • GEANT Open
      • GEANT Bandwidth on Demand
      • GEANT Testbeds Service
    • Network Performance Services
      • perfSONAR
      • eduPERT
      • GEANT Security
      • GEANT Framework
    • User Access and Applications
      • eduroam
      • eduGAIN
      • eduPKI
      • eduCONF
    • Cloud Services
    • Services Registration Authority
      • SSL Certificates
      • Request a Certificate
    • Namespace Registry
      • urn:geant Registry
      • URN: FAQs
      • URN: Request Form
      • geant.net/uri Registry
    • Training
      • Geant Showcase
  • Users
    • Health and Medicine
      • DECIDE
      • neuGRID
      • OutGRID
      • Sim-e-Child
      • TEMDEC
      • ITHANET
      • EMBL-EBI
    • Energy
      • CAREN
      • ITER
    • Earth Observation
      • PAGASA
      • EMSA
      • CAREN glaciers
      • TIGGE and GEANT
      • THEOS and GEANT
    • Particle Physics
      • LHCOPN
      • LHCONE
      • BELLE II and GEANT
    • Space
      • GEANT and ORIENTplus
      • EXPReS Project
      • NEXPReS
    • Society
      • Sichuan earthquake
    • Arts and Education
      • ShanghAI Lectures
      • LOLA
      • ASTRA Project
      • perfSONAR MDM
      • Opera Oberta
      • e-Education
    • Horizon 2020
    • User Advisory Committee
    • User Support
    • User Posters
  • News & Events
    • News
      • News Archive - 2013
      • Press coverage
    • Events
      • TNC 2015
    • CONNECT magazine
      • Archived Issues
    • Representing GEANT
    • Press Kit
    • Follow Us
  • Resources
    • Deliverables
    • Open Call deliverables
    • White Papers
    • Knowledge Sharing
    • Media Library
      • GEANT Case Studies
      • GEANT Media Library: Project videos
      • GEANT Media Library: Interviews
      • GEANT Showcase Presentations
      • GEANT Media Library: Audio
      • GEANT Media Library: Maps
      • GEANT Media Library: Brochures
      • GEANT Media Library: Presentations
      • User Posters
    • Partner Resources
      • Exhibition Stands
      • Image Library
    • Intellectual Property
  • Open Call
    • About
    • Applications and Tools
    • Authentication
    • Network Architecture and Optical Projects
    • Software Defined Networking
    • Videos

BA Test
Cloud Services
Connectivity Services
Namespace Registry
Network Performance Services
Services Registration Authority
Training
User Access and Applications

eduPKI - supporting trust requirements

The eduPKI service being developed within the GÉANT project aims to ease the adoption of digital certificates within the project in a cost-effective way. It aims to create a service able to support other of the project’s services in defining their security requirements, and to provide them with digital certificates.

eduPKI was a response to the need for better coordination to address security requirements of the services being developed in the project. Examples of services that can use eduPKI include perfSONAR, eduGAIN and eduroam, plus future services that will have security and trust requirements.

Digital certificates are issued by Certification Authorities (CAs) and are widely used to guarantee secure and reliable communication between servers, users, or between a user and a server. Examples of this are: a user connecting to a Web server securely using a web browser; or two users exchanging an email securely.

Federating existing Certification Authorities (CAs)

eduPKI will build on top of existing NREN CA services, federating them to make all participating CAs available to the Project’s services. A federated approach brings increased efficiency since a number of national CAs are already well-established and used within the NREN environment.

eduPKI aims to enable GÉANT services to obtain digital certificates from CAs operated by NRENs participating in the project, that meet those services' requirements. Thus Europe’s NRENs are encouraged to join the federated eduPKI service. Whilst eduPKI will rely on existing national CAs whenever possible, it will also operate a dedicated CA for test purposes and that will also support users belonging to an NREN that does not provide any CA service.

eduPKI structure

To achieve its goal eduPKI will offer three main facilities:

  • Policy Management Authority (PMA), which will define procedures to assess GN3 services' requirements and categorise them into profiles; and also procedures to assess existing national CA operations against the agreed profiles.

  • A dedicated Certification Authority (eduPKI CA), operated by DFN for test purposes and to support those NREN users that cannot rely on any national CA service.

  • An enhanced version of the existing TACAR (TERENA Academic Certificate Authority Repository), to store and distribute the eduPKI-participating Certificate Authority's root certificates (including the eduPKI CA root) in a secure manner.

Why will eduPKI be beneficial to users?

By allowing existing CAs to issue certificates for those GÉANT project services that require them, eduPKI will permit users to deal with their NREN, following familiar procedures which will reduce the burden of using new services. So thanks to the federated approach, users will be able to obtain all necessary certificates from either the CA managed by their own NREN (or equivalent service) or via the eduPKI CA.

​See also

​eduPKI website

eduPKI Service Definition

eduPKI Status Report

eduPKI Business Case

Report on the Establishment and enhancement of the Policy Management Authority and Repository

eduPKI update presentation

  • GEANT
  • EU flag
  • European Commission Communications Networks, Content and Technology
  • Copyright
  • Credits
  • Legal