untitled - PDF 無料ダウンロード

UPKI JNSA PKI Day 2008 PKI 200873

Sapporo Sendai Osaka Kyoto Nagoya Tokyo Fukuoka (NII) 2008/7/3 PKI Day 2008 2

UPKI (Cyber Science Infrastructure) PKI 2008/7/3 PKI Day 2008 4

UPKI 16 7 NII 17 7KEKNII 18 1820 7+NII UPKI UPKI 2008/7/3 PKI Day 2008 5

UPKI 2008/7/3 PKI Day 2008 6

2008/7/3 PKI Day 2008 7

CSI 2008/7/3 PKI Day 2008 8

UPKI UPKI 2006816 UPKIUPKI https://upki-portal.nii.ac.jp/) 2008/7/3 PKI Day 2008 9

UPKI UPKI 2008/7/3 PKI Day 2008 10

UPKI

F-PKI/GPKIJPKI CP/CPS / CA CA CA CA 2008/7/3 PKI Day 2008 12

UPKI PKI (Public Key Infrastructure) PKI S/MIME () PKI PKI ( 2008/7/3 PKI Day 2008 13 Web LAN

PKI PKI PKI PKI PKIPKI PKI PKI (and/or) (and/or)() PKI PKI AP Grid PMA PKI 2008/7/3 PKI Day 2008 14

2008/7/3 PKI Day 2008 15 PKI PKI (and/or) PKI (and/or) PKI PKI( ) S/MIME PKI PKI S/MIME PKI ID PKI Delegation MyProxy S/MIME () ()

PKI PKI SSL/TLS S/MIME PKI NW Web SSOVPN LAN802.1X PKI Relying Party) 2008/7/3 PKI Day 2008 16

UPKI LAN NAREGI-CA S/MIME A A B 2008/7/3 PKI Day 2008 17 B NII NII Web Trust CA A B shibboleth ID-FF SAML2.0 C LDAP RADIUS NAREGI-CA LAN AP S/MIME UPKI CP/CPS Web Web eduroamlan eduroam shibboleth, SAML2.0UPKI 1ID DB NAREGI-CA LAN S/MIME WebS/MIME

(1) UPKI

2008/7/3 PKI Day 2008 19

2008/7/3 PKI Day 2008 20 CA:

(CA) IA RA IA RA IA RA IA 2008/7/3 PKI Day 2008 21

PKI PKI 2008/7/3 PKI Day 2008 22

IC 2008/7/3 PKI Day 2008 23

2008/7/3 PKI Day 2008 24

2008/7/3 PKI Day 2008 25

WG http://www.nii.ac.jp/csi/sp/

2008/7/3 PKI Day 2008 27

2008/7/3 PKI Day 2008 28 2006.82007.10 2001.22003.1 2001.72002.3 2003.52006.1 2006.82007.10

(*) UPKI (**) 2008/7/3 PKI Day 2008 29

2008/7/3 PKI Day 2008 30

2008/7/3 PKI Day 2008 31

2008/7/3 PKI Day 2008 32

(2)

H18 2008/7/3 PKI Day 2008 34 : SINET818218

!!?? 2008/7/3 PKI Day 2008 35

Web 2007/04/012009/06/30 H19: H20: : PKI S/MIME Tips Tips 36

2008/7/3 PKI Day 2008 37 UPKI()

: :?? 2008/7/3 PKI Day 2008 38

NII () (11) () Web 2008/7/3 PKI Day 2008 39

2008/7/3 PKI Day 2008 40

証明書発行の流れセコムトラストシステムズオフラインオンライン発行局ルート認証局証明書発行登録発行機関の実在性確認ドメインの実在性確認登録担当者の本人性確認 NII RA管理者一括申請一括受領利用者サーバ利用者の実在性確認利用者の本人性確認加入者ｻｰﾊﾞの管理責任確認 2008/7/3 登録担当者証明書発行申請証明書配付 PKI Day 2008 オープンドメイン認証局証明書インストール機関 (大学) 加入者 41

2008/7/3 PKI Day 2008 42 http://www.verisign.co.jp/server/first/difference.html

2008/7/3 PKI Day 2008 43

2008/7/3 PKI Day 2008 44

2008/7/3 PKI Day 2008 45

SINET,,,, PJ S/MIME() S/MIMEOffice XPExcel 2008/7/3 46

SINET,,,, ac.jp 70 H20.6 1,200 2008/7/3 47

1Q H19 H20 H21 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 4 5 6 2008/7/3 PKI Day 2008 48

(3) UPKI (UPKI-Federation) Shibboleth/SAMLPKI 2008/7/3 PKI Day 2008 49

Shibboleth Shibboleth Internet2/MACE SAMLFIM SAML2.0Shibboleth2.0(H20.3) [URL] http://shibboleth.internet2.edu/ 2008/7/3 PKI Day 2008 50

Shibboleth :M2 :25 (SP) (IdP) 2008/7/3 PKI Day 2008 51

Shibboleth 1. 2. (IdP) 3. 4. :M2 :25 (SP) IdP IdPSP 2008/7/3 PKI Day 2008 52

Shibboleth on UPKI Open Domain PKI Campus PKI NAREGI PKI A Univ. CA Web Web Web Srv. EE Proxy Proxy AuthN Architecture UPKI IdP UPKI SP A Univ. NAREGI CA EE EE EE NII Pub CA AuthZ Proxy Proxy Web Web Web Srv. UPKI IdP UPKI SP B Univ. NAREGI CA EE Other Pub CA AuthN EE EE Sign, Encrypt. UPKI Federation Auth, Sign, Encrypt. B Univ. CA EE Grid Computing UPKI SP Server, Super Computer Server, Super Computer Student, Faculty Student, Faculty 2008/7/3 PKI Day 2008 53

Shibboleth A SP A User A1 IdPSP IdP A User A2 B SP B SP IdP User B C IdP C IdP User C D IdP User D SP SP NIISP SP NIIIdP NII Science Direct (Elsevier) SP (Service Provider) IdP 2008/7/3 PKI Day 2008 54

08/07 TARO SUZUKI 08/07 ID IdP (DS) SP 1 SP 2 SP 3 TARO SUZUKI (1) SP (Service Provider) (2) (DS; Discovery Service) IdP (Identity Provider) (3) ID Web 2008/7/3 PKI Day 2008 55

TARO SUZUKI 08/07 (1) (2) A (3) (4) X https://idp.xdaigaku.ac.jp (5) X (6) (7) (8) (9) A X OK C (10) SP) 1ID1 (11) 2008/7/3 PKI Day 2008 56

Shibboleth UPKI (Shib-PKI) University Discovery Service e-journal, e-learning,,, (5) Authentication (4) Redirect (3) (2) Redirect (1) Access USER Internet2 OASIS 2008/7/3 PKI Day 2008 57

UPKI-Fedration Internet Auto redirect Auto redirect AuthN AuthN Access Access 2008/7/3 PKI Day 2008 58 -Federation Testbed

UPKI 2012 IdP NII SP (CiNii) E-learning LAN 2008/7/3 PKI Day 2008 59

UPKI UPKI 2006816 UPKIUPKI https://upki-portal.nii.ac.jp/) 2008/7/3 PKI Day 2008 60

WG http://www.nii.ac.jp/csi/sp/

2008/7/3 PKI Day 2008 62

2008/7/3 PKI Day 2008 63 2007.410 2006.82007.10 2001.22003.1 2001.72002.3 2003.52006.1 2006.82007.10

(*) UPKI (**) 2008/7/3 PKI Day 2008 64

2008/7/3 PKI Day 2008 65

2008/7/3 PKI Day 2008 66

200511 Stanford, VeriSing EnTrust 2006 7, AARNet 200611 Madison 2007 7 SWITCH, Terena, PKIeduroam, Shibboleth APAN (Asia Pacific Advanced Network) Meeting 2005, 2006, 2006Singapore, 2007 Manila, 2007 Middleware WG (2006 SAINT2007 Workshop on Middleware Architecture in the Internet (Hiroshima) AP Grid PMA meeting (Osaka, 2006) TERENA 9 th TF-EMC2 (Prague, 2007) 2008/7/3 PKI Day 2008 68

Statistics of Higher Education Institutions #inst. #student #faculty #staff #people University 726 2,865,051 161,690 179,521 3,206,262 national 87 627,850 60,937 56,470 745,257 public 86 124,910 11,426 11,940 148,276 private 553 2,112,291 89,327 111,111 2,312,729 Junior College 488 219,355 11,960 6,635 237,950 national 10 1,643 244 140 2,027 public 42 14,347 1,209 361 15,917 private 436 203,365 10,507 6,134 220,006 Tech. College 63 59,160 4,469 2,903 66,532 national 55 52,210 3,952 2,713 58,875 public 5 4,594 363 154 5,111 private 3 2,356 154 36 2,546 Total 1,277 3,143,566 178,119 189,059 3,510,744 2008/7/3 PKI Day 2008 69

http://www.consortium.or.jp/ ( Web 2008/7/3 PKI Day 2008 70

KULASIS UPKI etc. OCWe-Learning 2008/7/3 PKI Day 2008 71

19 18 PKI S/MIME PKI 7NII Web eduroampkilan PKI NAREGI NAREGI CA 2008/7/3 PKI Day 2008 72

(UPKI) NII / UPKI 2008/7/3 PKI Day 2008 73