UPKI JNSA PKI Day 2008 PKI 200873
Sapporo Sendai Osaka Kyoto Nagoya Tokyo Fukuoka (NII) 2008/7/3 PKI Day 2008 2
3
UPKI (Cyber Science Infrastructure) PKI 2008/7/3 PKI Day 2008 4
UPKI 16 7 NII 17 7KEKNII 18 1820 7+NII UPKI UPKI 2008/7/3 PKI Day 2008 5
UPKI 2008/7/3 PKI Day 2008 6
2008/7/3 PKI Day 2008 7
CSI 2008/7/3 PKI Day 2008 8
UPKI UPKI 2006816 UPKIUPKI https://upki-portal.nii.ac.jp/) 2008/7/3 PKI Day 2008 9
UPKI UPKI 2008/7/3 PKI Day 2008 10
UPKI
F-PKI/GPKIJPKI CP/CPS / CA CA CA CA 2008/7/3 PKI Day 2008 12
UPKI PKI (Public Key Infrastructure) PKI S/MIME () PKI PKI ( 2008/7/3 PKI Day 2008 13 Web LAN
PKI PKI PKI PKI PKIPKI PKI PKI (and/or) (and/or)() PKI PKI AP Grid PMA PKI 2008/7/3 PKI Day 2008 14
2008/7/3 PKI Day 2008 15 PKI PKI (and/or) PKI (and/or) PKI PKI( ) S/MIME PKI PKI S/MIME PKI ID PKI Delegation MyProxy S/MIME () ()
PKI PKI SSL/TLS S/MIME PKI NW Web SSOVPN LAN802.1X PKI Relying Party) 2008/7/3 PKI Day 2008 16
UPKI LAN NAREGI-CA S/MIME A A B 2008/7/3 PKI Day 2008 17 B NII NII Web Trust CA A B shibboleth ID-FF SAML2.0 C LDAP RADIUS NAREGI-CA LAN AP S/MIME UPKI CP/CPS Web Web eduroamlan eduroam shibboleth, SAML2.0UPKI 1ID DB NAREGI-CA LAN S/MIME WebS/MIME
(1) UPKI
2008/7/3 PKI Day 2008 19
2008/7/3 PKI Day 2008 20 CA:
(CA) IA RA IA RA IA RA IA 2008/7/3 PKI Day 2008 21
PKI PKI 2008/7/3 PKI Day 2008 22
IC 2008/7/3 PKI Day 2008 23
2008/7/3 PKI Day 2008 24
2008/7/3 PKI Day 2008 25
WG http://www.nii.ac.jp/csi/sp/
2008/7/3 PKI Day 2008 27
2008/7/3 PKI Day 2008 28 2006.82007.10 2001.22003.1 2001.72002.3 2003.52006.1 2006.82007.10
(*) UPKI (**) 2008/7/3 PKI Day 2008 29
2008/7/3 PKI Day 2008 30
2008/7/3 PKI Day 2008 31
2008/7/3 PKI Day 2008 32
(2)
H18 2008/7/3 PKI Day 2008 34 : SINET818218
!!?? 2008/7/3 PKI Day 2008 35
Web 2007/04/012009/06/30 H19: H20: : PKI S/MIME Tips Tips 36
2008/7/3 PKI Day 2008 37 UPKI()
: :?? 2008/7/3 PKI Day 2008 38
NII () (11) () Web 2008/7/3 PKI Day 2008 39
2008/7/3 PKI Day 2008 40
証明書発行の流れ セコムトラスト システムズ オフライン オンライン 発行局 ルート認証局 証明書発行 登録 発行 機関の実在性確認 ドメインの実在性確認 登録担当者の本人性確認 NII RA管理者 一括申請 一括受領 利用者サーバ 利用者の実在性確認 利用者の本人性確認 加入者サーバの管理責任確認 2008/7/3 登録担当者 証明書発行申請 証明書配付 PKI Day 2008 オープンドメイン 認証局 証明書 インストール 機関 (大学) 加入者 41
2008/7/3 PKI Day 2008 42 http://www.verisign.co.jp/server/first/difference.html
2008/7/3 PKI Day 2008 43
2008/7/3 PKI Day 2008 44
2008/7/3 PKI Day 2008 45
SINET,,,, PJ S/MIME() S/MIMEOffice XPExcel 2008/7/3 46
SINET,,,, ac.jp 70 H20.6 1,200 2008/7/3 47
1Q H19 H20 H21 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 4 5 6 2008/7/3 PKI Day 2008 48
(3) UPKI (UPKI-Federation) Shibboleth/SAMLPKI 2008/7/3 PKI Day 2008 49
Shibboleth Shibboleth Internet2/MACE SAMLFIM SAML2.0Shibboleth2.0(H20.3) [URL] http://shibboleth.internet2.edu/ 2008/7/3 PKI Day 2008 50
Shibboleth :M2 :25 (SP) (IdP) 2008/7/3 PKI Day 2008 51
Shibboleth 1. 2. (IdP) 3. 4. :M2 :25 (SP) IdP IdPSP 2008/7/3 PKI Day 2008 52
Shibboleth on UPKI Open Domain PKI Campus PKI NAREGI PKI A Univ. CA Web Web Web Srv. EE Proxy Proxy AuthN Architecture UPKI IdP UPKI SP A Univ. NAREGI CA EE EE EE NII Pub CA AuthZ Proxy Proxy Web Web Web Srv. UPKI IdP UPKI SP B Univ. NAREGI CA EE Other Pub CA AuthN EE EE Sign, Encrypt. UPKI Federation Auth, Sign, Encrypt. B Univ. CA EE Grid Computing UPKI SP Server, Super Computer Server, Super Computer Student, Faculty Student, Faculty 2008/7/3 PKI Day 2008 53
Shibboleth A SP A User A1 IdPSP IdP A User A2 B SP B SP IdP User B C IdP C IdP User C D IdP User D SP SP NIISP SP NIIIdP NII Science Direct (Elsevier) SP (Service Provider) IdP 2008/7/3 PKI Day 2008 54
08/07 TARO SUZUKI 08/07 ID IdP (DS) SP 1 SP 2 SP 3 TARO SUZUKI (1) SP (Service Provider) (2) (DS; Discovery Service) IdP (Identity Provider) (3) ID Web 2008/7/3 PKI Day 2008 55
TARO SUZUKI 08/07 (1) (2) A (3) (4) X https://idp.xdaigaku.ac.jp (5) X (6) (7) (8) (9) A X OK C (10) SP) 1ID1 (11) 2008/7/3 PKI Day 2008 56
Shibboleth UPKI (Shib-PKI) University Discovery Service e-journal, e-learning,,, (5) Authentication (4) Redirect (3) (2) Redirect (1) Access USER Internet2 OASIS 2008/7/3 PKI Day 2008 57
UPKI-Fedration Internet Auto redirect Auto redirect AuthN AuthN Access Access 2008/7/3 PKI Day 2008 58 -Federation Testbed
UPKI 2012 IdP NII SP (CiNii) E-learning LAN 2008/7/3 PKI Day 2008 59
UPKI UPKI 2006816 UPKIUPKI https://upki-portal.nii.ac.jp/) 2008/7/3 PKI Day 2008 60
WG http://www.nii.ac.jp/csi/sp/
2008/7/3 PKI Day 2008 62
2008/7/3 PKI Day 2008 63 2007.410 2006.82007.10 2001.22003.1 2001.72002.3 2003.52006.1 2006.82007.10
(*) UPKI (**) 2008/7/3 PKI Day 2008 64
2008/7/3 PKI Day 2008 65
2008/7/3 PKI Day 2008 66
200511 Stanford, VeriSing EnTrust 2006 7, AARNet 200611 Madison 2007 7 SWITCH, Terena, PKIeduroam, Shibboleth APAN (Asia Pacific Advanced Network) Meeting 2005, 2006, 2006Singapore, 2007 Manila, 2007 Middleware WG (2006 SAINT2007 Workshop on Middleware Architecture in the Internet (Hiroshima) AP Grid PMA meeting (Osaka, 2006) TERENA 9 th TF-EMC2 (Prague, 2007) 2008/7/3 PKI Day 2008 68
Statistics of Higher Education Institutions #inst. #student #faculty #staff #people University 726 2,865,051 161,690 179,521 3,206,262 national 87 627,850 60,937 56,470 745,257 public 86 124,910 11,426 11,940 148,276 private 553 2,112,291 89,327 111,111 2,312,729 Junior College 488 219,355 11,960 6,635 237,950 national 10 1,643 244 140 2,027 public 42 14,347 1,209 361 15,917 private 436 203,365 10,507 6,134 220,006 Tech. College 63 59,160 4,469 2,903 66,532 national 55 52,210 3,952 2,713 58,875 public 5 4,594 363 154 5,111 private 3 2,356 154 36 2,546 Total 1,277 3,143,566 178,119 189,059 3,510,744 2008/7/3 PKI Day 2008 69
http://www.consortium.or.jp/ ( Web 2008/7/3 PKI Day 2008 70
KULASIS UPKI etc. OCWe-Learning 2008/7/3 PKI Day 2008 71
19 18 PKI S/MIME PKI 7NII Web eduroampkilan PKI NAREGI NAREGI CA 2008/7/3 PKI Day 2008 72
(UPKI) NII / UPKI 2008/7/3 PKI Day 2008 73