Guidelines and Authentication Profiles: Classic X.509 CAs with secured infrastructure

• Classic X.509 CAs with secured infrastructure
  Formats available: Adobe PDF; Microsoft Word;
  Managed by: EUGridPMA
  Status: version 5.0, endorsed EUGridPMA, pending TAG, AP

  This is an Authentication Profile of the International Grid Trust Federation describing the minimum requirements on traditional X.509 PKI CAs. Traditional X.509 Public Key Certification Authorities (traditional PKI CAs) issue long-term credentials to end-entities, who will themselves posses and control their key pair and their activation data. These CAs act as an independent trusted third party for both subscribers and relying parties within the infrastructure. These authorities will use a long-term signing key, which is stored in a secure manner as defined in the Profile.

  Note that all technology-specific authentication profiles have been amalgamated into a common Authentication Assurance guidelines, augmented with PKIX technology-specific guidelines. The IGTF Authentication Assurance profile corresponding to Classic is https://igtf.net/ap/authn-assurance/cedar. Assurance Profiles are registered with IANA under RFC6711.

  Relevant necessary documents:
  • IGTF Levels of Authentication Assurance (all profiles)
  • IGTF PKI Technology Guidelines

  Version history:

  • Guidelines version 4.4: Adobe PDF; Microsoft Word.
  • Guidelines version 4.3: Adobe PDF; Microsoft Word.
  • Guidelines version 4.2: Adobe PDF; Microsoft Word.
  • Guidelines version 4.1: Adobe PDF; Microsoft Word; HTML.
  • Guidelines version 4.0: Acrobat PDF; Microsoft Word; HTML.
  • Guidelines version 3.2: Acrobat PDF; Microsoft Word; HTML.
  • Guidelines version 3.1: Acrobat PDF; Microsoft Word.
  • Guidelines version 3.0: Acrobat PDF; Microsoft Word; HTML.
  • Guidelines version 2+: Acrobat PDF; Microsoft Word.
  • Guidelines version 2: Text.
  • Guidelines version 1: Text.

  Associated documents

  • Auditing Template version 4.2: in ODF; in MS Excel; in PDF.