eduPKI was a response to the need for better coordination to address security requirements of the services being developed in the project. Examples of services that can use eduPKI include SA2 connectivity services and eduroam, plus future services that will have security and trust requirements.
Digital certificates are issued by Certification Authorities (CAs) and are widely used to guarantee secure and reliable communication between servers, users, or between a user and a server. Examples of this are: a user connecting to a Web server securely using a web browser; or two users exchanging an email securely.
Federating existing Certification Authorities (CAs)
eduPKI builds on existing NREN CA services, federating them to make all participating CAs available to GÉANT’s services. A federated approach brings increased efficiency since a number of national CAs are already well-established and used within the NREN environment.
eduPKI aims to enable GÉANT services to obtain digital certificates from CAs operated by NRENs participating in the project that meet those services' requirements. Europe’s NRENs are encouraged to join the federated eduPKI service. While eduPKI relies on existing national CAs where possible, it operates a dedicated CA for test purposes and supports users belonging to an NREN that does not provide any CA service.
To achieve its goal eduPKI offers three main facilities:
A dedicated Certification Authority (eduPKI CA) for operations of
GÉANT Services: Operated by DFN for test purposes and to support those GÉANT
Services that cannot rely on a CA managed by an NREN (or equivalent service
like e.g. TCS).