See Automated Bandwidth Allocation across Heterogeneous Networks.
Automated Bandwidth Allocation across Heterogeneous Networks
A bandwidth-on-demand system dedicated to reserve resources in heterogeneous, multi-domain environments, allowing immediate and advance circuit reservations. The autoBAHN system provides the production bandwidth-on-demand service for the GÉANT community.
An encoding standard to store (binary) data in ASCII (American Standard Code for Information Interchange) format, i.e. using only a printable sub-set of those 7-Bit characters that ASCII comprises.
See Certification Authority.
CA Evaluation and Accreditation Team
eduPKI PMA forms the CA Evaluation and Accreditation Team which will evaluate an applying CA in regards to its conformance with a chosen eduPKI Trust Profile. The CA Evaluation and Accreditation Team is responsible for accreditation of conforming CAs as well as suspension and withdrawal of such accreditation.
See X.509 digital Certificate.
The main governing document for a CA defining its standards and conditions for issuing X.509 digital Certificates.
Certificate Revocation List
An electronically signed list of revoked X.509 digital Certificates issued by a CA.
A Certification Authority issues X.509 digital Certificates and publishes revocation and status information about the issued Certificates.
Statement Based on the CP. The Certification Practice Statement of a CA contains detailed information, specifications, CA procedures and security measures for the issuance of X.509 digital Certificates by the CA.
See Common Network Information Service.
Common Network Information Service
Provides a unified repository of all relevant network information about a single administrative domain. Apart from the internal functionality required for populating, validating and updating the repository, cNIS is equipped with modules for analysing the network topology data and presenting the data in a client-specified format (graphical, tabular or XML for external applications).
A Certification Authority acting in compliance with an implied or explicitly named eduPKI Trust Profile.
See Certificate Policy.
See Certification Practice Statement.
See Certificate Revocation List.
See Distinguished Encoding Rules.
Distinguished Encoding Rules
A standard derived from the Basic Encoding Rules (BER) standard to encode Certificates and CRLs when stored in binary form, e.g. in files.
Federation of organisations mutually providing their users access to the Internet connectivity.
eduroam® Service Provider
RADIUS/TLS server operated by a network visited by a user registered within a different network.
eduroam® Identity Provider
RADIUS/TLS server operated by the network managing an account for a user visiting a different network.
See eduPKI Policy Management Authority.
eduPKI PMA Board
The eduPKI PMA board consists of a chair and a co-chair as well as further members coordinating and performing the work of the eduPKI PMA.
eduPKI PMA Charter
The main governing document defining rules for the eduPKI PMA.
eduPKI Policy Management Authority
The authority that is managing and coordinating PKI, policy and trust matters between the GÉANT community as Relying Parties and CAs as identity assurers.
eduPKI Trust Anchor Repository eduPKI is using TACAR to provide a trusted download location for the Trust Anchors of CAs.
eduPKI Trust Profile
Definition of minimum requirements of a GÉANT Service in regards to the quality of identity assertions and vetting procedures as well as the supporting assertion infrastructure.
Federal Information Processing Standards (USA)
Standards issued by NIST for processing information on U.S. federal computer systems in U.S. government environments.
See Federal Information Processing Standards (USA).
The fast and reliable pan-European communications infrastructure serving Europe’s research and education community.
A service offered by GÉANT participants to the GÉANT community.
GÉANT Service Area
The GÉANT Service Area is a common pan-European service infrastructure that enables a range of advanced network services and applications to be offered at a national level by NRENs.
GÉANT's Multi-Domain Network Services
These are network related services with the objective of being available seamlessly in the different management domains across the GÉANT Service Area. Example of such services are autoBAHN, cNIS, I-SHARe and perfSONAR.
An identity assurer, e.g. a CA, issues an identity assertion, e.g. a certificate, once the assurer has vetted the identity of the entity described in the certificates distinguished name for assertions issued to persons or the assurer vetted the identity of the certificate requester for other kinds of certificates, e.g. server certificates.
An identity assurer, e.g. a CA, issues identity assertions once the identity assurer has vetted the identity that is or owns the subject described by the identity assertion.
See Internet Engineering Task Force.
Information Sharing across Heterogeneous Administrative Regions
A collaborative tool to support operations in the management of end-to-end (E2E) network link services in a multi-domain environment. I-SHARe enables the seamless delivery of multi-domain E2E network link services as well as the provision of a consistent operational support system across multiple domains by simplifying collaboration between those participating domains and such making it easier to establish and manage E2E network links.
Internet Engineering Task Force
A community of network designers, operators, vendors and researchers fostering the evolution of the Internet architecture and caring for a smooth operation of the Internet.
See Information Sharing across Heterogeneous Administrative Regions.
National Institute of Standards and Technology (USA)
The USA's national standards and technology body.
National Research and Education Network
Provides Internet connectivity as well as additional services to its scientific research and education constituency on a national level.
See National Institute of Standards and Technology (USA).
See National Research and Education Network.
A uniquely assigned identifier for a document or object.
See Online Certificate Status Protocol.
See Object Identifier.
Online Certificate Status Protocol
A protocol defined by the IETF in "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", RFC 2560, for issuing online queries and receiving responses about the revocation status of an X.509 digital Certificate.
See Privacy Enhanced Mail.
Performance Service Oriented Network monitoring Architecture
The multi-domain monitoring service for the GÉANT Service Area enabling NRENs, Network Operations Centres (NOCs) and Performance Enhancement and Response Teams (PERTs) to collaborate in providing seamless network performance for their network users.
See Performance Service Oriented Network monitoring Architecture.
See Public Key Cryptography Standard.
See Public Key Infrastructure.
See Public Key Infrastructure for X.509 digital Certificates.
See Policy Management Authority.
Policy Management Authority
A Policy Management Authority manages and coordinates PKI, policy and trust matters between Relying Parties which rely on issued identity assurances and CAs as the identity assurers.
Privacy Enhanced Mail
A standard and format to store Certificates and CRLs in Base64 encoded form, e.g. files.
Public Key Cryptography Standard
A set of standards for public key cryptography, e.g. PKCS#10 describing Certificate Signing Requests (CSRs), PKCS#11 describing an application programming interface (API) for accessing a cryptographic key token and PKCS#12 describing how to store private key material and associated certificates in pass-phrase protected files.
Public Key Infrastructure
Infrastructure for public key cryptography.
Public Key Infrastructure for X.509 digital Certificates
PKI especially built around X.509 digital Certificates; name of a working group at the IETF that writes RFCs in regards to implementing PKI with X.509 digital Certificates.
RADIUS over TLS; a protocol defined by IETF in "TLS encryption for RADIUS", draft-ietf-radext-radsec-09, S. Winter, M. McCauley, S. Venaas, K. Wierenga.
A Relying Party relies on issued identity assertions, e.g. on X.509 digital Certificates to authenticate the respective holder of the Certificate.
Request for Comments
A series of technical and organisational documents and recommendations about the Internet published by the IETF.
See Request for Comments.
Asymmetric cryptographic algorithm developed by R. L. Rivest, A. Shamir and L. Adleman, used for digital signing and encryption.
Secure Hash Algorithm defined by NIST used to produce cryptographically strong hash sums.
See Trusted Academic CA Repository
TACAR Trust Category
Each eduPKI Trust Profile has its specific trust category in TACAR and accredited CAs under an eduPKI Trust Profile are tagged with the TACAR Trust Category.
Trusted Academic CA Repository
A GÉANT-provided website to download various CA certificates (formerly known as the TERENA Academic CA Repository).
See Transport Layer Security.
See eduPKI Trust Profile.
Transport Layer Security
A protocol defined by the IETF in "The Transport Layer Security (TLS) Protocol", RFC 5246.
An (often self-signed) X.509 digital Certificate bound to a CA.
A trust fabric is a mesh of PKIs, Policies, CAs and X.509 digital certificates of CAs and end-entities that makes up the environment in which Relying Parties are basing and making their trust decisions for authentications.
The eduPKI PMA forms the Trust Team that is assisting GÉANT Services with defining their identity assertion and trust requirements in order to write a Trust Profile document. The Trust Team registers GÉANT Services under Trust Profiles.
A set of recommendations issued by the International Telecommunication Union's (ITU's) Telecommunications Standardisation Sector (ITU-T) on PKI with digital certificates (and CRLs).
X.509 digital Certificate
X.509 digital Certificates are X.509 compliant digitally signed identity assertions issued by an identity assurer, i.e. a CA, expressing the binding of the Certificate holder represented by the Certificate's subject name to the embedded public key.