JIRA Issue

[#XCI-373] Retire OSG CA

[XCI-373] Retire OSG CA Created: 04/25/2018  Updated: 04/18/2019

Status: Design Review
Project: XSEDE Cyberinfrastructure Integration
Component/s: CILogon
Fix Version/s: PY7 (Sep '17 - Aug '18), PY8 (Sep '18 - Aug '19)

Type: XCI Retire Capability Priority: Major
Reporter: Jim Basney Assignee: JP Navarro
Resolution: Unresolved Votes: 1

XSEDE Priority: -
Use Case Priority: High
Public activity link: https://software.xsede.org/display/xci-373
Devel Repository: https://software.xsede.org/svn/xci/activities/xci-373/trunk/
Use Cases:
CAN-06: Authenticate to one or more SP resources, SP services, and XSEDE central services
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Basney, Jim 2 lead and implement the activity (required) none
Fleury, Terry 1 operational support none
Simmel, Derek 1 TAGPMA/IGTF coordination none
Due by Activity Deliverable
DSR Retirement Plan
Planned Launch Date:
Actual Launch Date:
Actual Design Review Date:
Planned Complete Date:
Activity Lead: Jim Basney
Lead Tester: Shava Smallen
Design Document: https://software.xsede.org/svn/xci/activities/xci-373/trunk/Deliverables/XCI-373-OSG-CA-Retirement-Plan.pdf


As announced at http://osggoc.blogspot.com/2018/04/osg-statement-on-continued-services-and.html and https://opensciencegrid.github.io/technology/policy/service-migrations-spring-2018/#osg-ca, the OSG CA will be retired by May 31 2018.

XSEDE operates the backend REST web interface for the OSG CA as part of the CILogon service. This capability was delivered via SDIACT-237 in 2016. See SDIACT-237 for design doc, MOU, and certificate policy.

This activity covers the XSEDE work associated with retiring the OSG CA, including:

  • coordination with IGTF/TAGPMA on an orderly CA shutdown
  • shutdown of the REST web application across the CILogon service instances
  • updates to CILogon/XSEDE operational documentation/procedures
  • provide information as needed to OSG operators/subscribers (e.g., backend CA archives/logs)
  • shutdown of CRL publishing once there are no longer active OSG CA certificates in use


There are comments for XCI-373 that can be viewed with XSEDE authentication.