This document is consistent with RFC 2527. Therefore there are some sections that are maintained for compatibility, although they do not apply exactly to the services required by the GRID projects. Glossary provides a glossary of terms used in this document.

Within this document the words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "OPTIONAL" are to be interpreted as in RFC 2119. (See Appendix A).

In this document the expression "conforming CA" is used to indicate a CA whose behavior is conforming to the set of provisions specified in this document.

1.1. Overview

This CP describes the requirements which MUST be met by a conforming CA in issuing digital certificates for GRID users and services.

This CP MAY be used by a relying party to determine the level of trust associated with this policy. An X.509 Version 3 certificate issued by a conforming CA SHOULD contain a reference to this certificate policy.

More detailed information about the practices which a conforming CA employs in its operations in issuing certificates can be found in its Certification Practice Statements (CPS).

1.2. Identification

1.2.1. Certificate Policy Name


1.2.2. Object Identifiers

This certificate policy is identified by the following unique registered Object Identifier (OID):

ISO assigned1
US Department of Defense6
IANA registered private enterprises1
Certificate Policies2
GRID Certificate Policy1
Major version1
Minor version1

1.3. Community and Applicability

Conforming CAs provide PKI services for the Czech academic community. Certificates issued under this CP are issued to users and services affiliated to organizations participating in GRID project.

1.3.1. Certification authorities

Conforming CAs SHOULD be operated by organizations participating in the GRID projects.

1.3.2. Registration authorities

Registration Authorities (RA) are needed for physical identification/authentication of entities. These authorities MUST not be permitted to issue certificates. The RA MUST sign an agreement with the certifying CA, stating the obligation to adhere to the agreed procedures as identified in the CA's CPS.

The conforming CA MAY manage the functions of its Registration Authority.

1.3.3. End entities

The targeted end entities are employees and students of Czech universities, employees of Czech Academy of Sciences, and any organizations cooperating with these entities in the GRID project as well as computers and application services operated by these organizations.

1.3.4. Applicability

Certificates issued by a conforming CA MUST NOT be used for financial transactions.

1.4. Contact Details

1.4.2. Contact person

All questions and comments concerning this CPS must be addressed to:

      CESNET CA 
      CESNET a.l.e.
      Zikova 4
      160 00
      Czech Republic
      URI: http://www.cesnet.cz/pki/