Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006 PKI Workshop

2 Topic Span  Why a bridge makes sense  Where is the HEBCA?  Why a bridge makes sense  Where is the HEBCA?

3 Bridged v.s. Hierarchical PKI  Simple PKI is hierarchical and assumes a uniform policy set  Assumed by most products today  Hierarchies are “PKI islands”  Therefore browsers & apps include 100+ “trust anchors”  Bilaterial cross-certification can link “islands”  Provides superior trust management  Maps policy you “know” to other policy, with constraints  A “bridge” is a general case of this  Serves as a “trust broker”  Simple PKI is hierarchical and assumes a uniform policy set  Assumed by most products today  Hierarchies are “PKI islands”  Therefore browsers & apps include 100+ “trust anchors”  Bilaterial cross-certification can link “islands”  Provides superior trust management  Maps policy you “know” to other policy, with constraints  A “bridge” is a general case of this  Serves as a “trust broker”

4 PKIs are islands of common trust

5 Bi-lateral cross-certification

6 A “bridge” serves as a trust broker

7 What this looks like to a RP  A Relying Party can build a trusted path from a Subject User cert to its own TA  This avoids the RP having to know and understand policy in other PKI domains  A Relying Party can build a trusted path from a Subject User cert to its own TA  This avoids the RP having to know and understand policy in other PKI domains

8 The bridge as trust broker  Trust is established by Certificate Policy  Each PKI domain has a Trust Anchor  Each domain can specify how it’s policy set is met or exceeded by the other domain’s policy  Each can place limits on this trust  If there is no equivalency, there is no trust  The bridge does this with respect to each of its member domains  Members must trust the bridge to do this properly  Each can limit how far it is willing to ‘network’  Trust is established by Certificate Policy  Each PKI domain has a Trust Anchor  Each domain can specify how it’s policy set is met or exceeded by the other domain’s policy  Each can place limits on this trust  If there is no equivalency, there is no trust  The bridge does this with respect to each of its member domains  Members must trust the bridge to do this properly  Each can limit how far it is willing to ‘network’

9 Higher Education Bridge CA - HEBCA  Sponsored by EDUCAUSE to support linking campus PKI’s with each other and with sponsored partners  Patterned after the Federal Gov’t FBCA  Plan is to cross-cert with FBCA  Other BCAs have expressed interest too  Operated at Dartmouth College  Test bridge is running  CP/CPS almost complete  Awaiting critical mass  Sponsored by EDUCAUSE to support linking campus PKI’s with each other and with sponsored partners  Patterned after the Federal Gov’t FBCA  Plan is to cross-cert with FBCA  Other BCAs have expressed interest too  Operated at Dartmouth College  Test bridge is running  CP/CPS almost complete  Awaiting critical mass

10 Questions?  Scott Rea (HEBCA OA)   David Wasley (HEBCA PA)    Scott Rea (HEBCA OA)   David Wasley (HEBCA PA)  