May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

Slides:



Advertisements
Similar presentations
April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.
Advertisements

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
PKI: A High Level View from the Trenches Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado.
Higher Ed Certificate Authority by CREN October 12, 2000 TERENA Meeting/Paris.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Deploying PKI for Higher Education (Scott Rea) Boulder CO November 15, 2007.
David L. Wasley Office of the President University of California Higher Ed PKI – Draft Certificate Policy David L. Wasley University of California Common.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
1 PKI Update September 2002 CSG Meeting Jim Jokl
F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.
David L. Wasley Office of the President University of California Higher Ed PKI Certificate Policy David L. Wasley University of California I2 Middleware.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
CREN Certificate Authority Project: Update from Georgia Tech Ron Hutchins 28 March 2000.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
X.509/PKI There is progress.... Topics Why PKI? Why not PKI? The Four Stages of X.509/PKI Other sectors Federal Activities - fBCA, NIH Pilot, ACES, other.
Configuring Directory Certificate Services Lesson 13.
CAMP PKI UPDATE August 2002 Jim Jokl
Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
PKI Activities at Virginia September 2000 Jim Jokl
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
A community-based CA: The (slow) rise of the house of Usher (The CA former known as CREN)
PKI Summit August 2004 Technical Issues to Deploying PKI on Campuses.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.
Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.
Higher Ed Certificate Authority by CREN: Update CSG February 2, 2000.
Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.
Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
Secure Enterprise Technology Initiatives e-Provisioning Group
Fed/ED December 2007 Jim Jokl University of Virginia
September 2002 CSG Meeting Jim Jokl
Presentation transcript:

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC

May 06, 2002 Panel Intro to PKI- Lite –Judith Boettcher, CREN Minnesota story –Frank Grewe Columbia –Vace Kundacki –Alan Crosswell

May 06, 2002 What is PKI-Lite? PKI-Lite Full-featured PKI technology deployed with existing campus standards for identification and authentication (I&A) and security

May 06, 2002 Is PKI-Lite Real? Developed by the HEPKI-TAG and HEPKI-PAG groups and it is under review and implementation Why did PKI-Lite evolve?

Policy Swamp - for 18 months PKI-Lite Environment - At last!

May 06, 2002 PKI-Lite Trust Environment - What is it? Trust Documents –Certificate policy –Certificate practice statement –Certificate profiles for institutional and end- entity certificates (x.509 v3, IETF) –Relying party statement for content providers, publishers, etc Existing Campus Registration Authority –Registrar, HR Certification Authority –IT dept with systems and software

May 06, 2002 PKI-Lite Technology Environment - What is it? Good enough to move forward Provides Level of Assurance (LOA) –Rudimentary for client certificates –Basic/ Medium for Campus Certificates

May 06, 2002 PKI-Lite Environment Available now –Combined PKI-Lite Certificate Policy and Certification Practices Statement Template middleware.internet2.edu/hepki-tag/pki-lite/pki-lite- policy-practices.htm –Certificate Profiles For Campus CA and for End-Entity/client certificates PKI-Lite CP/CPS is being sent to various higher education groups for review –Reviewed by two content providers in late 2001 Request to keep certificates validity period to maximum of 12.5 months

May 06, 2002 The CREN CA at MIT SafeKeyper HSM Box with the CREN CA This box signs Certificate Signing Requests (CSRs)

May 06, 2002 Five Types of Certificates - Its easy to get confused! Root Certificates –Self-signed certs (Authenticate themselves) Institutional Certificates –Also called campus certs Organizational Certificates –Also called department certs, association certs Web server certificates –Also called server-side certs End-Entity Certificates –Also called end-user certs, client certs, individual certs, personal certs, or entity certs –Client certs.. Different ones for signing and encrypting , web authentication

May 06, 2002 What Do Individuals Use Certificates for? Authenticating oneself to server Signing –The same certificate can be used for these two purposes of signing and authenticating oneself to server Encrypting –Individuals will designate one specific certificate for encrypting

May 06, 2002 CREN Certificate Services for Higher Education Hierarchy of Institutional Certificates –CREN CA Certificates –Operational since 11/99 Web server certificates CREN.net CA for client certificates –CREN.Net CA for staff, members and pilot projects –Potentially for individuals at campuses without CAs who must meet federal mandates

May 06, 2002 What are Higher Ed Organizations Doing? HEPKI-TAG (Internet2, CREN, Educause) –Higher Education PKI - Technical Advisory Group –Developing the PKI -Lite environment –Now doing some pilot testing with S/MIME HEPKI-PAG (Internet2, CREN, Educause) –Higher Education PKI - Policy Advisory Group –Developing the PKI -Lite environment Internet2 –Leading the Middleware initiative, including Shibboleth Project –Check out EDUCAUSE –Leading the Higher Ed Bridge CA

May 06, 2002 Who is Doing or Planning PKI Use on Campus? Two major classes of applications –Web-based applications –Electronic Mail (S/MIME) –Plus authentication for network access, such as VPN and wireless Campuses that are working with PKI MITGeorgia Tech PrincetonU of Virginia CornellU of Wisconsin U of MNU of Alabama U of MassColumbia Penn StateU of Tennessee Source: J.Jokl/HEPKI-TAG

May 06, 2002 Examples of Web-Based Apps and Electronic Mail Authentication Business services Access to class materials Access to remote databases HR self service Telecom requests Electronic mail (S/MIME) general individual use submission of service orders submission of timesheets, travel reports More detail is at... middleware.internet2.edu/hepki-tag/TAG-PKI-Apps3.xls Source: J.Jokl/HEPKI-TAG

On to Campus Stories… Frank and Vace and Alan

May 06, 2002 PKI-Lite Environment Standard PKI-Lite Cert Profiles –Certificate Profile for Root Certificates –middleware.internet2.edu/hepki-tag/pki-lite/hepki- tag-pkilite-root-profile-2.html –Certificate Profile for End-entity Certificates –middleware.internet2.edu/hepki-tag/pki-lite/hepki- tag-pkilite-profile-6.html –These profiles come with implementor notes discussing extensions and fields to be filled out at campus level CA

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.