CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.

Slides:

Advertisements

Similar presentations

PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

MyProxy: A Multi-Purpose Grid Authentication Service

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

PKI Administration Using EJBCA and OpenCA

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

CNI Fall 1998 Access Management Requirements and Approaches Joan Gargano California Digital Library

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

Remote Networking Architectures

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August

Public Key Infrastructure from the Most Trusted Name in e-Security.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

NASA PKI for PKI FORUM Presenters: Paul Ma, NASA-Ames Research Center

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Chapter 10: Authentication Guide to Computer Network Security.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

David L. Wasley Office of the President University of California Higher Ed PKI Certificate Policy David L. Wasley University of California I2 Middleware.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

CREN Certificate Authority Project: Update from Georgia Tech Ron Hutchins 28 March 2000.

1 Personal Digital Certificates at Virginia Tech: Who Are You? Mary Dunker Internet-2 December 4, 2006

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Building Security into Your System Bill Major Gregory Ponto.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

PKI Activities at Virginia September 2000 Jim Jokl

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.

Presented by: Defense Manpower Data Center Access Card Office

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

Secure Enterprise Technology Initiatives e-Provisioning Group

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Dartmouth College Status Report

Public Key Infrastructure from the Most Trusted Name in e-Security

Fed/ED December 2007 Jim Jokl University of Virginia

Building Security into Your System

Designing IIS Security (IIS – Internet Information Service)

National Trust Platform

Presentation transcript:

CREN-Mellon conference, December 1, 2001 University of Texas PKI Status

CREN-Mellon conference, December 1, 2001 PKI TEAM Gene Titus, Systems Architect (U.T. System Office of Telecommunication Services) Jim Lyons, Developer and DBA (U.T. Austin ITS/Telecommunications and Networking) Frank Sayre, Coordination, Policy (U.T. Austin ITS/Telecommunications and Networking) U.T. System Associate Vice-Chancellor, Chief Information Officer U.T. System System Audit Office U.T. System Office of Information Resources U.T. Austin Vice-President for Information Technology (ITS) ITS Administrative Computing ITS Security Office U.T. Austin Office of Internal Audits

CREN-Mellon conference, December 1, 2001 Management of Community Data Directory organized as X.500 hierarchy Campus-wide, 100% coverage of entire community Populated through daily ‘feeds’ from HR and Registrar Managed via OpenLDAP v. 1.2x Accessible via Richter/TU Chemnitz web500gw-2.1b3 at Operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system

CREN-Mellon conference, December 1, 2001 Current Network Authentication Scheme Electronic ID (EID) -- pre-PKI Campus-wide 100% of community using network-based electronic services (grades, transcript requests, class rosters, time sheets, bio updates, etc, etc) Username/password credential providing single-sign-on for network-based services Established at face-to-face presentation of identity credentials at University ID Center User logon through HTTPS connection to HPUX systems tied in with central authorization records residing in MVS. Authorization data is passed inside RSA MD5-encrypted cookie Viable authentication mechanism for end-user certificate requests through HTTPS-based PKI Registration Authority

CREN-Mellon conference, December 1, 2001 Planned Initial Uses, 2002/03 SSL server certificates Authentication for network-based services (to some degree replacing EID) Digitally signed documents (S/MIME protocol) for special groups Digitally signed and encrypted (S/MIME protocol) for special groups

CREN-Mellon conference, December 1, 2001 Current Deployment Status: U.T. System Certification Authority implemented with PERL/OpenSSL tested Private key storage in Chrysalis Luna CA3 (FIPS 140-1, level 3) HSM tested CA certificate to be signed by CREN January, 2002 System operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system Issuance of Institutional CA certficates for U.T. component campuses Spring, 2002 Policy governing CA certificate issuance due early Spring, 2002

CREN-Mellon conference, December 1, 2001 Current Deployment Status: U.T. Austin Certification Authority implemented with PERL/OpenSSL tested HTTPS-accessible Registration Authority implemented in PERL tested Registration Authority integrated with current EID network authentication tested Issuance of end-entity certificates to Schlumberger CyberFlex smartcards tested Back-end storage and management of certficates in Unix dbm tested Initial, informal testing of CRL publication to OCSP server completed Initial, informal testing of PKI-enabled client applications signficant problems revealed Operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system CA certificate signed by U.T. System CA Spring, 2002 Policy governing issuance of SSL server certificates early Spring, 2002 Issuance of SSL server certificates commence Spring, 2002 Policy for end-entity certificates for special groups drafted Spring, 2002 Publication of end-entity certificates to Directory need additional testing in Spring, 2002 Publication of CRLs to OCSP server need additional testing in Spring, 2002 Formal testing of PKI-enabled client applications commence Summer, 2002 Formal testing of OCSP client-server functions commence Summer, 2002 Preparation of user documentation and support procedures commence Summer, 2002 End-entity certificate issuance for special groups Fall, 2002, or Spring, 2003

CREN-Mellon conference, December 1, 2001 Content Providers Most widely used content providers include: Elsevier, OCLC, JSTOR, Bowker, Gale Access allowed for campus IP address range and by scripted logon Library staff would like ‘electronic library card’ to be implemented as part of U.T. Austin campus PKI.

CREN-Mellon conference, December 1, 2001 Readiness to Issue Certs to Select Groups Fall, 2002, or Spring, 2003, at earliest Significant administrative effort in area of PKI policy Identification of funds Significant user support for essential PKI concepts and for configuration and use of PKI-enabled client apps