1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

Slides:



Advertisements
Similar presentations
PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Advertisements

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Digital Certificate Installation & User Guide For Class-2 Certificates.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Digital Certificate Installation & User Guide For Class-2 Certificates.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
1 Network Authentication with PKI EDUCAUSE/Dartmouth PKI Summit July 27, 2005 Jim Jokl University of Virginia.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August
Public Key Infrastructure from the Most Trusted Name in e-Security.
1 Grids and PKI Bridges (Globus Toolkit) EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Shelley Henderson - USC Jim Jokl - Virginia.
Technical Issues that Challenge PKI Deployments Jim Jokl University of Virginia PKI Meeting August 12, 2004.
HEPKI-TAG Activities & Globus and Bridges Jim Jokl University of Virginia Fed/ED PKI Meeting June 16, 2004.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
1 PKI Update September 2002 CSG Meeting Jim Jokl
PKI 150: PKI Parts Policy & Progress Part 2 Jim Jokl University of Virginia David Wasley University of California.
David L. Wasley Office of the President University of California Higher Ed PKI Certificate Policy David L. Wasley University of California I2 Middleware.
Bridging Higher Education PKIs PKI Summit, August 2006 Snowmass, Colorado.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
1 Personal Digital Certificates at Virginia Tech: Who Are You? Mary Dunker Internet-2 December 4, 2006
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Configuring Directory Certificate Services Lesson 13.
CAMP PKI UPDATE August 2002 Jim Jokl
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Module 9: Fundamentals of Securing Network Communication.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
PKI Activities at Virginia September 2000 Jim Jokl
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Update on PKI Activities in the Spanish Academic Network PKI-COORD November 26, Amsterdam.
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.
A community-based CA: The (slow) rise of the house of Usher (The CA former known as CREN)
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
HEBCA – The Operating Authority July 2005 Dartmouth PKI Summit.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
1 SURAGrid User/Host Certificate Authority SURAgrid Meeting MARCH 26, 2010 Jim Jokl University of Virginia.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
USHER U.S. Higher Education Root Certificate Authority
Public Key Infrastructure from the Most Trusted Name in e-Security
Fed/ED December 2007 Jim Jokl University of Virginia
September 2002 CSG Meeting Jim Jokl
Presentation transcript:

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia

2 HEPKI-TAG Activities  Sponsors: EDUCAUSE, Internet2,  Charter – Technical Activities Group (TAG) Open-source PKI software Certificate profiles Directory / PKI interaction Validity periods Client customization issues Mobility Inter-institution test projects Private Key Protection Technical issues with cross-certification Communicate results  Process Biweekly conference calls Sessions at higher education events

3 Updates to PKI-Lite  PKI-Lite: using PKI technology at the LOA of the existing campus login/password system  Updated policy and practices documentdocument Changes based on feedback from NMI project, etc Clarifications to hierarchical CAs, language, etc Still 9 pages, fill in the blanks format Relationship to Citizen and Commerce (C4) Policy  FIPS-140 crypto, audits, CRL/OCSP required  New PKI-Lite certificate profiles End Entity  Bridge Environment (Authority and Subject key identifiers)  EAP-TLS Microsoft OID (SubjectAlt/OtherName/PrincipalName) Certification Authority  Authority and Subject Key Identifiers All profiles – more closely follow the RFCs for critical flags

4 S/MIME  Plan to update the S/MIME compatibility table with data for additional clients  HEPKI-TAG coordinated a letter to Qualcomm requesting S/MIME support for Eudoraletter Qualcomm was/is developing S/MIME support for EUDORA HEPKI-TAG developed a prioritized list of features of what we’d like to see in the clientlist Looking forward to being early testers

5 Introductory Materials Aiding Initial Campus Deployments  Recall our PKI-Lite framework Using PKI for “standard” applications where you likely would have used names/passwords in the past Standard Policy/Practices document and Profiles  Designed to support S/MIME, VPN, Web Authentication, etc  Validated on other apps (e.g. Globus, document signing applications, etc). Newer addition: PKI-Lite RecipePKI-Lite Recipe  by Steven Carmody at Brown

6 US Higher Education Root (USHER) and Policy  Background A hierarchical CA for Higher Education  Issue authority certificates to campus CAs  Replace and offer more than the old CREN hierarchy Initial discussions on LOA for USHER  Strong procedures for USHER operations  Strong process to identify campuses Discussions on requirements for schools  Something heavy, C4, PKI-Lite, less, etc?  Implications for when USHER cross-certifies with HEBCA?  Early focus decisions Strong procedures for USHER itself; use the InCommon I&A process for schools Architect for an USHER-heavier and an USHER-Lite Focus deployment on USHER-Lite

7 One older concept for the US Higher Education Root (USHER) USHER-Lite InCommon CA Shib Cert School CA USHER Basic/Medium School CA USHER Root

8 Current Thinking for USHER USHER-Lite Root InCommon CA Shib Cert School CA Future USHER Basic/Medium School CA Note: InCommon CA not related to USHER in a PKI sense HEBCA

9 USHER & Policy: Enter LionShare  LionShare needs a trust fabric that works logically like PKI-Lite Verify PKI-Lite OID in cert  Question: can/should USHER require at least PKI-Lite from campuses? Schools doing this anyway Strong pushback on TAG call  How does USHER certify campuses  Campus liability concerns  Why is a requirement needed? USHER Campus CA LionShare SASL CA Short-life user certificates

10 Current Thinking on USHER-Lite No requirements for what the campus can do using their USHER authority certificate LionShare will require the PKI-Lite Policy OID in certificates issued by the SASL-CA USHER CA profileCA  Profiles include AIA for bridge cert discovery in XP

11 Next Projects for HEPKI-TAG  Continue support for USHER  Maintain & update existing documents and services  Signing tools projectproject Document and web form signing tools  Update of S/MIME work Update compatibility matrix Eudora when ready  Campus CA Audits Preparation and documents for campus auditors  In the queue Windows smart card login Mobility and Hardware Token update Application integration (administrative and general) CA software More/better introductory materials Bridge application testing Grid integration & documentation Update hardware token work EAP-TLS documentation Look at SILC Insert your favorite item(s) here

12  If you are working on these topics, consider participating in HEPKI-TAG  Some references middleware.internet2.edu/hepki-tag  Links to other sites, CA software, etc PKI for Networked Higher Education  cation/928 cation/928 pkidev.internet2.edu PKI Labs  middleware.internet2.edu/pkilabs middleware.internet2.edu/pkilabs Questions - References

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.