Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Slides:

Advertisements

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

Advertisements

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Federal PKI Architecture Update

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council

Ongoing Efforts to Build The US Federal PKI Bridge

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Federal PKI Evolution Substantial bottom-up growth in agency use of PKI (report to be published shortly)Substantial bottom-up growth in agency use of PKI.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -00 to -01 Oct 27, 2003 Masaki SHIMAOKA SECOM Trust.net.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

The U.S. Federal PKI and the Federal Bridge Certification Authority

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Federal Bridge Certification Authority n Background n Overview n EMA Challenge Test structure n Participants n Results n Conclusions and lessons learned.

Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.

The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Utah Communications Agency Network UCAN Governance Structure.

The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council

1 June Richard Guida Stephanie Evans Johnson & Johnson Director, WWIS WWIS SAFE Infrastructure Overview.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

The NIH PKI Pilots Peter Alterman, Ph.D. … again.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Update on PKI Activities in the Spanish Academic Network PKI-COORD November 26, Amsterdam.

Federal and State PKI Bridge Evolution: Cutting Across Stovepipes EDUCAUSE 2000 October 12th, 2000.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.

PKI Summit August 2004 Technical Issues to Deploying PKI on Campuses.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

The Evolving Federal PKI Gary Moore Entrust Technologies Richard Guida Chair, Federal PKI Steering Committee.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.

Federal Agencies and PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

PKI in Virginia September Commonwealth Bridge Project Time Line of Activity l COVITS Meeting - September 1999 »Commonwealth of Virginia Information.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.

Interoperability and the Evolving Federal PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

جايگاه گواهی ديجيتالی در ايران

Technical Approach Chris Louden Enspier

Tim Polk, NIST PKI Program Manager March 2000

Presentation transcript:

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury, Chair, EMA Board of Directors

Federal PKI Interoperability b Overview b Organizational Framework b Bridge Certification Authority Concept b Design Requirements b Meaning of Interoperability b Current Status b Challenges b Path Ahead

Organizational Framework b Well over two dozen agency PKIs b No single Federal hierarchical root b Full spectrum of COTS products b Widely divergent agency requirements b Strong desire to interoperate (communicate accepting certificates from other sources)

Bridge Certification Authority b Non-hierarchical “hub” b Designed under Federal PKI Steering Committee auspices b CP/CPS under development - will support four levels of assurance (rudimentary, basic, medium, high) b Operated by, and will exist at, the National Technical Information Service

Bridge Certification Authority (2) b Will operate under auspices of Federal Policy Management Authority (FPKI Steering Committee) b Agencies can apply to have their CA’s cross-certify - FPMA decides level of assurance

Bridge Certification Authority (3) b Once cross-certified, Bridge allows construction of trusted path between CA domains b Initial focus is interagency interoperability, but also plan to do so with external parties

Design Requirements b High assurance for Bridge itself b Must honor four levels of assurance for cross-certified CAs b Must be hosted at Federal agency (NTIS) b Must meet MISPC and FIPS b Must allow trusted path creation

Meaning of Interoperability b Policy b Technical AlgorithmsAlgorithms ProtocolsProtocols Encryption key recovery schema consistencyEncryption key recovery schema consistency

Current Status (as of Oct 98) b Funding committed (pending budget passage) b In design stage b Once notional design developed, will be vetted through FPKI Steering Committee Technical Working Group (vendors) b Developing EMA Challenge participation

WEMA Challenge ‘99 b b Demonstrate standards-based, secure, global EC environment featuring interoperable PKI b b Goals Demonstrate scalable, standards-based PKI using COTS products that is transparent to users Identify key issues, raise awareness, and determine solutions for a multi-domain PKI Demonstrate the capabilities of COTS products and their ability to interoperate

WEMA Challenge ‘99 b b Foundation applications are web-based EC and secure messaging b b Some of the participants: BT NTIS Entrust Xcert European Commission b b Documentation and information Baltimore Boeing GTE Cybertrust GSA Treasury

Challenges b Dealing with OCSP vs. CRL domains for revocation checking b Ensuring Bridge supports all COTS products agencies may select b Ensuring Bridge’s full potential is used b Making client software use the Bridge b Mapping applicant CA’s assurance levels to those of Bridge

Path Ahead b Complete design and vet through Technical Working Group b Get Bridge pilot operating (early 1999) b Participate in EMA Challenge 99 b Attract appropriate applications b Since fully funded through Sept 2000, expect no charge to cross-certify until afterwards (but depends on actual usage)