TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.

Slides:

Advertisements

Similar presentations

Introduction of Grid Security

Advertisements

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

TIES II — Feasibility study for a JISC national certificate issuing service Middleware studies meeting 11 March 2004.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Lecture 23 Internet Authentication Applications

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Security Management.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Public Key Infrastructure Ammar Hasayen ….

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

Scotland’s Colleges Symposium 24 March 2010, Worcester Learning and teaching repositories: is this the last chance? Jackie Graham

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Supporting further and higher education UK Middleware Update TF-EMC2 Meeting, 4 November 2004 Alan Robiette, JISC Development Group.

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004.

HEPSYSMAN UCL, 26 Nov 2002Jens G Jensen, CLRC/RAL UK e-Science Certification Authority Status and Deployment.

By Umair Ali. Dec 2004Version 1 -PKI - a security architecture – over the internet. -Provides an increased level of confidence for exchanging information.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

Gilda certificates. Certification Authority

Trusted Organizations In the grid world one single CA usually covers a predefined geographic region or administrative domain: – Organization – Country.

GRID-FR French CA Alice de Bignicourt.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Public Key Infrastructure (PKI)

Organized by governmental sector (National Institute　of information )

Public Key Infrastructure

HIMSS National Conference New Orleans Convention Center

Install AD Certificate Services

PKI (Public Key Infrastructure)

Presentation transcript:

TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh

Aim  To implement a pilot Public Key Infrastructure for authentication of H&FE users to services in the JISC Information Environment

Objectives  Demonstrate proof of concept for an authentication service for the licensed resources of the JISC IE  Identify practical issues of certificate handling by users and institutions  Consider the wider use of digital certificate technology across the H&FE sector

Partners  Lead partner  University of Edinburgh  EDINA  Computing Services  Associate partners  University of Paisley  Stevenson College  Newark and Sherwood College  Institute of Physics Publishing

Scope  Services in the JISC Information Environment …  … accessed by standard browsers  But, looking forward:  Local institutional services  Grid services  VLE resources

Assets  Commercial  Market value of IE resources  Institutions  Reputation  Academic PKI  Services other than JISC IE

First pass on risk assessment  JISC IE services  Low, for today's services  Academic PKI  Moderate  Future PKI applications  Potentially high  Importance of authorisation

Practical considerations  Tenable procedures for institutions  Tenable procedures for users  Users forget passwords  Users make mistakes  Manual export/import of certificates is non-trivial

TIES model

TIES components  Certificate server  Registration server  DSP certificate verifier  DSP authorisation package  Athens migration  Shibboleth  Licensing authority tables  Institutional data model  Technology watch  Draft specification

Certificate distribution  Methods:  CMC  CMP  Central key management  Data formats  PKCS#7  PKCS#10  PKCS#12

Key usage  Single key pair  … supporting digital signature  … but not non-repudiation  Excludes data encipherment (secure )

Policy  Two-tier policies for institutions?  Basic level assurance for JISC IE  Higher level for additional services  Academic PKI server policies  CA servers / RA servers / Certificate verifiers  Authorisation policies?  Important that all policies are congruent

Contacts  Peter Burnhill  Sandy Shaw  Christine Rees  Project: