Burton Group Catalyst Meeting Barcelona, Spain 22 October 2007 June Leung OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Case Studies Burton.

Slides:

Advertisements

Similar presentations

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Advertisements

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

The OASIS IDtrust (I M The OASIS IDtrust (Identity and Trusted Infrastructure ) Member Section For more information please see:

Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Click to edit Master title style OASIS PKI Workshop.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

Stephen Wilson Chair, PKI Adoption Technical Committee Managing Director, Lockstep, Australia PKIA Goals for 2007 Stephen Wilson Chair, PKI Adoption Technical.

Obstacles to PKI Deployment and Usage – Conclusions Relevant to pki4ipsec Steve Hanna, Co-chair, OASIS PKI TC.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Burton Group Catalyst Workshop June Leung on behalf of Stephen Wilson Chair, OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Work Program.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

National Strategies for Digital Identity Management UNCITRAL Colloquium on Electronic Commerce February 2011, New York Laurent Bernat – OECD Secretariat.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

EDUCAUSE PKI Working Group Where Are We and Where are We Going.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

APKIF WWCWG Meeting Beijing 4 November 2005 Stephen Wilson OASIS Liaison Representative to APKIF Managing Director, Lockstep Consulting The OASIS Third.

Burton Group Catalyst Meeting xxxxxxxxx Stephen Wilson Chair, OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Work Program Burton Group.

Internet Security for Small & Medium Business Week 6

PKI interoperability and policy in the wireless world.

PKI Forum Sydney 2000 Members Meeting Stephen Wilson Chair -- Certification Forum of Australia Director -- PricewaterhouseCoopers beTRUSTed PKI in Australia.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Building Security into Your System Bill Major Gregory Ponto.

Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” Marco Carugi.

JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.

Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

OASIS Cloud Authorization TC (CloudAuthZ) Rakesh Radhakrishnan, TC Member.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,

Security Bob Cowles

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

Expectations for the New Secure Network Age panel discussion Asia PKI Forum Conference Tokyo 24 February 2005 Stephen Wilson (OASIS liaison to APKIF) PKI.

OASIS IDtrust Member Section June Leung Chair, OASIS IDtrust Member Section Steering Committee

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.

The Future Digital Identity Landscape in Europe Stefane Mouille/Detlef Houdeau World eID Congress, 27th of Sep. 2017, Marseille, France.

Higher Education’s Role in the Identity Ecosystem

Organized by governmental sector (National Institute　of information )

SWIM Common PKI and policies & procedures for establishing a Trust Framework Kick-off meeting Patrick MANA Project lead 29 November.

U.S. Federal e-Authentication Initiative

Standard of Electronic Health Record

Technical Approach Chris Louden Enspier

My name is Pascal Urien, ENST

Australian PKI experience

Presentation transcript:

Burton Group Catalyst Meeting Barcelona, Spain 22 October 2007 June Leung OASIS PKI Adoption TC The OASIS PKI Adoption TC Objectives and Case Studies Burton Group Catalyst Meeting Barcelona, Spain 22 October 2007 June Leung OASIS PKI Adoption TC

The PKI environment c n PKI is resurgent n Embedded PKI is commonplace n We’re all in the midst of a paradigm shift to identity plurality n Digital Certificates can be about relationships as well as (or instead of) personal identity n Successful PKI has always been application specific, not general purpose

Resurgent, embedded PKI n Closed (vertical) schemes l US PIV, Identrus, ICAO e-passports, CableLabs, Skype, BankID (Sweden) n Health smartcards l France, Germany, Taiwan, Italy, Austria, Australia … n Digital Credentials l US Patent Office, France, Taiwan, Australia …

Identity plurality n “Identity 2.0” (archetype: Cardspace) l Too soon to tell precise outcomes l But it’s a progressive re-think of identity, context, privacy, control etc. l Fundamental concept is plurality of identities. n Stephen Kent’s critique: “For big CAs, there is an implicit assumption that a single certificate is all that a user should need. This assumes that one identity is sufficient for all applications, which contradicts experience”

The top five obstacles According to OASIS Surveys 1 & 2: 1. Software applications don’t support PKI 2. Costs too high 3. PKI poorly understood 4. Too much focus on technology (not need) 5. Poor interoperability

PKIA TC: Fresh objectives n Continue to overcome obstacles with targeted practical initiatives that improve understanding of PKI n Disseminate case studies n Develop position papers that de-mystify legal, governance and interoperability issues and modernise the PKI message so it reflects real needs n Liaise more closely with other OASIS efforts, esp. under the umbrella of the new IDtrust Member Section

Case studies & TC deliverables

Embedded PKI application: Device authentication schemes Some of the oldest, most successful PKIs are for device authentication: n GSM cell phone SIM cards n SSL server certificates n IPsec VPN devices n CableLabs PKI for Cable TV set-top boxes

Embedded PKI application: Skype n Each Skype subscriber receives a digital certificate embedded in Skype install n “Zero User Interface” (ZUI) principle; i.e. Subscriber unaware of their certificate! n

Embedded PKI application: Medicos’ smartcards n France (500,000 doctors) l Rolling out 40 million PKI smartcards for patients, for secure e-health n Taiwan (300,000 doctors) n Australia (10,000 doctors) l wide range of PKI enabled govt lodgments l electronic prescribing in development l certificates represent doctor’s qualifications l planning “wholesale” supply of certs to hospitals etc. l see

Vertical PKI application: University sector national PKI n “Australian Access Federation” l an infrastructure to facilitate trusted communications and collaboration within and between higher education and research institutions both locally and internationally … in line with the objective of providing researchers with access to an environment necessary to support world- class research n Working with Shibboleth (single sign on) and international grid computing n See

PKIA TC Policy Initiative: New legal view points in PKI n Objective to de-mystify traditionally complex or confusing aspects of PKI n e.g. “Security Printer Model” l Conceptualizes backend CA as ‘minting’ certificates on order from RA, like printing cheques l Decouples CA from policy and from user liability l When someone writes a bad cheque, nobody sues the cheque printer! l See n Aim to complete one or more papers late CY07

OASIS PKI Technical Committee Stephen Wilson