03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

Slides:



Advertisements
Similar presentations
Grey Literature, Institutional Repositories and the Organisational Context Simon Lambert, Brian Matthews & Catherine Jones Business & Information Technology.
Advertisements

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Evaluation of a Large-scale VRE Implementation - ELVI Staff and students using the VRE benefit from the greater transparency and communication that it.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Norman Wiseman JISC Head of Programmes Presentation to CNI Seattle, December 1998 ATHENS ATHENS One Year On Joint Information Systems Committee.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Password?. Project CLASP: Common Login and Access rights across Services Plan
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Password?. Project CLASP: Common Login and Access rights across Services Plan
TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Tony Brett, OUCS 24 th July th ITSS Conference The Portal Project Tony Brett Associate Head of IT Support Staff Services Oxford University Computing.
CSU Chico Web Site A Unified approach to Governance, Management, and Accessibility.
03 December 2003 Digital Certificate Operation in a Complex Environment Presentation as part of the Digital Projects in Oxford series 4 February 2004.
Academic Services Interactive Media Managing the Web with Java JA-SIG Winter 2002 Robert Sherratt Academic Services, Interactive Media.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Imperial College Web Review Imperial College.... An audience-focused realignment of our web strategy with our College strategy, our market, technology.
Public Key Infrastructure Ammar Hasayen ….
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.
Supporting further and higher education Current A&A Developments in the UK Alan Robiette, JISC Development Group.
Ray Collins27th September 2005LGfL Project – workshop report1 LGfL Project Report Proof of Principle of the Shibboleth Authentication & Authorisation Infrastructure.
Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.
South West Grid for Learning Educational Portal Awareness Event.
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
E-Science Projects and Security M. Angela Sasse & Mike Surridge.
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
Transboundary Trust Space February 16, 2012 Ensuring trust in information exchange – proposal and approaches from Russia and CIS-states (RCC states) National.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Password? CLASP Project FOCUS Meeting, 12 October 2000 Denise Heagerty, IT/IS.
Digital Certificate Operation in a Complex Environment Presentation to the IT Support Staff Conference 24 June 2004.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
State of e-Authentication in Higher Education August 20, 2004.
Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
1 Building our DNER the Z way Paul Miller Interoperability Focus UK Office for Library & Information Networking (UKOLN)
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
Supporting education and research The JISC Core Middleware Call Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks NA5: Policy and International Cooperation.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Joint HR / L&D Managers Forum Business Planning & the CFOA Website Joy Flanagan Programme Officer.
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks NA5: Policy and International Cooperation.
Paul Needham Franklin-Wilkins Building (Waterloo) 14 October 2009 The PIRUS2 Project is funded by:
Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
ESA Single Sign On (SSO) and Federated Identity Management
جايگاه گواهی ديجيتالی در ايران
Open access in REF – Planning Workshop
CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN
Derek Sergeant Leeds University Library
Presentation transcript:

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003

03 December 2003 DCOCE dΛ ’ kŊt f i : Der-kot-chee

03 December 2003 The DCOCE project DCOCE is about authentication with digital certificates Digital certificates use Public Key Infrastructure (PKI) –PKI is very secure –but can be difficult to administer

03 December 2003 The DCOCE project Digital certificates and PKI rely upon trust Trust relies upon co-operation (or understanding) between organisations Oxford University is a Complex Environment –DCOCE –If it can work here...

03 December 2003 What DCOCE is not about Authorisation –but… Single sign on –but… e-Science and the grid –but…

03 December 2003 Project team Evaluators Alun Edwards (OUCS) Johanneke Sytsema (SERS) Based within the RTS at OUCS in collaboration with SERS Project Manager Mark Norman Systems Developer Christian Fernau

03 December 2003 Project partners Research Technologies Service at Oxford University Computing Services in collaboration with: –the Systems and Electronic Resources Service at Oxford University Library Services (SERS) –Manchester Information and Associated Services (ZETOC) –the Athens Devolved Authentication Service (at EduServ) –the Oxford e-Science Centre (OeSC)

03 December 2003 What is DCOCE? 2-year project funded by the (Joint Information Systems Committee) –feasibility of using digital certificates for authentication and simplified access to remote services –researching and running a pilot of a PKI (public key infrastructure) –evaluating and documenting all of the major stages and of the user experience

03 December 2003 Why at Oxford? The complex environment is here… –the Departments and Colleges of the University of Oxford everyone may have a different requirement desires secure access to central IT support applications desires to optimise access to licensed content Oxford hosts regional e-Science Centre –OUCS secure access to web-based ; LDAP services; VPN service developing account management packages for RDN Subject Portals Project Information flow is very important to a PKI

03 December 2003 Admin & Legal Services Research Technologies Service IT Support Staff services User registration Project Team Stakeholder group Oxford University Computing Services E-Science Centre Library Services

03 December 2003 Stakeholder group We need to know what you think: –are the ideas difficult? –what do you think you need? Early 2004 we need people to trial the use of our digital certificates –to discover the advantages and difficulties as they appear to you

03 December 2003 Modelling Admin. architecture –select and review 4 PKI implementations –build an administration architecture model for Oxford –Athens, MIMAS and OeSC to advise and review initial proposals for models System architecture –review the 4 PKI implementations –build a system architecture model for Oxford –Athens, MIMAS and OeSC to advise and and review initial proposals for models

03 December 2003 Development and implementation Implement, and develop, the systems and administrative processes to support a certificate life-cycle within a PKI –architectures very small-scale rollout –a certification authority initial testing –OeSC to advise

03 December 2003 Athens Devolved Authentication Enable access to remote resources subscribed to by Oxford compliant with Athens single sign-on (SSO) via digital certificate authentication –examine Athens requirements and standards –ensure certificates and ‘presentment’ mechanisms comply and PKI can be trusted

03 December 2003 MIMAS Enable access to remote Zetoc/British Library resources via digital certificate authentication mechanism –examine MIMAS/Zetoc requirements and standards –ensure certificates and ‘presentment’ mechanisms comply and PKI can be trusted

03 December 2003 Real-world rollout Distribute the certificates much more widely –test –examine revocation and recovery issues –document the issues arising Extensive set of users will receive certificates –IT support staff in devolved roles throughout the University –selected end users of many types and roles Trial revocation and recovery/re-issuing mechanisms OeSC, Athens and MIMAS to advise

03 December 2003 Certificate Policy Statement Develop and publish a detailed Certificate Policy Statement (CP) –in accordance with the Internet Engineering Task Force PKI X.509 Certificate Policy and Certification Practice Statement (CPS) Framework –produce an early draft of the CP consult about trust issues –final version of the CP will be produced after rollout

03 December 2003 Legal and administrative issues Input from Oxford University Legal Services –issuing and revoking certificates –running the PKI –the final Certificate Policy Statement (CP) –the administration issues of managing: a registration authority and certificate authority and revocation list –research legal and administration issues OeSC to advise

03 December 2003 Evaluation and dissemination Technical and user-oriented evaluations –the implementation of PKI at UK HE establishments –final report Project progress report –successes and failures and points of difficulty Via web pages, lists and at real 'events' – Web sitehttp:// mailing –Useful to others considering PKI within UK FE and HE formative evaluation of decisions made summative evaluations –decision-making processes and the experiences of end users etc.

03 December 2003 Summary of deliverables Evaluation reports –for different stages of the process Policies –overall Certification Practice Statement (CPS) Systems architecture details –any open source adaptations Project Web site – Summative report –practical manual

03 December 2003 Ideas for discussion at the moment Sending server certificates on a CD-ROM Ideas for a Local Institution Certificate Store Ideas for issuing certificates (enrolling)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.