1 Digital Credential for Higher Education John Gardiner 202-973-6618 August 11, 2004.

Slides:

Advertisements

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

Advertisements

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC

Planning a Public Key Infrastructure

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

WSU A Symphony in Four Movements. A Century of Controlled Flight.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.

CA Key 1 Created OCSP Cert 1 Client Cert 1 Client Cert 2 OCSP Cert 2 CA Key 2 Created CA Key 1 Expiration OCSP Cert 3 Client Cert.

Identity and Access Management

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

CA Options: Buy or Build, and Signed by Whom? Paul Caskey PKI Deployment Forum 2008.

Transforming Education Through Information Technologies Common Solutions Group, January, 2002 (Sanibel Island) HEBCA: Higher Education.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

HEPKI-TAG UPDATE Jim Jokl University of Virginia

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Configuring Directory Certificate Services Lesson 13.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

The NIH PKI Pilots Peter Alterman, Ph.D. … again.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.

HEBCA – The Operating Authority July 2005 Dartmouth PKI Summit.

1 SURAGrid User/Host Certificate Authority SURAgrid Meeting MARCH 26, 2010 Jim Jokl University of Virginia.

Building and extending the internal PKI

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

U.S. Federal e-Authentication Initiative

USHER U.S. Higher Education Root Certificate Authority

NAAS 2.0 Features and Enhancements

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

HIMSS National Conference New Orleans Convention Center

Inter-institutional Trust Fabric Overview and Synergies

Fed/ED December 2007 Jim Jokl University of Virginia

September 2002 CSG Meeting Jim Jokl

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Sixth Annual PKI Summit at Snowmass, Colorado August 2004.

Presentation transcript:

1 Digital Credential for Higher Education John Gardiner August 11, 2004

2 Program Benefits  A shared PKI infrastructure to promote interoperability among higher education institutions at a significantly reduced cost.  Cost effectively offer Educause member organizations ability to leverage one PKI system, contract vehicle, and a standard policy  Shared Educause Member CA and associated policy  Rapid Implementation  Cross-certification with HEBCA and FBCA for interoperability with other non-member Universities  Pre-negotiated and Standardize Contract (MSA) for Education  Leveraging buying power across all members

3 PKI Offering  Managed PKI for SSL Global, Standard, and Intranet –SSL Certificates Issues from one control center. –Each Member have it own Managed PKI for SSL Account.  Educause PKI –Each Member can leverage the Educause root CA but has it’s own dedicated Sub-CA. –VeriSign Trust Network with use of Global Directory –Premium Options Include:  Key Management for Key Escrow  Premium Validation - OCSP –Gold Support Plan –2 Admin Kits –Auto Enrollment Kit

4 VeriSign Managed PKI Service  Core Managed PKI Service –Create and host enterprise Certificate Authorities (CAs) –Manage the lifecycle of digital certificates (i.e., approve, issue, revoke, renew, recover and audit certificates)  MPKI Service Includes –VeriSign PKI services, support, maintenance, software upgrades, and PKI system back-ups –VeriSign-supplied FIPS Level 3 Certificate Signing Unit (CSU) –Local Hosting Module –Automated Administration Hardware (Luna token and reader) –Disaster Recovery for CA –Gold Support Plan – Including 90 day test Pilot System. –Service Level Agreements

5 Higher Ed PKI Architecture Proposal #2 HEBCA VeriSign Global Repository VeriSign Class 2 PCA VeriSign/Educause Member CA University of Texas CA FBCA University #1 Sub CA University #2 Sub CA University #3 Sub CA 1)Interoperability via common VeriSign Root CA 2)All certificates posted in VeriSign global directory in addition to individual university directories 3)Common Educause member CA policy subordinate to VeriSign VTN policy-- Educause branding/site seal 4)Shared CA with keys stored on FIPS Level 3 hardware. CA domain partitioned with each university having RA access over its piece of the CA domain. 5)Cross certification with HEBCA and FBCA at Shared CA level (Requires Sub CA Cert Profile reconfiguration and AUDIT of sub RA operations)

6 Questions?