Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.

Slides:

Advertisements

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

Advertisements

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Lecture 23 Internet Authentication Applications

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.

PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

EDUCAUSE PKI Working Group Where Are We and Where are We Going.

Kittiphan Techakittiroj (24/08/58 22:49 น. 24/08/58 22:49 น. 24/08/58 22:49 น.) Digital Certification Kittiphan Techakittiroj

PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

David L. Wasley Office of the President University of California Higher Ed PKI Certificate Policy David L. Wasley University of California I2 Middleware.

© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. Code Signing Distributing trustworthy software over the Internet.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

HEPKI-TAG UPDATE Jim Jokl University of Virginia

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Unit 1: Protection and Security for Grid Computing Part 2

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

Identity in the Virtual World: Creating Virtual Certainty David L. Wasley Information Resources & Communications UC Office of the President.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.

Digital Signatures and Digital Certificates Monil Adhikari.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,

Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

Key management issues in PGP

Authentication, Authorisation and Security

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

September 2002 CSG Meeting Jim Jokl

Presentation transcript:

Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President

PKI Workshop Tempe, AZ February 5, 2002 Meeting Moderator – Clair Goldsmith

PKI Workshop Agenda  8:30 – Welcome Clair G.  8:40 – Campus update roundtable  9:30 – CREN CA update David W.  9:40 – HEBCA update NIH experiment Steve W.  9:50 – HECP presentation David W.  10:00 – PKI-Lite and S/MIME initiative David W.  10:15 – Break

PKI Workshop Agenda  10:45 – Quick updates FERPA and PKI Directories Steve W. HIPAA update Clair G. HealthKey, etc. Clair G.  11:00 – PKI Implementation Issues Clair G.  12:00 - 1:00 Lunch

PKI Workshop Agenda  1:00 – Grid Security Technologies Grid Security Requirements John M. CAS Von M. Shibboleth & Inter-realm author Bob M. HEBCA, HEPKI Michael G. KX509 Ken K. myProxy Randy  3:00 – Break

PKI Workshop Agenda  3:30 – Continued PKI Implementation Issues Potential pilot projects and/or issues to be investigated  5:00 Adjourn

PKI IMPLEMENTATION ISSUES  Stategies For Implementing a CA In-house versus outsourcing Vendor code versus open source Institutional resource requirements What about the CP/CPS?

PKI IMPLEMENTATION ISSUES  Authorization Strategies Legacy applications? Can we categorize applications and appropriate strategies? Attribute certificates versus attribute directories

PKI IMPLEMENTATION ISSUES  Portals and other "single sign-on" approaches applications such as ERP systems and course management systems need to be not just directory enabled, but cert-in- directory enabled.

PKI IMPLEMENTATION ISSUES  Directories Is there an authoritative directory of those associated with the institution? If not, what does it take to create one? (best practices)

PKI IMPLEMENTATION ISSUES  Can be signed and encrypted. –Is a one or two key system best and why? List servers can modify thereby making signing those messages pointless.

PKI IMPLEMENTATION ISSUES  Outlook has two mechanisms: –One requires that all be signed – in other words signing is a configuration parameter of the Outlook client –Other requires pulldown menus for single use (4 clicks) Ideally, signing should be something I choose. Should signing require a password (access the private key) every time it is performed? Outlook signs only the message and not enclosed attachments. Communicator seems to sign both.

PKI IMPLEMENTATION ISSUES  Multiple certificates and S/MIME!

PKI IMPLEMENTATION ISSUES  Digital Signatures How can one sign a document (in Word), independent of an client? Requires a third party product: for example: eLock Adobe allows signing of Acrobat documents through proprietary plug-ins, but plug-ins are not available for all certificates. How can the Adobe signer be prevented from creating certificates?

PKI IMPLEMENTATION ISSUES  What does it mean to sign a web form? Does it attest to the information placed in boxes? The information around the boxes? Or both? If both, what is then done with it? Where is it put? Does all of it need to be in a database: lock, stock, and html? [If so, there are neat things one can contemplate regarding records retention.]

PKI IMPLEMENTATION ISSUES  Multiple Signatures Having more than one signature on a document is rarely supported One signer application (e-Lock version 4.X) allows multiple signatures, but you cannot see the document content at the time you sign the document, which provides opportunities for other errors.

PKI IMPLEMENTATION ISSUES  Other Signature Issues Do you always need to validate signatures as well as verify them? If so, application plug-ins such as provided by Adobe will not be adequate. Some of the application signers are priced on a per use basis!

PKI IMPLEMENTATION ISSUES  Cert & Key Management How to best handle key escrow for decryption keys? This problem is compounded when keys expire annually.

PKI IMPLEMENTATION ISSUES  Certificate and private key portability options? Proxy authentication issues

PKI IMPLEMENTATION ISSUES FUTURES  National Security Card