PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.

Slides:



Advertisements
Similar presentations
NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Advertisements

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
The U.S. Federal PKI and the Federal Bridge Certification Authority
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Understanding Active Directory
UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
Configuring Active Directory Certificate Services Lesson 13.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
1 PKI Update September 2002 CSG Meeting Jim Jokl
PKI 150: PKI Parts Policy & Progress Part 2 Jim Jokl University of Virginia David Wasley University of California.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
X.509/PKI There is progress.... Topics Why PKI? Why not PKI? The Four Stages of X.509/PKI Other sectors Federal Activities - fBCA, NIH Pilot, ACES, other.
Middleware: Addressing the Top IT Issues on Campus Renee Woodten Frost Internet2 and University of Michigan CUMREC May 13, 2003.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
CAMP PKI UPDATE August 2002 Jim Jokl
Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Module 9: Fundamentals of Securing Network Communication.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
PKI Activities at Virginia September 2000 Jim Jokl
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.
PKI Summit August 2004 Technical Issues to Deploying PKI on Campuses.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Internet2 Middleware Activities Progress Renee Woodten Frost Project Manager, Internet2 Middleware Initiative I2 Middleware Liaison, University of Michigan.
Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.
Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Welcome to CAMP Directory Workshop Ken Klingenstein, Internet2 and University of Colorado-Boulder.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
Key management issues in PGP
Cryptography and Network Security
PKI Implementation at the University of Wisconsin-Madison
SWIM Common PKI and policies & procedures for establishing a Trust Framework                           Kick-off meeting Patrick MANA Project lead 29 November.
Secure Enterprise Technology Initiatives e-Provisioning Group
CompTIA Security+ Study Guide (SY0-501)
Public Key Infrastructure from the Most Trusted Name in e-Security
Inter-institutional Trust Fabric Overview and Synergies
Fed/ED December 2007 Jim Jokl University of Virginia
September 2002 CSG Meeting Jim Jokl
“Ten Years Ago… on a cold dark night”
Presentation transcript:

PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update (David Wasley, UCOP) 2:20 pm edt - FBCA and NIH Pilot Update (Peter Alterman, NIH) 2:40 pm edt - Discussion 3:00 pm Break 3:15 pm edt - Sean Smith, Dartmouth PKI Lab 3:30 pm edt - Keith Hazelton, Wisconsin PKI Lab 3:45 pm - Discussion

Some general comments There are campus and corporate successes Corporations use internally for VPN, some authentication, signed (with homogenous client base) MIT, UT medical, soon VA, UCOP Key is limited application use, lightweight policy approaches There is very limited interrealm, community of interest or general interoperable work going on Federal efforts Healthkey Higher Ed Some European miches

Why X.509/PKI? Single infrastructure to provide all security services Established technology standards, though little operational experience Elegant technical underpinnings Serves dozens of purposes - authentication, authorization, object encryption, digital signatures, communications channel encryption Low cost in mass numbers

Why Not X.509/PKI? High legal barriers Lack of mobility support Challenging user interfaces, especially with regard to privacy and scaling Persistent technical incompatibilities Overall complexity

D. Wasley’s PKI Puzzle

The Four Planes of PKI on the road to general purpose interrealm PKI the planes represent different levels of simplification from the dream of a full interrealm, intercommunity multipurpose PKI simplifications in policies, technologies, applications, scope each plane provides experience and value

The Four Planes are Full interrealm PKI - (Boeing 777) - multipurpose, spanning broad and multiple communities, bridges to unite hierarchies, unfathomed directory issues Simple interrealm PKI - (Regional jets) - multipurpose within a community, operating under standard policies and structured hierarchical directory services PKI-light - (Corporate jets) - containing all the key components of a PKI, but many in simplified form; may be for a limited set of applications; can be extended within selected communities PKI-ultralight (Ultralights) - easiest to construct and useful conveyance; ignores parts of PKI and not for use external to the institution; learn how to fly, but not a plane...

Examples of Areas of Simplification Spectrum of Assurance Levels Signature Algorithms Permitted Range of Applications Enabled Revocation Requirements and Approaches Subject Naming Requirements Treatment of Mobility...

PKI-Light example (HEPKI) CP: Wasley, etal. Draft HE CP stubbed to basic/rudimentary CRL: ? Applications: (Signed ) Mobility: Password enabled Signing: md5RSA Thumbprint: sha1 Naming: dc Directory Services needed: Inetorgperson

PKI-Light example (Texas- Houston) CP: Verisign CRL: Verisign Applications: authentication Mobility: USB dongl;e Signing: md5RSA Thumbprint: sha1 Naming: X>500 Directory Services needed: I? Deployment: 5,000 medical students

PKI-Ultralight (MIT) CP: none CRL: limit lifetime Applications: Internal web authentication Mobility: one per system; also password enabled Signing: md5RSA Thumbprint: sha1 Naming: X,500 Directory Services needed: none Deployment: approximately 350,000 over five years

Healthkey snippets Organizational commitment to pilot is difficult without more senior level support. Have had significant staff turnover. Biggest concern is impact of system on users ("non-transparency). Given lessons learned, will be investigating "encryption at the border and organizational certificates" rather than encryption and certificates at the desktop.

Healthkey snippets · Managing individual digital certificates can be expensive · Digital certificates on the desk top can be vulnerable · Organizations can lose some control with individual certificates · Organizations may not want to accept pre-issued certificates · Checking for revoked certificates puts a burden on e- mail correspondents · Current implementations of digital certificates are not transparent to users · Vendor contracts do not support community initiatives

Interesting recent developments Microsoft bundled root program RSA buys Securant...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.