The FBCA Architecture: Lessons Learned Tim Polk, NIST March 9, 2001.

Slides:

Advertisements

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

Advertisements

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Federal PKI Architecture Update

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council

Ongoing Efforts to Build The US Federal PKI Bridge

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Public Key Infrastructure Ben Sangster February 23, 2006.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

Tim Polk, NIST PKI Overview Tim Polk, NIST

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.

The U.S. Federal PKI and the Federal Bridge Certification Authority

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

SETECS Copyright© SETECS Corporation Sead Muftic SETECS Corporation SETECS OnePKI  March 14, 2002.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.

Federal Bridge Certification Authority n Background n Overview n EMA Challenge Test structure n Participants n Results n Conclusions and lessons learned.

Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering Committee

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Telemedicine and Video Conferencing Roadmap Presentations for Committee on Technology and Architecture November - December, 2011 Tim Greer SOM, SFGH Dean’s.

The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.

Configuring Active Directory Certificate Services Lesson 13.

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments “Another.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Transforming Education Through Information Technologies Common Solutions Group, January, 2002 (Sanibel Island) HEBCA: Higher Education.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

HEBCA Overview Internet2 Meeting, Fall 2002 Michael R Gettes Georgetown University

The Evolving U.S. Federal PKI Richard Guida Chair, Federal PKI Steering Committee Federal Chief Information Officers Council

Configuring Directory Certificate Services Lesson 13.

Bridge Certification Architecture A Brief Demo by Tim Sigmon and Yuji Shinozaki June, 2000.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

The NIH PKI Pilots Peter Alterman, Ph.D. … again.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

 Hubs Hubs  Bridges Bridges  Switches Switches  On-Line On-Line  Off-line Off-line  Bibliography Bibliography.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Update on PKI Activities in the Spanish Academic Network PKI-COORD November 26, Amsterdam.

Federal and State PKI Bridge Evolution: Cutting Across Stovepipes EDUCAUSE 2000 October 12th, 2000.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University

The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

The Evolving Federal PKI Gary Moore Entrust Technologies Richard Guida Chair, Federal PKI Steering Committee.

PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.

Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

Using Public Key Cryptography Key management and public key infrastructures.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Price range varies from $17.99 to $34.99 or more. Device 1 Device 2 Network Connection.

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.

Network Components and terms. Hub is a device for connection multiple ethernet devices together and making then act as a single network segment.

Interoperability and the Evolving Federal PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering.

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

NAAS 2.0 Features and Enhancements

ورود اطلاعات بصورت غيربرخط

Inter-institutional Trust Fabric Overview and Synergies

Install AD Certificate Services

Executive Summary: eHealth Exchange Hub

Tim Polk, NIST PKI Program Manager March 2000

Presentation transcript:

The FBCA Architecture: Lessons Learned Tim Polk, NIST March 9, 2001

FBCA Goals Leverage emerging agency PKIs to create a unified federal PKI Limit workload agency CA staff Support agency use of –Any FIPS-approved cryptographic algorithm –A broad range of commercial CA products Propagate policy information to certificate users in different agencies

EMA Challenge Architecture

Multiple CAs in FBCA Membrane Support multiple cryptographic algorithms Support for multiple certificate management protocols

FBCA architecture FBCA CAs –Offline –No network connectivity FBCA directory online

An Alternative Bridge Architecture Bridge CAs offline but have network connectivity Internal directory Firewall (strict) Border Directory

FBCA Directory Architecture Chained X.500 directories Dual-rooted FBCA directory is “hub” –dc=gov –o=U.S. Government, c=US

Lessons Learned Bridge CAs can unite PKIs with –Different architectures –Different cryptographic algorithms –Different DITs Heterogeneous commercial products can be used inside the bridge Client software is the limiting factor X.500 chaining simplifies certificate retrieval Offline bridge architecture is secure but inefficient