Higher Ed Certificate Authority by CREN: Update CSG February 2, 2000
1/14/00www.cren.net2 Focus of the Certificate Authority Service from CREN Initial focus is on serving the need for high volume, low risk uses of digital certificates Primary initial use for l Between institutions l Between institutions and content providers Other digital certificates may be used for other purposes
1/14/00www.cren.net3 CA Subscriber Application Process (Short version) 2 Page Application Form completed by CREN member rep Signed by executive officer of institution Once registration is completed, the technical contact l Issues request for certificate l Accepts the certificate on behalf of institution Certificate with institution’s public key is posted to CREN repository
1/14/00www.cren.net4 CREN/MIT Relationship CREN office serves function of registration authority and certificate authority Actual generation of the CREN institutional certificates is at MIT, monitored by CREN Board of Trustee
1/14/00www.cren.net5 CREN CA/MIT CREN office will confirm institutional CA and contacts MIT will l Receive the request for the certificate directly from technical contact at institution, l Generate the institutional certificate, l Send the institutional certificate back to technical contact and to CREN office
1/14/00www.cren.net6 Piloting Update Pilot Round One: l MIT, Georgia Tech, and Princeton l Certificates issued and accepted l PGP used for secure communication during registration and certificate request process l Preparing campus scenarios of these implementations l Each step of the application process is now in a Step by Step document
1/14/00www.cren.net7 Piloting Lessons Pilot Round One: l Each step of the application process is now in a Step by Step document, available on the web l Next: Use of the Institutional certificate in generating the campus certificates
1/14/00www.cren.net8 Piloting of the CREN CA Pilot Round Two: l U of Minnesota/Twin Cities l Penn State l U of Tennessee/Memphis Phase Two l Testing with content provider, JSTOR l Continuing links with Digital Library Project Pilot Round Three is in March
1/14/00www.cren.net9 Uses of Digital Certificates on Campuses Authenticate — verify who the person is l Might only be necessary to know that a person is a member of a specific community Authorize— specify level of access for person to do work, tasks or approve actions Authenticate/Authorize person for l Instructional uses l Admin purposes l Student life purposes
1/14/00www.cren.net10 Uses of Digital Certificates on Campuses Instructional Uses l Testing l Access to content resources from “wherever the person is” off campus/home l Entrance into Internet online events Admin purposes l Admitting, paying, programming, grading, giving Student life purposes l Health Care, student elections, football tickets
1/14/00www.cren.net11 How Many Digital Certificates? More than five and less than 20? More than one and less than 10? Similar to passwords, credit cards Used in combination with something else.. Passwords now stored locally, less vulnerable to attack
1/14/00www.cren.net12 Next Steps: Feb - June 00 Pilot School Meeting - March 2000 Preparing draft document on campus practices Capturing and describing pilot campus scenarios Working with content providers Listening hard to ensure appropriate evolution and focus
1/14/00www.cren.net13 Issue Awareness in Campus CAs and PKI CREN TechTalks- Spring 2000 l Feb 17: Ken Klingenstein and Keith Hazelton/ Middleware project l April 13: Jeff Schiller on Campus applications and Practices with Digital Certificates Focused Seminars: Possibly April, June Archived TechTalks at CA section of the cren.net web site
1/14/00www.cren.net14 Continuing Issues Monitor structure of PKI infrastructure for higher education needs How best can CA service serve higher education needs? What is the trust model that will work? How best can CREN support campus’ move to Campus CAs? How do we interact with government projects and initiatives? What content providers are ready?
1/14/00www.cren.net15 Working with lots of folks on this one! Feedback and input essential!