Download presentation
Presentation is loading. Please wait.
Published byRaymond Willis Randall Modified over 6 years ago
1
Dartmouth PKI: Plans & Challenges (Scott Rea – Dartmouth College) Internet2 Member Meeting, Dec PKI Implementers Workshop - Chicago, IL
2
Dartmouth PKI PKI Lab since 2001 Campus operational PKI since 2003
9000 active certificates Students/Staff/Faculty Use of hardware tokens (Aladdin eToken) for secure or high value transactions Support HEPKI initiatives HEBCA Policy Authority HEBCA Operating Authority USHER Operating Authority TAGPMA Founding Member PKI Outreach CA-in-a-box
3
Dartmouth PKI Campus PKI Existing Netscape Enterprise CA
Iplanet -> Red Hat End of Life in July 2006 Require replacement Evaluation of replacement options presented to Management Options Considered Commercial Hosted CA Services Commercial Vendor product run at Dartmouth Open/“Free” product run at Dartmouth Options Outcome Lowest risk but too expensive Medium risk – Possibility based on strategic partnerships Medium risk – least expensive 10,000 certificates is the hump of the camel Expect replacement cut over by mid 2007 Cross-certification with HEBCA next year
4
Dartmouth PKI Campus PKI
PKI is the default authentication mechanism on campus Other supported methods via modified CAS include: Username/Password LDAP based authentication Shibboleth Required for certain applications Legislative compliance HIPAA, FERPA, CALEA High value transactions require hardware based key storage (eTokens)
5
Dartmouth PKI Campus PKI PKI is optional for most applications today
Will become required for certain applications by July 2007 Require hardware token based access by 2008 Hold ups to roll out: Platform support/processes and procedures Drivers for hardware tokens Proposed Roll out Required for network authentication Facilitate management of Encrypted File Systems Document work flow S/MIME
6
For More Information Dartmouth Website: http://www.dartmouth.edu/
PKI Lab Scott Rea -
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.