Presentation is loading. Please wait.

Presentation is loading. Please wait.

Higher Education Bridge Certification Authority

Published byWidyawati Cahyadi Modified over 6 years ago

Similar presentations

Presentation on theme: "Higher Education Bridge Certification Authority"— Presentation transcript:

1 Higher Education Bridge Certification Authority
Scaleable Linking of PKI trust domains David L. Wasley Fall 2006 PKI Workshop

2 Topic Span Why a bridge makes sense Where is the HEBCA?

3 Bridged v.s. Hierarchical PKI
Simple PKI is hierarchical and assumes a uniform policy set Assumed by most products today Hierarchies are “PKI islands” Therefore browsers & apps include 100+ “trust anchors” Bilaterial cross-certification can link “islands” Provides superior trust management Maps policy you “know” to other policy, with constraints A “bridge” is a general case of this Serves as a “trust broker”

4 PKIs are islands of common trust
Content Slide

5 Bi-lateral cross-certification

6 A “bridge” serves as a trust broker

7 What this looks like to a RP
A Relying Party can build a trusted path from a Subject User cert to its own TA This avoids the RP having to know and understand policy in other PKI domains

8 The bridge as trust broker
Trust is established by Certificate Policy Each PKI domain has a Trust Anchor Each domain can specify how it’s policy set is met or exceeded by the other domain’s policy Each can place limits on this trust If there is no equivalency, there is no trust The bridge does this with respect to each of its member domains Members must trust the bridge to do this properly Each can limit how far it is willing to ‘network’

9 Higher Education Bridge CA - HEBCA
Sponsored by EDUCAUSE to support linking campus PKI’s with each other and with sponsored partners Patterned after the Federal Gov’t FBCA Plan is to cross-cert with FBCA Other BCAs have expressed interest too Operated at Dartmouth College Test bridge is running CP/CPS almost complete Awaiting critical mass

10 Questions? Scott Rea (HEBCA OA) David Wasley (HEBCA PA)
David Wasley (HEBCA PA)

Download ppt "Higher Education Bridge Certification Authority"

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.

Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
21 mai 2015 Bridges between Certification Authorities.

21 mai 2015 Bridges between Certification Authorities.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.

US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
1 Memorandum for multi-domain PKI interoperability multidomain-pki-00.txt

1 Memorandum for multi-domain PKI interoperability multidomain-pki-00.txt
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.
NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.

NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.

HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Similar presentations

Ads by Google