Download presentation
Presentation is loading. Please wait.
1
David L. Wasley Spring 2006 I2MM
Trust & PKI Networking Title Slide David L. Wasley Spring 2006 I2MM
2
PKIs are islands of common trust
PKI Networks PKIs are islands of common trust Content Slide
3
They can be ‘networked’
4
What does this mean? A Relying Party under (A) can build a path from a Subject under (C) This avoids RP having to know Trust Anchors (B) and (C) But not vice versa
5
Trust is established by Certificate Policy
What if the trust model under (A) is different than under (B) and/or (C)? Trust is established by Certificate Policy (A) can specify how it’s policy is met or exceeded by (B)’s policy (A) can place limits on this trust If there is no equivalency, (A) doesn’t trust (B) (B) does the same with respect to (C) (A) must also trust (B) to do this adequately (A) can limit how far it is willing to ‘network’
6
All this can be done bi-laterally
7
A “bridge” serves as the hub of trust
8
Few existing applications understand this
So what’s the problem? Few existing applications understand this May not be able to deal with cross-certs Must not only “find a path” but evaluate it Recent interest by browser developers Federal PKI has been developed around this model for 4-5 years Requires applications to be “bridge aware” See
9
Higher Education Bridge CA - HEBCA
Under development for at least 2 years Anticipates need for networking H.E. with Federal agency applications Not yet clear how commercial PKI vendors will participate Awaits real applications and campus PKIs
10
Networking with Commercial PKI
11
What about ID federations like InCommon?
Federations solve an important set of problems What is ID? What is a credential? etc... Some solutions are easier with PKI End-to-end secure Document integrity Document attestation, e.g. digital signatures PKI and federations are complimentary
12
End Slide
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.