Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Published byDelaney Icke Modified over 10 years ago

Similar presentations

Presentation on theme: "Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January."— Presentation transcript:

1 Stanley J. Choffrey stanley.choffrey@gsa.gov (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January 10, 2000

2 The Federal Bridge Certification Authority(FBCA) will be the unifying element to link otherwise unconnected agency Certification Authority’s (CAs) into a systematic overall Federal PKI. The FBCA functions as a non-hierarchical hub allowing relying party agencies to create a certificate trust path from its domain back to the domain of the agency that issued the certificate so that the levels of assurance honored by disparate PKIs can be reconciled. The Federal Bridge Certification Authority

3 Federal Bridge Certification Authority Cross Certified CAs Directory System Agent Cross certificates CRL FIP 140-1 L3 Crypto Cross certificates CRL Cross certificates ARL Trust Domain 1Trust Domain 2 S/MIME EMAIL Directory Infrastructure 2 Directory Infrastructure 1 Path DiscoveryCert Retrieval & VerificationCert Validation

4 Mitretek Border Router Internet CyberTrust CA DOD Bridge Demo CA LunaCA3 Crypto Module Entrust CA Dell PowerEdge 2300 NT 4.0 Server 256MB RAM 9GB Hard Drives (2) Tape Backup PeerLogic i500 Directory SafeKeyper Crypto Module Sun Ultra 10 Solaris OS 512 MB RAM 9.1 GB Hard Drives (2) Tape Backup Oracle DB CyberTrust Enterprise CA FBCA Directory System Dell PowerEdge 2300 NT 4.0 Server 128 MB RAM 9GB Hard Drives (2) 10BaseT Ethernet NIC Tape Backup PeerLogic i500 Directory UPS Bay ASN.1 Router CheckPoint Firewall Eudora E-mail (S/MIME v3) Entrust Application with Certificate Path Validation CyberTrust Certificate Gemplus v1 or DataKey SmartCard Entrust Client Eudora E-mail (S/MIME v3) Entrust Application with Certificate Path Validation Entrust Certificate Spyrus Lynks Card CyberTrust Client FBCA EMA Challenge Configuration

5 GSA DoD Bridge Certification Authority PCA CA Client Cybertrust CA Entrust CA Federal Bridge Certification Authority Canadian CA NIST CA1 PCA CA Client DISA PCA CA Client CA PCA CA Client PCA CA Treasury Client NIST CA2 PCA CA Client Navy PCA CA Client CA Client PCA CA Client GTRI PCA CA Client NASA MS Exch/v5 Eudora/SFL Eudora/v4 Federal Bridge Certification Authority EMA Challenge Overview

6 c=US; o=U.S. Government; ou=NIST ou= Experimental CA1 IP address:129.6.20.33 DSP port:102 LDAP port:389 TSEL:0x5000 TCP/IP NIST (Peerlogic) c=US; o=U.S. Government;ou=FBCA IP address:198.76.35.155 DSP port:102 LDAP port:389 TSEL: TCP/IP Federal Bridge Certification Authority (Peerlogic) DoD Bridge Certification Authority (Chromatix) c=US; o=Test BCA c=US; o=Entrust; ou=Federal c=US; o=U.S. National c=US; o=U.S. Government; ou=DoD IP address:216.4.247.66 DSP port:20006 LDAP port:406 TCP/IP GSA/FTS (Peerlogic) Chaining cn=FBCA_Directory Canada (Nexor) c=CA; o=GC; ou=HMCCA IP address:209.47.49.138 DAP/DSP port:19970 LDAP port:389 cn=NEXOR cn=NIST c=US; o=U.S. Government; ou=NIST ou= Experimental CA2 IP address:129.6.20.33 DSP port:102 LDAP port:389 TSEL:0x5000 TCP/IP cn=BCAP BCA Server cn=BCAP Spyrus NSA CA-TBR c=US; o=U.S. Government, ou=DoD, ou=NSA GTRI (Peerlogic) cn=PKIL-DSA c=US; o=PKIL c=US; o=Georgia c=US; o=CISA IP address:130.207.204.30 DSP port:17003 LDAP port:389 TCP/IP c=US; o=NASA5; cn=NASA5 c=US; o=NASA5; cn=EntrustCA IP address:128.102.84.79 DSP port:17019 LDAP port:389 TSEL: TCP/IP cn=NASA5 NASA (CDS) Directory Configuration

7 Federal Organization

8 Federal PKI Policy Authority Voluntary interagency group - NOT “agency” –Six charter members: DOJ, DOD, OMB, GSA, Treasury, DOC Governing body for FBCA interoperability –Responsible for Certificate Policy –Agency/FBCA certificate policy mappings Oversees operation of FBCA –authorizes issuance of FBCA certificates –Responsible for Certificate Practices Statement Under Federal CIO Council

9 What will it take to use the FBCA? Policy mapping of certificate policies Careful management of cross-certs to limit transitive trust Directory interoperability Client software that does cert path discovery and processing Appropriate liability language for interoperability with non-gov’t parties

10 The current version of this CP does not provide for interoperability through the FBCA between Federal Agency PKI domains and those of parties who are external to the Federal government and who have no regulatory or contractual relationship with the Federal government. Such interoperability will be established when directed by the FPKIPA and will require changes to this CP to address issues associated with liability and other matters. Nonetheless, it is the ultimate intent of the FPKIPA to make the FBCA available to support interoperability between Federal and non-Federal entities. Moreover, interoperability with entities external to the Federal government for purposes of technical testing may be performed when directed by, and in a fashion determined by, the FPKIPA, employing the "Test" level of assurance. Additionally, certificates issued by the FBCA will ensure that appropriate controls are placed on the acceptance of certificates issued by CAs external to the Federal government, for example through the use of the nameConstraints extension. X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) 1.1.4

Download ppt "Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Program Managers Forum

Program Managers Forum
Federal PKI Architecture Update

Federal PKI Architecture Update
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Federal PKI Evolution Substantial bottom-up growth in agency use of PKI (report to be published shortly)Substantial bottom-up growth in agency use of PKI.

Federal PKI Evolution Substantial bottom-up growth in agency use of PKI (report to be published shortly)Substantial bottom-up growth in agency use of PKI.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA’s PKI Migration to Treasury 13th Fed-Ed Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA’s PKI Migration to Treasury 13th Fed-Ed Meeting 15 June ‘06 Presenter: Tice DeYoung.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
21 mai 2015 Bridges between Certification Authorities.

21 mai 2015 Bridges between Certification Authorities.
MPKI Interoperability I-D ChangeLog from -00 to -01 Oct 27, 2003 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -00 to -01 Oct 27, 2003 Masaki SHIMAOKA SECOM Trust.net.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Similar presentations

Ads by Google