Presentation is loading. Please wait.

Presentation is loading. Please wait.

TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh."— Presentation transcript:

1 TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh

2 Aim  To implement a pilot Public Key Infrastructure for authentication of H&FE users to services in the JISC Information Environment

3 Objectives  Demonstrate proof of concept for an authentication service for the licensed resources of the JISC IE  Identify practical issues of certificate handling by users and institutions  Consider the wider use of digital certificate technology across the H&FE sector

4 Partners  Lead partner  University of Edinburgh  EDINA  Computing Services  Associate partners  University of Paisley  Stevenson College  Newark and Sherwood College  Institute of Physics Publishing

5 Scope  Services in the JISC Information Environment …  … accessed by standard browsers  But, looking forward:  Local institutional services  Grid services  VLE resources

6 Assets  Commercial  Market value of IE resources  Institutions  Reputation  Academic PKI  Services other than JISC IE

7 First pass on risk assessment  JISC IE services  Low, for today's services  Academic PKI  Moderate  Future PKI applications  Potentially high  Importance of authorisation

8 Practical considerations  Tenable procedures for institutions  Tenable procedures for users  Users forget passwords  Users make mistakes  Manual export/import of certificates is non-trivial

9 TIES model

10 TIES components  Certificate server  Registration server  DSP certificate verifier  DSP authorisation package  Athens migration  Shibboleth  Licensing authority tables  Institutional data model  Technology watch  Draft specification

11 Certificate distribution  Methods:  CMC  CMP  Central key management  Data formats  PKCS#7  PKCS#10  PKCS#12

12 Key usage  Single key pair  … supporting digital signature  … but not non-repudiation  Excludes data encipherment (secure email)

13 Policy  Two-tier policies for institutions?  Basic level assurance for JISC IE  Higher level for additional services  Academic PKI server policies  CA servers / RA servers / Certificate verifiers  Authorisation policies?  Important that all policies are congruent

14 Contacts  Peter Burnhill  Sandy Shaw  Christine Rees  Project: http://edina.ac.uk/projects/ties.

Download ppt "TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh."

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
TIES II — Feasibility study for a JISC national certificate issuing service Middleware studies meeting 11 March 2004.

TIES II — Feasibility study for a JISC national certificate issuing service Middleware studies meeting 11 March 2004.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Similar presentations

Ads by Google