Presentation is loading. Please wait.

Presentation is loading. Please wait.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003."— Presentation transcript:

1 03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003

2 03 December 2003 DCOCE dΛ ’ kŊt f i : Der-kot-chee

3 03 December 2003 The DCOCE project DCOCE is about authentication with digital certificates Digital certificates use Public Key Infrastructure (PKI) –PKI is very secure –but can be difficult to administer

4 03 December 2003 The DCOCE project Digital certificates and PKI rely upon trust Trust relies upon co-operation (or understanding) between organisations Oxford University is a Complex Environment –DCOCE –If it can work here...

5 03 December 2003 What DCOCE is not about Authorisation –but… Single sign on –but… e-Science and the grid –but…

6 03 December 2003 Project team Evaluators Alun Edwards (OUCS) Johanneke Sytsema (SERS) Based within the RTS at OUCS in collaboration with SERS Project Manager Mark Norman Systems Developer Christian Fernau

7 03 December 2003 Project partners Research Technologies Service at Oxford University Computing Services in collaboration with: –the Systems and Electronic Resources Service at Oxford University Library Services (SERS) –Manchester Information and Associated Services (ZETOC) –the Athens Devolved Authentication Service (at EduServ) –the Oxford e-Science Centre (OeSC)

8 03 December 2003 What is DCOCE? 2-year project funded by the (Joint Information Systems Committee) –feasibility of using digital certificates for authentication and simplified access to remote services –researching and running a pilot of a PKI (public key infrastructure) –evaluating and documenting all of the major stages and of the user experience

9 03 December 2003 Why at Oxford? The complex environment is here… –the Departments and Colleges of the University of Oxford everyone may have a different requirement desires secure access to central IT support applications desires to optimise access to licensed content Oxford hosts regional e-Science Centre –OUCS secure access to web-based email; LDAP services; VPN service developing account management packages for RDN Subject Portals Project Information flow is very important to a PKI

10 03 December 2003 Admin & Legal Services Research Technologies Service IT Support Staff services User registration Project Team Stakeholder group Oxford University Computing Services E-Science Centre Library Services

11 03 December 2003 Stakeholder group We need to know what you think: –are the ideas difficult? –what do you think you need? Early 2004 we need people to trial the use of our digital certificates –to discover the advantages and difficulties as they appear to you

12 03 December 2003 Modelling Admin. architecture –select and review 4 PKI implementations –build an administration architecture model for Oxford –Athens, MIMAS and OeSC to advise and review initial proposals for models System architecture –review the 4 PKI implementations –build a system architecture model for Oxford –Athens, MIMAS and OeSC to advise and and review initial proposals for models

13 03 December 2003 Development and implementation Implement, and develop, the systems and administrative processes to support a certificate life-cycle within a PKI –architectures very small-scale rollout –a certification authority initial testing –OeSC to advise

14 03 December 2003 Athens Devolved Authentication Enable access to remote resources subscribed to by Oxford compliant with Athens single sign-on (SSO) via digital certificate authentication –examine Athens requirements and standards –ensure certificates and ‘presentment’ mechanisms comply and PKI can be trusted

15 03 December 2003 MIMAS Enable access to remote Zetoc/British Library resources via digital certificate authentication mechanism –examine MIMAS/Zetoc requirements and standards –ensure certificates and ‘presentment’ mechanisms comply and PKI can be trusted

16 03 December 2003 Real-world rollout Distribute the certificates much more widely –test –examine revocation and recovery issues –document the issues arising Extensive set of users will receive certificates –IT support staff in devolved roles throughout the University –selected end users of many types and roles Trial revocation and recovery/re-issuing mechanisms OeSC, Athens and MIMAS to advise

17 03 December 2003 Certificate Policy Statement Develop and publish a detailed Certificate Policy Statement (CP) –in accordance with the Internet Engineering Task Force PKI X.509 Certificate Policy and Certification Practice Statement (CPS) Framework –produce an early draft of the CP consult about trust issues –final version of the CP will be produced after rollout

18 03 December 2003 Legal and administrative issues Input from Oxford University Legal Services –issuing and revoking certificates –running the PKI –the final Certificate Policy Statement (CP) –the administration issues of managing: a registration authority and certificate authority and revocation list –research legal and administration issues OeSC to advise

19 03 December 2003 Evaluation and dissemination Technical and user-oriented evaluations –the implementation of PKI at UK HE establishments –final report Project progress report –successes and failures and points of difficulty Via web pages, email lists and at real 'events' –http://www.dcoce.ox.ac.uk/ Web sitehttp://www.dcoce.ox.ac.uk/ –dcoce-disc@jiscmail.ac.uk mailing listdcoce-disc@jiscmail.ac.uk –Useful to others considering PKI within UK FE and HE formative evaluation of decisions made summative evaluations –decision-making processes and the experiences of end users etc.

20 03 December 2003 Summary of deliverables Evaluation reports –for different stages of the process Policies –overall Certification Practice Statement (CPS) Systems architecture details –any open source adaptations Project Web site –http://www.dcoce.ox.ac.uk/http://www.dcoce.ox.ac.uk/ Summative report –practical manual

21 03 December 2003 Ideas for discussion at the moment Sending server certificates on a CD-ROM Ideas for a Local Institution Certificate Store Ideas for issuing certificates (enrolling)

Download ppt "03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003."

Similar presentations

Grey Literature, Institutional Repositories and the Organisational Context Simon Lambert, Brian Matthews & Catherine Jones Business & Information Technology.

Grey Literature, Institutional Repositories and the Organisational Context Simon Lambert, Brian Matthews & Catherine Jones Business & Information Technology.
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Evaluation of a Large-scale VRE Implementation - ELVI Staff and students using the VRE benefit from the greater transparency and communication that it.

Evaluation of a Large-scale VRE Implementation - ELVI Staff and students using the VRE benefit from the greater transparency and communication that it.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Norman Wiseman JISC Head of Programmes Presentation to CNI Seattle, December 1998 ATHENS ATHENS One Year On Joint Information Systems Committee.

Norman Wiseman JISC Head of Programmes Presentation to CNI Seattle, December 1998 ATHENS ATHENS One Year On Joint Information Systems Committee.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.

TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Tony Brett, OUCS 24 th July 2004 9 th ITSS Conference The Portal Project Tony Brett Associate Head of IT Support Staff Services Oxford University Computing.

Tony Brett, OUCS 24 th July th ITSS Conference The Portal Project Tony Brett Associate Head of IT Support Staff Services Oxford University Computing.
CSU Chico Web Site A Unified approach to Governance, Management, and Accessibility.

CSU Chico Web Site A Unified approach to Governance, Management, and Accessibility.
03 December 2003 Digital Certificate Operation in a Complex Environment Presentation as part of the Digital Projects in Oxford series 4 February 2004.

03 December 2003 Digital Certificate Operation in a Complex Environment Presentation as part of the Digital Projects in Oxford series 4 February 2004.

Similar presentations

Ads by Google