Presentation is loading. Please wait.

Presentation is loading. Please wait.

Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.

Published byThomasina Taylor Modified over 9 years ago

Similar presentations

Presentation on theme: "Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President."— Presentation transcript:

1 NET@EDU Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President

2 PKI Workshop Tempe, AZ February 5, 2002 Meeting Moderator – Clair Goldsmith

3 PKI Workshop Agenda  8:30 – Welcome Clair G.  8:40 – Campus update roundtable  9:30 – CREN CA update David W.  9:40 – HEBCA update NIH experiment Steve W.  9:50 – HECP presentation David W.  10:00 – PKI-Lite and S/MIME initiative David W.  10:15 – Break

4 PKI Workshop Agenda  10:45 – Quick updates FERPA and PKI Directories Steve W. HIPAA update Clair G. HealthKey, etc. Clair G.  11:00 – PKI Implementation Issues Clair G.  12:00 - 1:00 Lunch

5 PKI Workshop Agenda  1:00 – Grid Security Technologies Grid Security Requirements John M. CAS Von M. Shibboleth & Inter-realm author Bob M. HEBCA, HEPKI Michael G. KX509 Ken K. myProxy Randy  3:00 – Break

6 PKI Workshop Agenda  3:30 – Continued PKI Implementation Issues Potential pilot projects and/or issues to be investigated  5:00 Adjourn

7 PKI IMPLEMENTATION ISSUES  Stategies For Implementing a CA In-house versus outsourcing Vendor code versus open source Institutional resource requirements What about the CP/CPS?

8 PKI IMPLEMENTATION ISSUES  Authorization Strategies Legacy applications? Can we categorize applications and appropriate strategies? Attribute certificates versus attribute directories

9 PKI IMPLEMENTATION ISSUES  Portals and other "single sign-on" approaches applications such as ERP systems and course management systems need to be not just directory enabled, but cert-in- directory enabled.

10 PKI IMPLEMENTATION ISSUES  Directories Is there an authoritative directory of those associated with the institution? If not, what does it take to create one? (best practices)

11 PKI IMPLEMENTATION ISSUES  Email Can be signed and encrypted. –Is a one or two key system best and why? List servers can modify email thereby making signing those messages pointless.

12 PKI IMPLEMENTATION ISSUES  Email Outlook has two mechanisms: –One requires that all email be signed – in other words signing is a configuration parameter of the Outlook client –Other requires pulldown menus for single use (4 clicks) Ideally, signing should be something I choose. Should signing require a password (access the private key) every time it is performed? Outlook signs only the email message and not enclosed attachments. Communicator seems to sign both.

13 PKI IMPLEMENTATION ISSUES  Multiple certificates and S/MIME!

14 PKI IMPLEMENTATION ISSUES  Digital Signatures How can one sign a document (in Word), independent of an email client? Requires a third party product: for example: eLock Adobe allows signing of Acrobat documents through proprietary plug-ins, but plug-ins are not available for all certificates. How can the Adobe signer be prevented from creating certificates?

15 PKI IMPLEMENTATION ISSUES  What does it mean to sign a web form? Does it attest to the information placed in boxes? The information around the boxes? Or both? If both, what is then done with it? Where is it put? Does all of it need to be in a database: lock, stock, and html? [If so, there are neat things one can contemplate regarding records retention.]

16 PKI IMPLEMENTATION ISSUES  Multiple Signatures Having more than one signature on a document is rarely supported One signer application (e-Lock version 4.X) allows multiple signatures, but you cannot see the document content at the time you sign the document, which provides opportunities for other errors.

17 PKI IMPLEMENTATION ISSUES  Other Signature Issues Do you always need to validate signatures as well as verify them? If so, application plug-ins such as provided by Adobe will not be adequate. Some of the application signers are priced on a per use basis!

18 PKI IMPLEMENTATION ISSUES  Cert & Key Management How to best handle key escrow for decryption keys? This problem is compounded when keys expire annually.

19 PKI IMPLEMENTATION ISSUES  Certificate and private key portability options? Proxy authentication issues

20 PKI IMPLEMENTATION ISSUES FUTURES  National Security Card

Download ppt "Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.

Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.

PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
S/MIME Email and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

Similar presentations

Ads by Google