Download presentation
Presentation is loading. Please wait.
Published byThomasina Taylor Modified over 9 years ago
1
NET@EDU Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President
2
PKI Workshop Tempe, AZ February 5, 2002 Meeting Moderator – Clair Goldsmith
3
PKI Workshop Agenda 8:30 – Welcome Clair G. 8:40 – Campus update roundtable 9:30 – CREN CA update David W. 9:40 – HEBCA update NIH experiment Steve W. 9:50 – HECP presentation David W. 10:00 – PKI-Lite and S/MIME initiative David W. 10:15 – Break
4
PKI Workshop Agenda 10:45 – Quick updates FERPA and PKI Directories Steve W. HIPAA update Clair G. HealthKey, etc. Clair G. 11:00 – PKI Implementation Issues Clair G. 12:00 - 1:00 Lunch
5
PKI Workshop Agenda 1:00 – Grid Security Technologies Grid Security Requirements John M. CAS Von M. Shibboleth & Inter-realm author Bob M. HEBCA, HEPKI Michael G. KX509 Ken K. myProxy Randy 3:00 – Break
6
PKI Workshop Agenda 3:30 – Continued PKI Implementation Issues Potential pilot projects and/or issues to be investigated 5:00 Adjourn
7
PKI IMPLEMENTATION ISSUES Stategies For Implementing a CA In-house versus outsourcing Vendor code versus open source Institutional resource requirements What about the CP/CPS?
8
PKI IMPLEMENTATION ISSUES Authorization Strategies Legacy applications? Can we categorize applications and appropriate strategies? Attribute certificates versus attribute directories
9
PKI IMPLEMENTATION ISSUES Portals and other "single sign-on" approaches applications such as ERP systems and course management systems need to be not just directory enabled, but cert-in- directory enabled.
10
PKI IMPLEMENTATION ISSUES Directories Is there an authoritative directory of those associated with the institution? If not, what does it take to create one? (best practices)
11
PKI IMPLEMENTATION ISSUES Email Can be signed and encrypted. –Is a one or two key system best and why? List servers can modify email thereby making signing those messages pointless.
12
PKI IMPLEMENTATION ISSUES Email Outlook has two mechanisms: –One requires that all email be signed – in other words signing is a configuration parameter of the Outlook client –Other requires pulldown menus for single use (4 clicks) Ideally, signing should be something I choose. Should signing require a password (access the private key) every time it is performed? Outlook signs only the email message and not enclosed attachments. Communicator seems to sign both.
13
PKI IMPLEMENTATION ISSUES Multiple certificates and S/MIME!
14
PKI IMPLEMENTATION ISSUES Digital Signatures How can one sign a document (in Word), independent of an email client? Requires a third party product: for example: eLock Adobe allows signing of Acrobat documents through proprietary plug-ins, but plug-ins are not available for all certificates. How can the Adobe signer be prevented from creating certificates?
15
PKI IMPLEMENTATION ISSUES What does it mean to sign a web form? Does it attest to the information placed in boxes? The information around the boxes? Or both? If both, what is then done with it? Where is it put? Does all of it need to be in a database: lock, stock, and html? [If so, there are neat things one can contemplate regarding records retention.]
16
PKI IMPLEMENTATION ISSUES Multiple Signatures Having more than one signature on a document is rarely supported One signer application (e-Lock version 4.X) allows multiple signatures, but you cannot see the document content at the time you sign the document, which provides opportunities for other errors.
17
PKI IMPLEMENTATION ISSUES Other Signature Issues Do you always need to validate signatures as well as verify them? If so, application plug-ins such as provided by Adobe will not be adequate. Some of the application signers are priced on a per use basis!
18
PKI IMPLEMENTATION ISSUES Cert & Key Management How to best handle key escrow for decryption keys? This problem is compounded when keys expire annually.
19
PKI IMPLEMENTATION ISSUES Certificate and private key portability options? Proxy authentication issues
20
PKI IMPLEMENTATION ISSUES FUTURES National Security Card
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.