Presentation is loading. Please wait.

Presentation is loading. Please wait.

The NIH PKI Pilots Peter Alterman, Ph.D. … again.

Published byMerilyn Allen Modified over 9 years ago

Similar presentations

Presentation on theme: "The NIH PKI Pilots Peter Alterman, Ph.D. … again."— Presentation transcript:

1 The NIH PKI Pilots Peter Alterman, Ph.D. … again

2 A Simplified Description of the NIH Extramural Research Business Process NIH publishes RFAs and other announcements of research topics and training opportunities NIH publishes RFAs and other announcements of research topics and training opportunities Researchers submit applications for funding under a number of mechanisms Researchers submit applications for funding under a number of mechanisms Applications are reviewed by independent study sections 3 – 4X/year Applications are reviewed by independent study sections 3 – 4X/year Approved applications are ranked Approved applications are ranked Grants are funded by score and mission relevance Grants are funded by score and mission relevance Annual reports submitted Annual reports submitted Noncompeting renewals make up bulk of ~40k grants issued annually (about $13B!) Noncompeting renewals make up bulk of ~40k grants issued annually (about $13B!)

3 Currently, NIH Extramural Business Process is ALL PAPER

4 Phase I: PKI-enable an Adobe I-form Version of a PHS-398, Application for Research Grant Allergy Institute created an electronic version of the application form Allergy Institute created an electronic version of the application form NIH and Digital Signature Trust working to allow attachment of two TrustID digital signatures to the completed I-form NIH and Digital Signature Trust working to allow attachment of two TrustID digital signatures to the completed I-form Institutions will acquire TrustID digsigs courtesy of NIH, download I-form, complete dummy application, sign (PI and AOR) and return to NIH as email attachment Institutions will acquire TrustID digsigs courtesy of NIH, download I-form, complete dummy application, sign (PI and AOR) and return to NIH as email attachment NIH will transfer attachment to local hard disk, then validate signatures using E-lock Assured Office client NIH will transfer attachment to local hard disk, then validate signatures using E-lock Assured Office client Some platform and process constraints understood in pilot Some platform and process constraints understood in pilot Outcomes: Outcomes: demonstration of successful creation, signing and validating of I- form 398 demonstration of successful creation, signing and validating of I- form 398 Identification of areas requiring further development Identification of areas requiring further development

5 What it Looks Like NIH CA And Directory University 3 End users University 1 end-users University 2 end-users trust path trust paths Actually DST CA for Pilot NIH test user

6 Phase II: Replace NIH-supplied Digital Certificate with Institution’s Digital Certificate (in multiple flavors) UAB, UW-M and UCOP UAB, UW-M and UCOP TrustID cert (no-brainer, already done in Phase I) TrustID cert (no-brainer, already done in Phase I) VeriSign cert VeriSign cert Netscape IPlanet cert Netscape IPlanet cert NIH cross-certifies with the Fed Bridge at the test level of assurance NIH cross-certifies with the Fed Bridge at the test level of assurance Educause sets up the HE Bridge Educause sets up the HE Bridge Fed Bridge and HE Bridge cross-certify at the test level of assurance Fed Bridge and HE Bridge cross-certify at the test level of assurance Institutions cross-certify with the HE Bridge at the test level Institutions cross-certify with the HE Bridge at the test level NIH validates certs using modified E-Lock product NIH validates certs using modified E-Lock product Validation path runs through Fed Bridge to HE Bridge to Institutions’ CRLs Validation path runs through Fed Bridge to HE Bridge to Institutions’ CRLs

7 Remember This? Slightly Modified… Fed Bridge CA And Directory HE Bridge CA And Directory NIH CA, Directory, End user CA, Directory, CRL, end users CA,Directory, CRL, end users Validation path Validation paths Actually DST CA for Pilot

8 The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee and Acting Director, Federal Bridge Certification Authority

9 The FBCA Architecture Bridge CA And Directory Bridge CA And Directory CA, Directory, End users CA, Directory, End users CA,Directory, End users Trust paths

10 FBCA Overview Designed for the purpose of creating trust paths between among PKI domains Designed for the purpose of creating trust paths between among PKI domains Issues cross-certificates to Member CAs only Issues cross-certificates to Member CAs only Employs a distributed, NOT a hierarchical, model Employs a distributed, NOT a hierarchical, model Commercial products participate within the membrane of the Bridge OR interoperate with products within the membrane Commercial products participate within the membrane of the Bridge OR interoperate with products within the membrane Develops cross certificates within the membrane to bridge the gap among dissimilar products Develops cross certificates within the membrane to bridge the gap among dissimilar products

11 FBCA Goals Leverage emerging Federal Agency PKIs to create a unified Federal PKI Leverage emerging Federal Agency PKIs to create a unified Federal PKI Limit workload on Agency CA staff Limit workload on Agency CA staff Support Agency use of: Support Agency use of: Any FIPS-approved cryptographic algorithm Any FIPS-approved cryptographic algorithm A broad range of commercial CA products A broad range of commercial CA products Propagate policy information to certificate users in different Agencies Propagate policy information to certificate users in different Agencies

12 FBCA Operation Issues Cross-Certificates to Participating CAs only Issues Cross-Certificates to Participating CAs only FPKI Steering Committee oversees FBCA development and operations FPKI Steering Committee oversees FBCA development and operations Documentation Documentation Enhancements Enhancements Client-side software Client-side software Operates in accordance with Policy Authority and FPKISC direction Operates in accordance with Policy Authority and FPKISC direction

13 FBCA Management Hierarchy Steering Committee oversees FBCA development and operations Steering Committee oversees FBCA development and operations Direct Operational Authority Direct Operational Authority Bridge Documentation Bridge Documentation Enhancements Enhancements Policy Authority determines participants and levels of cross- certification Policy Authority determines participants and levels of cross- certification Administers Certificate Policy Administers Certificate Policy Approves requests to cross-certify Approves requests to cross-certify Enforces compliance by member organizations Enforces compliance by member organizations GSA named Operational Authority GSA named Operational Authority Operates in accordance with Policy Authority and Steering Committee direction Operates in accordance with Policy Authority and Steering Committee direction

14 Current Status - August 10, 2001 Policy Authority approved final documentation on June 18, 2001 Policy Authority approved final documentation on June 18, 2001 Certificate Policy Certificate Policy Certification Practices Statement Certification Practices Statement Independent Compliance Analysis Independent Compliance Analysis FBCA “open and ready for business” at the GSA/FTS WillowWoods facility operated by Mitretek Systems on June 7, 2001 FBCA “open and ready for business” at the GSA/FTS WillowWoods facility operated by Mitretek Systems on June 7, 2001 Prototyping/Compatibility lab continues operational off-site Prototyping/Compatibility lab continues operational off-site Hot backup site nearing completion Hot backup site nearing completion C & A Audit under way by KPMG C & A Audit under way by KPMG Three federal agencies and one state government preparing documentation for application for interoperability with Bridge: NASA, NFC, FDIC, Illinois Three federal agencies and one state government preparing documentation for application for interoperability with Bridge: NASA, NFC, FDIC, Illinois

15 What Will It Take to Use the FBCA? Policy mapping of certificate policies Policy mapping of certificate policies Sharing annual audits Sharing annual audits Careful management of cross-certificates to limit transitive trust (exclusion trees) Careful management of cross-certificates to limit transitive trust (exclusion trees) Directory interoperability and synchronization Directory interoperability and synchronization Client software for certificate path discovery and processing Client software for certificate path discovery and processing

16 Next Steps Continue to bring federal agencies into interoperability Continue to bring federal agencies into interoperability Bring additional products into Bridge membrane and/or verify interoperability with products in membrane: working with RSA, Cylink, Spyrus and talking with VeriSign and Microsoft Bring additional products into Bridge membrane and/or verify interoperability with products in membrane: working with RSA, Cylink, Spyrus and talking with VeriSign and Microsoft Pursue interoperability with State PKIs Pursue interoperability with State PKIs Pursue interoperability with Nation of Canada Pursue interoperability with Nation of Canada Pursue interoperability with non-government sector bridges Pursue interoperability with non-government sector bridges

17 References Federal PKI Steering Committee Website: http://www.cio.gov/fpkisc Federal PKI Steering Committee Website: http://www.cio.gov/fpkisc http://www.cio.gov/fpkisc FBCA Page: http://www.cio.gov/fpkisc/fbca/index.htm FBCA Page: http://www.cio.gov/fpkisc/fbca/index.htm http://www.cio.gov/fpkisc/fbca/index.htm NIST PKI Website: http://csrc.nist.gov/pki NIST PKI Website: http://csrc.nist.gov/pkihttp://csrc.nist.gov/pki

Download ppt "The NIH PKI Pilots Peter Alterman, Ph.D. … again."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Program Managers Forum

Program Managers Forum
Federal PKI Architecture Update

Federal PKI Architecture Update
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Assuring e-Trust always www.certiver.com 1 Guaranteeing Electronic Trust at all times.

Assuring e-Trust always 1 Guaranteeing Electronic Trust at all times.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

Similar presentations

Ads by Google