Download presentation
Presentation is loading. Please wait.
Published byDaniela Bryan Modified over 8 years ago
1
Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology University of Maryland
2
Higher Education PKI Summit Meeting August 8, 2001 Background American Bar Association Section of Science and Technology Law Electronic Commerce Division –Information Security Committee 1996 Digital Signature Guidelines DRAFT PKI Assessment Guidelines (PAG) DRAFT developed over a period of 5 years Developed As An Educational Resource Comments are due by October 18, 2001
3
Higher Education PKI Summit Meeting August 8, 2001 ABA Information Security Committee A group of lawyers and non-lawyers who are practicing attorneys in corporate, private, and government practice, information technologists, auditors, notaries from various legal regimes, trade experts, academics, and others dedicated to exploring and advancing the legal and information security aspects of e-commerce and information technology.
4
Higher Education PKI Summit Meeting August 8, 2001 Digital Signature Guidelines Provided basic technical and legal guidelines regarding the rights and responsibilities of certification authorities, certificate subscribers, and relying parties for digital signature applications of PKI. http://www.abanet.org/scitech/ec/isc/digital_signature.html
5
Higher Education PKI Summit Meeting August 8, 2001 PKI Assessment Guidelines DRAFT The draft PAG provides an overview of PKI, discusses specific technical, legal, business, and policy issues related to PKI operations, and provides guidelines for the assessment of particular PKIs and their components. http://www.abanet.org/scitech/ec/isc/pag/pag.html
6
Higher Education PKI Summit Meeting August 8, 2001 Goals of the PAG Provide a tool by which people can assess a PKI and its trustworthiness Explain basic PKI assessment models, PKI assessment terminology, and the interface among, and implications of business, legal, and technical issues in PKI Provide guidance for the selection of policies, standards, and legal agreements, including certificate policies (CPs), certification practice statements (CPSs), relying party agreements, and subscriber agreements
7
Higher Education PKI Summit Meeting August 8, 2001 Goals (cont’d) Promote smooth interoperation among different PKIs and their components; and Provide an intellectual framework and educational resource for understanding PKI services, products, technologies, and emerging legal concepts
8
Higher Education PKI Summit Meeting August 8, 2001 PAG is not intended: dictate policies, processes, or legal doctrines Mandate any particular models for assessment Remain static Be self-contained
9
Higher Education PKI Summit Meeting August 8, 2001 Overview of Contents PKI Overview Glossary of Definitions and Acronyms Tutorial on Public Key Technology Legal Preface PAG Provisions Appendices Bibliography with Online URLs
10
Higher Education PKI Summit Meeting August 8, 2001 Legal Issues Sources of Law Agency Principles Evidence and Expert Witnesses Foundations and Presumptions Consumer and Privacy Issues Risk Management and Insurance
11
Higher Education PKI Summit Meeting August 8, 2001 PAG Provisions General, Legal, and Business Provisions Initial Validation of Identity, Authority, and/or Other Attributes Certificate Life Cycle Operational Requirements Management, Operational and Physical security Controls Technical Security Controls Certificate, CRL, And OCSP Profiles Specific Administration
12
Higher Education PKI Summit Meeting August 8, 2001 Privacy, Confidentiality, and Security Privacy: Within the realm of information security, refers to a reasonable expectation that personally identifiable information and sensitive information will only be collected and used only for the purposes for which it was collected and not disclosed without the opportunity to exercise some choice regarding futher use of the information. Confidentiality: Reasonable expectation that information will not be viewed or accessed or viewed by unauthorized parties. Security: Technological measures taken to prevent theft, disclosure, improper use, and/or unauthorized access to information.
13
Higher Education PKI Summit Meeting August 8, 2001 General, Legal, and Business Provisions Apportioning Legal Responsibilities and Potential Liability Issue Summary Relevant Considerations Appropriate Requirements and Practices Risk Management and Insurance Financial Responsibility
14
Higher Education PKI Summit Meeting August 8, 2001 Provisions (cont’d) Interpretation and Enforcement Fees Publication and Repositories Compliance Audit and Other Assessments Consumer Issues, Information Practices, Privacy Intellectual Property Rights
15
Higher Education PKI Summit Meeting August 8, 2001 PKI Documentation Policy Documents Convey at a high level the requirements to which a PKI adheres and the practices the PKI employs to meet these requirements “Certificate Policy” “Certification Practice Statement” Agreements Bind participants to the requirements of the PKI “Subscriber Agreement” “Relying Party Agreement” Security, Operational, and Auditing Practices Detailed policies, guidelines, and procedures
16
Higher Education PKI Summit Meeting August 8, 2001 Implications for Higher Ed Policies and Procedures NET@EDU PKI Working Group EDUCAUSE Security Task Force Policy and Legal Issues Committee Contracts and Agreements Academic Culture and Traditions Practical Uses and Simplification Coordination Across Communities
17
Higher Education PKI Summit Meeting August 8, 2001 For more information, contact: Rodney Petersen Phone: 301.405.7349 Email: rp72@umail.umd.edu URL: www.oit.umd.edu/pp URL: www.umd.edu/NEThics
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.