Presentation is loading. Please wait.

Presentation is loading. Please wait.

HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University

Published byCandice Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University"— Presentation transcript:

1 HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University Gettes@Georgetown.EDU

2 2 Policy Technical PKI is 1/3 Technical and 2/3 Policy?

3 Transforming Education Through Information Technologies http://www.educause.edu/ Common Solutions Group, January, 2002 (Sanibel Island) 3 Multiple CAs in FBCA Membrane Survivable PKI Cross Certificates allow for “one/two-way policy” Directories are critical in BCA world.

4 Transforming Education Through Information Technologies http://www.educause.edu/ Common Solutions Group, January, 2002 (Sanibel Island) 4 A Snapshot of the U.S. Federal PKI Federal Bridge CA NFC PKI Higher Education Bridge CA NASA PKI DOD PKI Illinois PKI University PKI CANADA PKI

5 5

6 6 The PKI Puzzle By David Wasley, UCOP PKI Hierarchy Medical

7 7 HEBCA linkage HEBCAFBCA NIH E-Auth Shib CREN Weems’ Wacky World Medical Healthkey MitreTek Inter- Directories Euro PKI GRID SEVIS Apache Signed Email FDRM State Bridges VidMid

8 NIH ca trust anchor “DAVE” (Discovery and Validation Engine) sender (UA) receiver (NIH) NIH directory FBCA dir cross cert cross cert DAVECAME-Lock software ca directory HEBCA dir cross cert UA ca UA dir issued get Cert,CRL via directory chaining

9 9ControlNumber “Registry of Directories” Structure Legend: a subordinate referral a superior referral dc=edu c=us c=japan dc=intl (Top) dc=uab dc=ucop (else sup) dc=edu o=US Govt o=HHS ou=A, o=NASA (else sup) c=us ou=FBCA ou=agency7 (else sup) o=US Govt, c=us ou=FBCA ou=agency7 ou=FBCA, o=US Govt, c=us Content DirectoriesReferral Directories “Else superior referral” clause exists to allow any LDAP client (or content directory) to have option of pointing to a referral directory and be able to construct a desired path There is no “else” clause in content directories to prevent loops

10 10 HEBCA BID F Board of Instantation and Development F 10-12 of CIO, Techies, Lawyers (usual suspects) F 1 Year to make HEBCA production –Governance –Stand up Policy/Operational Authorities –Service (structure, fees, management) –Cross-certify with FBCA –Funding and Technical development issues Application interfaces, discovery, blah blah blah

11 11 HEBCA Issues F Certificates in Directories F Gietz: Break out cert data in dir objects (searchable certs) F Chadwick: Certificate Parsing Server F Likely a major impact on Bridge CA model F OpenSSL/OpenCA to be “bridge aware” F Registry of Directories (Next-Gen)

12 12 HEBCA Issues F Deployment F Web Server plugin (apache) F Email validator (server based on receipt) F Bill Weems and crew; many apps F Application Integration F CAM/DAVE extensions (server validation) F XKMS, SCVP, Novomodo, blah blah F Understanding Java 1.4 and WinXP F Develop appropriate APIs F Browser awareness!!!!

Download ppt "HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University"

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University

Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.

US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
PKI: Glue of Middleware Michael R Gettes, Duke University EuroCAMP March, 2005 Michael R Gettes, Duke University EuroCAMP March, 2005.

PKI: Glue of Middleware Michael R Gettes, Duke University EuroCAMP March, 2005 Michael R Gettes, Duke University EuroCAMP March, 2005.
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.

PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.
NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.

NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.
Federal Bridge Certification Authority n Background n Overview n EMA Challenge Test structure n Participants n Results n Conclusions and lessons learned.

Federal Bridge Certification Authority n Background n Overview n EMA Challenge Test structure n Participants n Results n Conclusions and lessons learned.
HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.

HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.

Similar presentations

Ads by Google