Presentation is loading. Please wait.

Presentation is loading. Please wait.

CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.

Similar presentations


Presentation on theme: "CREN-Mellon conference, December 1, 2001 University of Texas PKI Status."— Presentation transcript:

1 CREN-Mellon conference, December 1, 2001 University of Texas PKI Status

2 CREN-Mellon conference, December 1, 2001 PKI TEAM Gene Titus, Systems Architect (U.T. System Office of Telecommunication Services) Jim Lyons, Developer and DBA (U.T. Austin ITS/Telecommunications and Networking) Frank Sayre, Coordination, Policy (U.T. Austin ITS/Telecommunications and Networking) U.T. System Associate Vice-Chancellor, Chief Information Officer U.T. System System Audit Office U.T. System Office of Information Resources U.T. Austin Vice-President for Information Technology (ITS) ITS Administrative Computing ITS Security Office U.T. Austin Office of Internal Audits

3 CREN-Mellon conference, December 1, 2001 Management of Community Data Directory organized as X.500 hierarchy Campus-wide, 100% coverage of entire community Populated through daily ‘feeds’ from HR and Registrar Managed via OpenLDAP v. 1.2x Accessible via Richter/TU Chemnitz web500gw-2.1b3 at Operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system

4 CREN-Mellon conference, December 1, 2001 Current Network Authentication Scheme Electronic ID (EID) -- pre-PKI Campus-wide 100% of community using network-based electronic services (grades, transcript requests, class rosters, time sheets, bio updates, etc, etc) Username/password credential providing single-sign-on for network-based services Established at face-to-face presentation of identity credentials at University ID Center User logon through HTTPS connection to HPUX systems tied in with central authorization records residing in MVS. Authorization data is passed inside RSA MD5-encrypted cookie Viable authentication mechanism for end-user certificate requests through HTTPS-based PKI Registration Authority

5 CREN-Mellon conference, December 1, 2001 Planned Initial Uses, 2002/03 SSL server certificates Authentication for network-based services (to some degree replacing EID) Digitally signed documents (S/MIME protocol) for special groups Digitally signed and encrypted (S/MIME protocol) for special groups

6 CREN-Mellon conference, December 1, 2001 Current Deployment Status: U.T. System Certification Authority implemented with PERL/OpenSSL tested Private key storage in Chrysalis Luna CA3 (FIPS 140-1, level 3) HSM tested CA certificate to be signed by CREN January, 2002 System operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system Issuance of Institutional CA certficates for U.T. component campuses Spring, 2002 Policy governing CA certificate issuance due early Spring, 2002

7 CREN-Mellon conference, December 1, 2001 Current Deployment Status: U.T. Austin Certification Authority implemented with PERL/OpenSSL tested HTTPS-accessible Registration Authority implemented in PERL tested Registration Authority integrated with current EID network authentication tested Issuance of end-entity certificates to Schlumberger CyberFlex smartcards tested Back-end storage and management of certficates in Unix dbm tested Initial, informal testing of CRL publication to OCSP server completed Initial, informal testing of PKI-enabled client applications signficant problems revealed Operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system CA certificate signed by U.T. System CA Spring, 2002 Policy governing issuance of SSL server certificates early Spring, 2002 Issuance of SSL server certificates commence Spring, 2002 Policy for end-entity certificates for special groups drafted Spring, 2002 Publication of end-entity certificates to Directory need additional testing in Spring, 2002 Publication of CRLs to OCSP server need additional testing in Spring, 2002 Formal testing of PKI-enabled client applications commence Summer, 2002 Formal testing of OCSP client-server functions commence Summer, 2002 Preparation of user documentation and support procedures commence Summer, 2002 End-entity certificate issuance for special groups Fall, 2002, or Spring, 2003

8 CREN-Mellon conference, December 1, 2001 Content Providers Most widely used content providers include: Elsevier, OCLC, JSTOR, Bowker, Gale Access allowed for campus IP address range and by scripted logon Library staff would like ‘electronic library card’ to be implemented as part of U.T. Austin campus PKI.

9 CREN-Mellon conference, December 1, 2001 Readiness to Issue Certs to Select Groups Fall, 2002, or Spring, 2003, at earliest Significant administrative effort in area of PKI policy Identification of funds Significant user support for essential PKI concepts and for configuration and use of PKI-enabled client apps


Download ppt "CREN-Mellon conference, December 1, 2001 University of Texas PKI Status."

Similar presentations


Ads by Google