Presentation is loading. Please wait.

Presentation is loading. Please wait.

CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.

Published byKatrina Atkins Modified over 9 years ago

Similar presentations

Presentation on theme: "CREN-Mellon conference, December 1, 2001 University of Texas PKI Status."— Presentation transcript:

1 CREN-Mellon conference, December 1, 2001 University of Texas PKI Status

2 CREN-Mellon conference, December 1, 2001 PKI TEAM Gene Titus, Systems Architect (U.T. System Office of Telecommunication Services) Jim Lyons, Developer and DBA (U.T. Austin ITS/Telecommunications and Networking) Frank Sayre, Coordination, Policy (U.T. Austin ITS/Telecommunications and Networking) U.T. System Associate Vice-Chancellor, Chief Information Officer U.T. System System Audit Office U.T. System Office of Information Resources U.T. Austin Vice-President for Information Technology (ITS) ITS Administrative Computing ITS Security Office U.T. Austin Office of Internal Audits

3 CREN-Mellon conference, December 1, 2001 Management of Community Data Directory organized as X.500 hierarchy Campus-wide, 100% coverage of entire community Populated through daily ‘feeds’ from HR and Registrar Managed via OpenLDAP v. 1.2x Accessible via Richter/TU Chemnitz web500gw-2.1b3 at http://directory.utexas.edu/ Operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system

4 CREN-Mellon conference, December 1, 2001 Current Network Authentication Scheme Electronic ID (EID) -- pre-PKI Campus-wide 100% of community using network-based electronic services (grades, transcript requests, class rosters, time sheets, bio updates, etc, etc) Username/password credential providing single-sign-on for network-based services Established at face-to-face presentation of identity credentials at University ID Center User logon through HTTPS connection to HPUX systems tied in with central authorization records residing in MVS. Authorization data is passed inside RSA MD5-encrypted cookie Viable authentication mechanism for end-user certificate requests through HTTPS-based PKI Registration Authority

5 CREN-Mellon conference, December 1, 2001 Planned Initial Uses, 2002/03 SSL server certificates Authentication for network-based services (to some degree replacing EID) Digitally signed documents (S/MIME protocol) for special groups Digitally signed and encrypted e-mail (S/MIME protocol) for special groups

6 CREN-Mellon conference, December 1, 2001 Current Deployment Status: U.T. System Certification Authority implemented with PERL/OpenSSL tested Private key storage in Chrysalis Luna CA3 (FIPS 140-1, level 3) HSM tested CA certificate to be signed by CREN January, 2002 System operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system Issuance of Institutional CA certficates for U.T. component campuses Spring, 2002 Policy governing CA certificate issuance due early Spring, 2002

7 CREN-Mellon conference, December 1, 2001 Current Deployment Status: U.T. Austin Certification Authority implemented with PERL/OpenSSL tested HTTPS-accessible Registration Authority implemented in PERL tested Registration Authority integrated with current EID network authentication tested Issuance of end-entity certificates to Schlumberger CyberFlex smartcards tested Back-end storage and management of certficates in Unix dbm tested Initial, informal testing of CRL publication to OCSP server completed Initial, informal testing of PKI-enabled client applications signficant problems revealed Operated on RedHat Linux 6.x on generic Pentium II 450 MHz rackmount system CA certificate signed by U.T. System CA Spring, 2002 Policy governing issuance of SSL server certificates early Spring, 2002 Issuance of SSL server certificates commence Spring, 2002 Policy for end-entity certificates for special groups drafted Spring, 2002 Publication of end-entity certificates to Directory need additional testing in Spring, 2002 Publication of CRLs to OCSP server need additional testing in Spring, 2002 Formal testing of PKI-enabled client applications commence Summer, 2002 Formal testing of OCSP client-server functions commence Summer, 2002 Preparation of user documentation and support procedures commence Summer, 2002 End-entity certificate issuance for special groups Fall, 2002, or Spring, 2003

8 CREN-Mellon conference, December 1, 2001 Content Providers Most widely used content providers include: Elsevier, OCLC, JSTOR, Bowker, Gale Access allowed for campus IP address range and by scripted logon Library staff would like ‘electronic library card’ to be implemented as part of U.T. Austin campus PKI.

9 CREN-Mellon conference, December 1, 2001 Readiness to Issue Certs to Select Groups Fall, 2002, or Spring, 2003, at earliest Significant administrative effort in area of PKI policy Identification of funds Significant user support for essential PKI concepts and for configuration and use of PKI-enabled client apps

Download ppt "CREN-Mellon conference, December 1, 2001 University of Texas PKI Status."

Similar presentations

PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,

PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes.

Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
CNI Fall 1998 Access Management Requirements and Approaches Joan Gargano California Digital Library

CNI Fall 1998 Access Management Requirements and Approaches Joan Gargano California Digital Library
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.
Remote Networking Architectures

Remote Networking Architectures

Similar presentations

Ads by Google