1. John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec

2. Issuing Digital Credentials Relying upon our current Kerberos implementation Attributes stored depend upon certificate type: Affiliate Certificate: No user information stored other than a CA generated CN. Identity Certificate: CN, userid, OU, O, L, SP, C Not in widespread use (still in development stage other than GTRI) relying on IP based access control.

3. Institute Repositories Campus wide data warehouse (Oracle) retrieves data from Banner and PeopleSoft LDAP directory fed from data warehouse PH directory fed from Kerberos database Pilot Active Directory fed from data warehouse.

4. Current Repository Applications VPN use authorization via LDAP Phonebook (LDAP, Ph) Campus DHCP Registration Bulk mailing list generation WebCT

5. Certificate Usage Initial Uses Web site auth (GTRI/OIT) Server certificates Network services auth (LAWN) Future Development Digital Signatures Encryption

6. PKI Deployment The initial groups for certificate use will be GTRI, library, and CBT users. Utilizing GT developed CA software (PERL, MySQL, OpenSSL, Apache) running on a Sun Ultra 2 (Solaris 8)

7. Content Providers Access currently limited by IP address range. Developed a CheckPoint VPN solution as an interim solution.

8. Are We Ready? The Certificate Authority software (“Papyrus”) is ready to distribute certificates. Documentation is available, but does not cover everything. Browser support is often times unreliable. User education will be greatest challenge.