David L. Wasley Spring 2006 I2MM

Slides:



Advertisements
Similar presentations
NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Advertisements

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
21 mai 2015 Bridges between Certification Authorities.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
The U.S. Federal PKI and the Federal Bridge Certification Authority
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.
NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
HEBCA Overview Internet2 Meeting, Fall 2002 Michael R Gettes Georgetown University
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Bridge Certification Architecture A Brief Demo by Tim Sigmon and Yuji Shinozaki June, 2000.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Evaluating trusted electronic documents Petr Švéda Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.
Encryption / Security Victor Norman IS333 / CS332 Spring 2014.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.
HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Key management issues in PGP
Cyber Security Means Locking the Front Door Too: Use High-Assurance Identity Management to Control Access to the Federal Bridge.
David Millman—Columbia January 2005
Use case: Federated Identity for Education (Feide)
Cryptography and Network Security
Improving Security of Real-time Communications
PKI Implementation at the University of Wisconsin-Madison
Authentication Applications
Organized by governmental sector (National Institute of information )
Public Key Infrastructure (PKI)
Higher Education Bridge Certification Authority
U.S. Federal e-Authentication Initiative
USHER U.S. Higher Education Root Certificate Authority
Mary Fran Yafchak Senior Program Manager, IT
Technical Approach Chris Louden Enspier
Inter-institutional Trust Fabric Overview and Synergies
Fed/ED December 2007 Jim Jokl University of Virginia
Federating and PKI: Case Studies Paul Hill, MIT
Appropriate Access InCommon Identity Assurance Profiles
IPNNI SHAKEN Enterprise Models: LEMON TWIST
Australian PKI experience
Doug Bellows – Inteliquent 3/18/2019
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Sixth Annual PKI Summit at Snowmass, Colorado August 2004.
Presentation transcript:

David L. Wasley Spring 2006 I2MM Trust & PKI Networking Title Slide David L. Wasley Spring 2006 I2MM

PKIs are islands of common trust PKI Networks PKIs are islands of common trust Content Slide

They can be ‘networked’

What does this mean? A Relying Party under (A) can build a path from a Subject under (C) This avoids RP having to know Trust Anchors (B) and (C) But not vice versa

Trust is established by Certificate Policy What if the trust model under (A) is different than under (B) and/or (C)? Trust is established by Certificate Policy (A) can specify how it’s policy is met or exceeded by (B)’s policy (A) can place limits on this trust If there is no equivalency, (A) doesn’t trust (B) (B) does the same with respect to (C) (A) must also trust (B) to do this adequately (A) can limit how far it is willing to ‘network’

All this can be done bi-laterally

A “bridge” serves as the hub of trust

Few existing applications understand this So what’s the problem? Few existing applications understand this May not be able to deal with cross-certs Must not only “find a path” but evaluate it Recent interest by browser developers Federal PKI has been developed around this model for 4-5 years Requires applications to be “bridge aware” See http://www.cio.gov/fbca

Higher Education Bridge CA - HEBCA Under development for at least 2 years Anticipates need for networking H.E. with Federal agency applications Not yet clear how commercial PKI vendors will participate Awaits real applications and campus PKIs

Networking with Commercial PKI

What about ID federations like InCommon? Federations solve an important set of problems What is ID? What is a credential? etc... Some solutions are easier with PKI End-to-end secure email Document integrity Document attestation, e.g. digital signatures PKI and federations are complimentary

End Slide

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.