“Ten Years Ago… on a cold dark night”

Slides:



Advertisements
Similar presentations
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
The U.S. Federal PKI and the Federal Bridge Certification Authority
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Shibboleth and InCommon: Making Secure Collaboration a Reality Scott Cantor Internet2/MACE and The.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
X.509/PKI There is progress.... Topics Why PKI? Why not PKI? The Four Stages of X.509/PKI Other sectors Federal Activities - fBCA, NIH Pilot, ACES, other.
R & Ethinking Trust Ken Klingenstein, custodian, InCommon and the CREN CAt.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Rethinking Privacy As Bob Blakley says, “It’s not about privacy, it’s about discretion.” Passive privacy - The current approach. A user passes identity.
Shibboleth at Columbia Update David Millman R&D July ’05
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Federated Identity Graduates Nate Klingenstein Internet2 APAN 27 高雄台湾, March 3, 2009.
PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.
Fundamentals: Security, Privacy, Trust. Scenarios we’d like to see... Use of licensed library materials regardless of student’s location Signed .
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.
01 October 2001 “...By Any Other Name…”. Consequences and Truths (Ken) The Pieces and the Processes (Bob) Directories (Keith) Shibboleth and SAML (Scott)
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
The FederID project The First Identity Management and Federation Free Software.
Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.
TAG Presentation 18th May 2004 Paul Butler
Access Policy - Federation March 23, 2016
Stop Those Prying Eyes Getting to Your Data
LIGO Identity and Access Management
OGSA-WG Basic Profile Session #1 Security
Agenda Time Activity 1410 Welcome and introductions 1415
TAG Presentation 18th May 2004 Paul Butler
SWIM Common PKI and policies & procedures for establishing a Trust Framework                           Kick-off meeting Patrick MANA Project lead 29 November.
Adding Distributed Trust Management to Shibboleth
Mary Fran Yafchak Senior Program Manager, IT
Security in ebXML Messaging
NAAS 2.0 Features and Enhancements
Identity Infrastructure Fundamentals and Key Capabilities
Technical Approach Chris Louden Enspier
Context, Gaps and Challenges
Fed/ED December 2007 Jim Jokl University of Virginia
The JISC Core Middleware Call
Presentation transcript:

“Ten Years Ago… on a cold dark night”

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard

Acknowledgments NIH and NIST – Peter Alterman, Tim Polk and Bill Burr NSF – Early Adopters and NSF Middleware Initiative Internet2 Membership PKI Labs, PKI Advisory Board, Neal McBurnett Program Committee and Sean Smith

Security Acronymny circa 1998 PKI X.500 X.509 CRL RSA PGP

Security Acronymny circa 2002 PKI X.500 X.509 CRL OCSP LDAP RSA PGP XKMS SPKI GXA Liberty Magic Carpet SAML Shibboleth XML HEBCA FBCA

Security Acronymny circa 2002 E-authentication 9-11-01 OGSA GSS E-SIGN E-LOCK ACES CAM DAVE

Observations I was really ignorant in 1998 This is proving really hard There are a lot more approaches, if only because there are lots more needs Partitioning the problem space may be better than the unified solution

What’s working At the core, the math of PKI remains extremely elegant The standards, protocols and processes of PKI are open PKI attracts really smart people

What’s proving hard Scaling: virtual organizations, federations, bridged hierarchies Trust: collaborative versus legal Integrating security and privacy Mechanics: mobility, archiving, key escrow, identity Authorization: role based versus atomic rights Reconciling humans and lawyers

Interrealm Trust Structures Federated administration basic bilateral (origins and targets in web services) complex bilateral (videoconferencing with external MCU’s, digital rights management with external rights holders) multilateral Hierarchies may assert stronger or more formal trust requires bridges and policy mappings to connect hierarchies appear larger scale Virtual organizations Grids, digital library consortiums, Internet2 VideoCommons, etc. Share real resources among a sparse set of users Requirements for authentication and authorization, resource discovery, etc need to leverage federated and hierarchical infrastructures.

The Continuum of Trust Collaborative trust at one end… can I videoconference with you? you can look at my calendar You can join this computer science workgroup and edit this computing code Students in course Physics 201 @ Brown can access this on-line sensor Members of the UWash community can access this licensed resource Legal trust at the other end… Sign this document, and guarantee that what was signed was what I saw Encrypt this file and save it Identifiy yourself to this high security area

Dimensions of the Trust Continuum Collaborative trust handshake consequences of breaking trust more political (ostracism, shame, etc.) fluid (additions and deletions frequent) shorter term structures tend to clubs and federations privacy issues more user-based Legal trust contractual consequences of breaking trust more financial (liabilities, fines and penalties, indemnification, etc.) more static (legal process time frames) longer term (justify the overhead) tends to hierarchies and bridges privacy issues more laws and rules

The Trust Continuum, Applications and their Users Applications and their user community must decide where their requirements fit on the trust continuum Some apps can only be done at one end of the continuum, and that might suggest a particular technical approach. Many applications fit somewhere in the middle and the user communities (those that trust each other) need to select a approach that works for them.

Integrating Security and Privacy Balance between weak identity, strong identity, and attribute-based access (without identity) Balance between privacy and accountability – keeping the identity known only within the security domain

Reconciling Humans and Lawyers Non-repudiation has had a very high bar set… Human nature has been “refined” over a long time We tend to talk globally, think locally and act inconsistently…

Conference Outcomes Refine our understandings of security Cross-pollinate PKI research Identify experiments that should be conducted

Why PKI? Single infrastructure to provide all security services Established technology standards, though little operational experience Elegant technical underpinnings Serves dozens of purposes - authentication, authorization, object encryption, digital signatures, communications channel encryption Low cost in mass numbers

Why Not PKI? High legal barriers Lack of mobility support Challenging user interfaces, especially with regard to privacy and scaling Persistent technical incompatibilities Overall complexity

D. Wasley’s PKI Puzzle

Federal Activities fBCA NIH Pilot ACES fPKI TWG Others – federal S/MIME work Internet2/NIH/NIST research conference ...

The Industry What's the problem with PKI then? It all boils down to one thing: Complexity. Wanted: PKI Experts By Scot Petersen July 18, 2001

The Industry Baltimore in peril PKIforum slows down OASIS-SAML work (XML to leaven PKI) gains buzz RSA buys Securant

Ten Years Forward… The issues here have become immensely important The cutting edge is being blunted by the demands of deployment It’s too important for us to be doing it…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.