Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
The Federal Bridge CA Developing Trust Relationships Between Disparate Entities Judith Spencer Chair, Federal PKI Steering Committee
The Problem There is no single Public Key Infrastructure Discrete Trust Domains abound Different systems incorporate differing –Technical Solutions –Policy Decisions The Federal Government needs a mechanism for reliance on external Trust Domains. Interoperability is the CHALLENGE –Technical Interoperability –Policy Interoperability
Islands of Trust
Possible Solutions Single Hierarchical Root for all PKI in USA Trust Lists Cross-Certification Bridge Certification Authority
Trust Domain 2 S/MIME Directory Infrastructure 2 Trust Domain 1 Directory Infrastructure 1 Cross Certified CAs Directory System Agent Cross certificates CRL FIP L3 Crypto Cross certificates CRL Cross certificates ARL Federal Bridge Certification Authority
Two Phase Approach Policy: Mapping Annual Audits Organizational Membership Technical: Testing Interoperability in the Lab Cross-Certification Directory Interoperability Federal PKI Policy Authority FBCA Operational Authority
Organizations in the Queue National Aeronautic and Space Administration Department of the Treasury Department of Defense National Finance Center State of Illinois Government of Canada
A Vision for the Future
Making It Real National Institutes of Health-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures
Project Concept of Operations NIH OER Recipient E-Lock Assured Office Digital Signed Grant App. E-Lock Assured Office CAM-enabled NIH CAM Server with DAVE FBCA HEBCA Cert Status Cert Status Certificate Validation University B Certificate Validation University A Certificate Validation University C
Project Accomplishments to Date Receipt of digitally-signed electronic submissions from University of Alabama at Birmingham, University of Wisconsin- Madison and Dartmouth with.. Successful verification and validation of digital signatures (RSA, iPlanet and Entrust, respectively)
Reusable Infrastructure Bridge-to-Bridge Interoperability Mesh Certificate Path Discovery Middleware Support for LDAP directory chaining protocols and LDAP – X.500 directory interoperability Interoperability among multiple CA products (RSA, Entrust, iPlanet)
Contact Information