Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Slides:



Advertisements
Similar presentations
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Advertisements

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Trust Fabrics: Old Whine in New Battles Ken Klingenstein Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado, Boulder.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
The U.S. Federal PKI and the Federal Bridge Certification Authority
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Shibboleth and InCommon: Making Secure Collaboration a Reality Scott Cantor Internet2/MACE and The.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
SWITCHaai Team Federated Identity Management.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
X.509/PKI There is progress.... Topics Why PKI? Why not PKI? The Four Stages of X.509/PKI Other sectors Federal Activities - fBCA, NIH Pilot, ACES, other.
VO and Internet2 Middleware. Presenter’s Name Topics Motivations for Internet2 Middleware work Federated identity and InCommon Other IdM Groups, privileges,
Configuring Directory Certificate Services Lesson 13.
R & Ethinking Trust Ken Klingenstein, custodian, InCommon and the CREN CAt.
HEPKI - PAG: An Update Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
Rethinking Privacy As Bob Blakley says, “It’s not about privacy, it’s about discretion.” Passive privacy - The current approach. A user passes identity.
Shibboleth at Columbia Update David Millman R&D July ’05
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Federated Identity Graduates Nate Klingenstein Internet2 APAN 27 高雄台湾, March 3, 2009.
PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.
Southeastern Universities Research Association (SURA) - Intro for Fed/Ed 18 Mary Fran Yafchak Senior Program Manager, IT
Fundamentals: Security, Privacy, Trust. Scenarios we’d like to see... Use of licensed library materials regardless of student’s location Signed .
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.
01 October 2001 “...By Any Other Name…”. Consequences and Truths (Ken) The Pieces and the Processes (Bob) Directories (Keith) Shibboleth and SAML (Scott)
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
LIGO Identity and Access Management
SWIM Common PKI and policies & procedures for establishing a Trust Framework                           Kick-off meeting Patrick MANA Project lead 29 November.
Technical Approach Chris Louden Enspier
Context, Gaps and Challenges
“Ten Years Ago… on a cold dark night”
Presentation transcript:

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard

Acknowledgments NIH and NIST – Peter Alterman, Tim Polk and Bill Burr NSF – Early Adopters and NSF Middleware Initiative Internet2 Membership PKI Labs, PKI Advisory Board, Neal McBurnett Program Committee and Sean Smith

Security Acronymny circa 1998 PKI X.500 X.509 CRL RSA PGP

Security Acronymny circa 2002 PKI X.500 X.509 CRL OCSP LDAP RSA PGP XKMS SPKI GXA Liberty Magic Carpet SAML Shibboleth XML HEBCA FBCA

Security Acronymny circa 2002 E-authentication OGSA GSS E-SIGN E-LOCK ACES CAM DAVE

Observations I was really ignorant in 1998 This is proving really hard There are a lot more approaches, if only because there are lots more needs Partitioning the problem space may be better than the unified solution

What’s working At the core, the math of PKI remains extremely elegant The standards, protocols and processes of PKI are open PKI attracts really smart people

What’s proving hard Scaling: virtual organizations, federations, bridged hierarchies Trust: collaborative versus legal Integrating security and privacy Mechanics: mobility, archiving, key escrow, identity Authorization: role based versus atomic rights Reconciling humans and lawyers

Interrealm Trust Structures Federated administration basic bilateral (origins and targets in web services) complex bilateral (videoconferencing with external MCU’s, digital rights management with external rights holders) multilateral Hierarchies may assert stronger or more formal trust requires bridges and policy mappings to connect hierarchies appear larger scale Virtual organizations Grids, digital library consortiums, Internet2 VideoCommons, etc. Share real resources among a sparse set of users Requirements for authentication and authorization, resource discovery, etc need to leverage federated and hierarchical infrastructures.

The Continuum of Trust Collaborative trust at one end… can I videoconference with you? you can look at my calendar You can join this computer science workgroup and edit this computing code Students in course Physics Brown can access this on-line sensor Members of the UWash community can access this licensed resource Legal trust at the other end… Sign this document, and guarantee that what was signed was what I saw Encrypt this file and save it Identifiy yourself to this high security area

Dimensions of the Trust Continuum Collaborative trust handshake consequences of breaking trust more political (ostracism, shame, etc.) fluid (additions and deletions frequent) shorter term structures tend to clubs and federations privacy issues more user-based Legal trust contractual consequences of breaking trust more financial (liabilities, fines and penalties, indemnification, etc.) more static (legal process time frames) longer term (justify the overhead) tends to hierarchies and bridges privacy issues more laws and rules

The Trust Continuum, Applications and their Users Applications and their user community must decide where their requirements fit on the trust continuum Some apps can only be done at one end of the continuum, and that might suggest a particular technical approach. Many applications fit somewhere in the middle and the user communities (those that trust each other) need to select a approach that works for them.

Integrating Security and Privacy Balance between weak identity, strong identity, and attribute- based access (without identity) Balance between privacy and accountability – keeping the identity known only within the security domain

Reconciling Humans and Lawyers Non-repudiation has had a very high bar set… Human nature has been “refined” over a long time We tend to talk globally, think locally and act inconsistently…

Conference Outcomes Refine our understandings of security Cross-pollinate PKI research Identify experiments that should be conducted

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.