EDUCAUSE PKI Working Group Where Are We and Where are We Going.

Slides:

Advertisements

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

Advertisements

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

Got Directory? January 28, 2004 TIP metadirectory enterprise directory database departmental directories OS directories (MS, Novell,

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

The U.S. Federal PKI and the Federal Bridge Certification Authority

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.

SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

PKI: Glue of Middleware Michael R Gettes, Duke University CAMP Enterprise Authentication Michael R Gettes, Duke University CAMP Enterprise Authentication.

Transforming Education Through Information Technologies Common Solutions Group, January, 2002 (Sanibel Island) HEBCA: Higher Education.

1 The InCommon Federation John Krienke Internet2 Spring Member Meeting Tuesday, April 25, 2006.

HEBCA Overview Internet2 Meeting, Fall 2002 Michael R Gettes Georgetown University

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.

The NIH PKI Pilots Peter Alterman, Ph.D. … again.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,

Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,

Federal and State PKI Bridge Evolution: Cutting Across Stovepipes EDUCAUSE 2000 October 12th, 2000.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

February 1, 2002 Internet2 Middleware Initiative and MACE RL "Bob" Morgan, University of Washington.

PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.

Higher Ed Bridge CA Extending Trust Across Higher Education - And Beyond David L. Wasley University of California.

/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.

05 October 2001 Directories: The Next Stage Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.

Public-Key Infrastructure for Higher Education Mark Luker EDUCAUSE.

Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.

Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.

InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.

October 2, 2001 Middleware: Pieces and Processes RL "Bob" Morgan, University of Washington.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

Deployed PKI in Higher Education An Overview. Goal Find Institutions that have end-user-focused PKI up and running, and document their experiences Some.

Higher Education Bridge CA (HEBCA) – Planting is required before the harvest (Scott Rea) Fed/Ed June 2007.

Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.

Welcome to CAMP Directory Workshop Ken Klingenstein, Internet2 and University of Colorado-Boulder.

Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.

Current Activities in Middleware

Higher Education Bridge Certification Authority

U.S. Federal e-Authentication Initiative

USHER U.S. Higher Education Root Certificate Authority

Higher Education Bridge CA (HEBCA) – Planting is required before the harvest (Scott Rea) Fed/Ed June 2007.

David L. Wasley Spring 2006 I2MM

Internet2 Member Meeting

Inter-institutional Trust Fabric Overview and Synergies

Fed/ED December 2007 Jim Jokl University of Virginia

September 2002 CSG Meeting Jim Jokl

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Sixth Annual PKI Summit at Snowmass, Colorado August 2004.

Presentation transcript:

EDUCAUSE PKI Working Group Where Are We and Where are We Going

Overview  Higher Education Bridge Certification Authority (HEBCA)  HEBCA Board of Instantiation and Development (BID)  Where is “the Killer (PKI) App”  Final Thoughts

PKI in HE – Where Is It Today?  PKI efforts at about 3 dozen-plus HEIs  Nearly all are in a test phase  All are campus-focused/inwardly pointed – few inter-realm interactions  Not being implemented quickly across HE

PKI in HE – Where Is It Today?  Implementation can be difficult  Some home-grown installations  Other HE CA’s are vendor-based e.g., Microsoft, Verisign, DST, enTrust, etc.  No fully operational production HE Bridge  EDUCAUSE sponsoring the BID

Board of Instantiation and Development - the BID Members: –Clair Goldsmith, Chair, University of Texas System –Gary Augustson, Pennsylvania State U –Kathryn Baerwald, Georgetown –Robert Brentrup, Dartmouth –Michael Gettes, Georgetown –Keith Hazelton, U Wisconsin –Jim Jokl, U of Virginia –Ken Klingenstein, Internet2, U Colorado –Lawrence Levine, Dartmouth –Mark Luker, EDUCAUSE –David Wasley, U California Office of the President –Steve Worona, EDUCAUSE –+ Nathan Faut, support consultant

PKI in HE – the BID  Purpose 1: Make the HE Bridge (HEBCA) Operational in 1 year (Sept. 2003)  Purpose 2: Advise EDUCAUSE  Goal 1: Promote PKI throughout HE –Support the “PKI Killer App” –Develop PKI Services as needed  Goal 2: X-cert the HEBCA w/ the Federal PKI Bridge (FBCA) –FBCA already standing ~ 2years Part of eAuthentication Project –FPKI Policy Authority and Steering Committee working w/ EDUCAUSE & BID

The BID – Work Groups  Operational Bridge –Michael Gettes*, Bob Brentrup, Nathan Faut, Keith Hazelton, Jim Jokl, Steve Worona,  Business Model –Larry Levine*, Kathryn Baerwald, Nathan Faut, Michael Gettes, Brad Noblet, Steve Worona  Policy Management Authority –Clair Goldsmith*, Gary Augustson, Kathryn Baerwald, Nathan Faut, Michael Gettes, Keith Hazelton, Mark Luker, David Wasley, Steve Worona

PKI in HE – the BID The BID is:  Creating a Policy Authority Board to fund and oversee the HEBCA  Developing the policies, guidelines, and documents needed to create and have HEI CA’s participate in the HEBCA  Finding ways to support the most likely PKI “Killer Apps”

The BID – Deliverables  Operational Bridge  Business Model  Policy Management Authority –Operational Authority –Structure of National Bridge Network  Communications and Marketing, e.g., etc.

Discussion Point  For what applications do you hope to use PKI –In the near-term (12-24 months)? –In the long-term (24 months-plus)?

Discussion Point  What will help you justify investment in PKI? –S/MIME? –VPN access/support? –Access to remote resources (library materials, research applications, et.al.) –Digital signature applications –Other?

Discussion Point  What applications do you see would justify the existence of a HE PKI Bridge? –E-commerce (trust is important)? –E-transactions w/ Fed gov’t (accountability is important)? –App-to-app messaging with external parties? –Other?

Discussion Points  What value would you see in a sector CA?  Finally, what PKI usability issues handicap your implementation –Portability? –User interface? –Digital signatures profile? –Credentials left unlocked?

The BID’s near-term focus – 2 likely “Killer Apps”  Secured –Reduce identity theft –Increase privacy –Increase use of electronic commerce at campus- & Institutional- & national levels  E-grants –Faster, secured grant processing –Faster (e-)payments –More secured communications & fund Xfers –Federal focus is on this initiative

PKI in HE – What Next?  BID is developing project timeline and goals to stand a production PKI Bridge  BID is developing a HE-focused service model to facilitate increased use of PKI at all levels of HE

PKI in HE – Future Goals  Stabilize technology (w/ Fed) –LDAP with eduPerson & certs –Shibboleth –Bridge-aware Web browsing (esp. Mozilla) –Bridge-aware PKI CA vendors (e.g. Verisign, etc.)  Support or provide a CA service for those HEIs that do not stand their own CA

PKI in HE – Future Goals  Work with the NSF Middleware Initiative (NMI) to cross-promote our solutions for secured commerce and remote applications that best fit the HE sector  Through PKI, increase efficiency of grants, funding, and transactions

PKI in HE – Thank you  Conclusion –Questions? –Comments?