X.509/PKI There is progress.... Topics Why PKI? Why not PKI? The Four Stages of X.509/PKI Other sectors Federal Activities - fBCA, NIH Pilot, ACES, other.

Slides:



Advertisements
Similar presentations
NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
PKI: A High Level View from the Trenches Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado.
Federal PKI Architecture Update
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Report on Attribute Certificates By Ganesh Godavari.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
The U.S. Federal PKI and the Federal Bridge Certification Authority
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
Security and Privacy Renee Woodten Frost Program Manager, Middleware Initiatives, Internet2 I2 Middleware Liaison, University of Michigan Telemedicine.
Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August
The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
1 PKI Update September 2002 CSG Meeting Jim Jokl
PKI 150: PKI Parts Policy & Progress Part 2 Jim Jokl University of Virginia David Wasley University of California.
Transforming Education Through Information Technologies Common Solutions Group, January, 2002 (Sanibel Island) HEBCA: Higher Education.
Bridging Higher Education PKIs PKI Summit, August 2006 Snowmass, Colorado.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
CAMP PKI UPDATE August 2002 Jim Jokl
PKI 101 Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder David Wasley Technology.
The NIH PKI Pilots Peter Alterman, Ph.D. … again.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Building Security into Your System Bill Major Gregory Ponto.
Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.
PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee.
PKI Summit August 2004 Technical Issues to Deploying PKI on Campuses.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Some Technical Issues in PKI Deployment David Chadwick
HEBCA – The Operating Authority July 2005 Dartmouth PKI Summit.
Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Introduction to the PKI Issues at UW Madison Presented to ITC on Friday, 3/18/2005 Tom Jordan Systems Engineer,
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Higher Education Bridge Certification Authority Scaleable Linking of PKI trust domains Scaleable Linking of PKI trust domains David L. Wasley Fall 2006.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
U.S. Federal e-Authentication Initiative
Public Key Infrastructure from the Most Trusted Name in e-Security
Fed/ED December 2007 Jim Jokl University of Virginia
September 2002 CSG Meeting Jim Jokl
“Ten Years Ago… on a cold dark night”
Presentation transcript:

X.509/PKI There is progress...

Topics Why PKI? Why not PKI? The Four Stages of X.509/PKI Other sectors Federal Activities - fBCA, NIH Pilot, ACES, other Healthcare- HIPPA State governments - E-Sign, Draft CP Corporate Deployments The Industry Higher Ed TAG, PAG

Why X.509/PKI? Single infrastructure to provide all security services Established technology standards, though little operational experience Elegant technical underpinnings Serves dozens of purposes - authentication, authorization, object encryption, digital signatures, communications channel encryption Low cost in mass numbers

Why Not X.509/PKI? High legal barriers Lack of mobility support Challenging user interfaces, especially with regard to privacy and scaling Persistent technical incompatibilities Overall complexity

D. Wasley’s PKI Puzzle

The Four Planes of PKI on the road to general purpose interrealm PKI the planes represent different levels of simplification from the dream of a full interrealm, intercommunity multipurpose PKI simplifications in policies, technologies, applications, scope each plane provides experience and value

The Four Planes are Full interrealm PKI - (Boeing 777) - multipurpose, spanning broad and multiple communities, bridges to unite hierarchies, unfathomed directory issues Simple interrealm PKI - (Regional jets) - multipurpose within a community, operating under standard policies and structured hierarchical directory services PKI-light - (Corporate jets) - containing all the key components of a PKI, but many in simplified form; may be for a limited set of applications; can be extended within selected communities PKI-ultralight (Ultralights) - easiest to construct and useful conveyance; ignores parts of PKI and not for use external to the institution; learn how to fly, but not a plane...

Examples of Areas of Simplification Spectrum of Assurance Levels Signature Algorithms Permitted Range of Applications Enabled Revocation Requirements and Approaches Subject Naming Requirements Treatment of Mobility...

PKI-Light example (HEPKI) CP: Wasley, etal. Draft HE CP stubbed to basic/rudimentary CRL: ? Applications: (Signed ) Mobility: Password enabled Signing: md5RSA Thumbprint: sha1 Naming: dc Directory Services needed: Inetorgperson

PKI-Light example (Texas- Houston) CP: Verisign CRL: Verisign Applications: authentication Mobility: USB dongl;e Signing: md5RSA Thumbprint: sha1 Naming: X>500 Directory Services needed: I? Deployment: 5,000 medical students

PKI-Ultralight (MIT) CP: none CRL: limit lifetime Applications: Internal web authentication Mobility: one per system; also password enabled Signing: md5RSA Thumbprint: sha1 Naming: X,500 Directory Services needed: none Deployment: approximately 350,000 over five years

Federal Activities fBCA became operational June 7; talking with several possible peers (States of Illinois and Washington) NIH Pilot for grant submissions - Peter Alterman, NIH ACES - not much visible activity; Dept of Ed backed out of for student loan administration fPKI TWG - others Internet2/NIH/NIST research conference...

Healthcare HIPPA - Privacy specs issued HIPPA - Security specs not yet done Two year compliance phase-ins Little progress in community trust agreements Non-PKI HIPPA Compliance Options

Other deployments Success stories within many individual corporations for VPN, authentication No current community-wide deployments ABA guidelines Others... State Governments E-Sign FlowChart NECCC Draft State Certificate Policy Other countries EuroPKI Extensive work in the Netherlands Inter-governmental discussions?

The Industry What's the problem with PKI then? It all boils down to one thing: Complexity. Wanted: PKI Experts By Scot Petersen July 18, 2001

The Industry Baltimore in peril PKIforum slows down OASIS-SAML work (XML to leaven PKI) gains buzz RSA buys Securant

The Industry Browsers that don’t take community roots Communications tools that want certs we don’t want to give them Path math that sometimes don’t compute Technology that doesn’t interoperate...

Higher Education HEBCA HEPKI-TAG HEPKI-PAG PKI-labs Campus activities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.