Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

Published byBernadette Carpenter Modified over 8 years ago

Similar presentations

Presentation on theme: "1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia."— Presentation transcript:

1 1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia

2 2 USHER - US Higher Education Root CA  Philosophy Lots of discussions about the needs of our community Eventual decision to implement what we call USHER-Basic first A different version of USHER may appear in the future to support applications that require a higher levels of assurance

3 3 USHER Basic Summary  Purpose: facilitate inter-institutional use of campus issued PKI credentials  USHER-Basic target Campuses that operate their PKI infrastructure at the same LOA as their common password- based systems  Email, scheduling, and commodity computing, etc  The USHER CA itself will operate at a relatively high level of assurance

4 4 PKI Applications  USHER was designed with some of these example applications in mind LionShare Grids (Globus toolkit) Electronic mail (S/MIME) VPN (IPSec), Wireless (EAP-TLS), & SSH authentication Web authentication

5 5 Expected Practices  When campuses join USHER, they are expected to adhere to a set of “Expected Practices” Will operate their PKI using processes that are at least as strong as how they manage accounts for email and calendaring Campuses may issue certificates to anyone affiliated with their institution – the campus definition of affiliation applies

6 6 Expected Practices  The campus will actively maintain all services that are implied in their certificates, e.g., CRLs Policy and practices if Policy OID is present  Campuses will not join USHER if they can not or will not meet the expected practices  Expected practices are still being finalized

7 7 CA/RA Process  Signed Participation Agreement Signed by a campus official authorized to commit the university Designates the operational campus entity A strong process similar to the one that was used by CREN is used to validate the campus operator and establish a secure communications channel The campus generates a request which is then signed by the USHER CA

8 8 USHER: Some Q&A  Can a campus have multiple USHER CAs? Yes, and some may do this for organizational reasons Also, one campus USHER CA can issue an Authority Certificate to another as long this is consistent with existing campus ID management practices  Eligibility US Higher Education Institutions Other entities sponsored by a US Higher Education member

9 9 USHER: Some Q&A  What is the minimum LOA that a relying party can assume? A campus official designated a campus organization to operate the USHER CA USHER used a strong process to validate the organization and establish a secure communications channel The USHER CA signs campus authority certificates using a strong technical process

10 10 PKI and USHER/HEBCA  (How) do all of these PKI pieces fit together? USHER – US Higher Education Root CA HEBCA – Higher Education Bridge CA Campus Certification Authorities EDUCAUSE contract for outsourced certificates  What should a campus be doing?  Where’s the glue?

11 11 A Higher-level View of Inter-organizational Trust FBCA HEBCA SAFE Commercial Others Campus CA Educause Verisign CA USHER CA Campus CA Campus Users

12 12  Thank you  Questions/Discussion

Download ppt "1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia."

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed June 2005.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.

US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google