Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

Published byJovani Shield Modified over 10 years ago

Similar presentations

Presentation on theme: "May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC."— Presentation transcript:

1 May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC

2 May 06, 2002 Panel Intro to PKI- Lite –Judith Boettcher, CREN Minnesota story –Frank Grewe Columbia –Vace Kundacki –Alan Crosswell

3 May 06, 2002 What is PKI-Lite? PKI-Lite Full-featured PKI technology deployed with existing campus standards for identification and authentication (I&A) and security

4 May 06, 2002 Is PKI-Lite Real? Developed by the HEPKI-TAG and HEPKI-PAG groups and it is under review and implementation Why did PKI-Lite evolve?

5 Policy Swamp - for 18 months PKI-Lite Environment - At last!

6 May 06, 2002 PKI-Lite Trust Environment - What is it? Trust Documents –Certificate policy –Certificate practice statement –Certificate profiles for institutional and end- entity certificates (x.509 v3, IETF) –Relying party statement for content providers, publishers, etc Existing Campus Registration Authority –Registrar, HR Certification Authority –IT dept with systems and software

7 May 06, 2002 PKI-Lite Technology Environment - What is it? Good enough to move forward Provides Level of Assurance (LOA) –Rudimentary for client certificates –Basic/ Medium for Campus Certificates

8 May 06, 2002 PKI-Lite Environment Available now –Combined PKI-Lite Certificate Policy and Certification Practices Statement Template middleware.internet2.edu/hepki-tag/pki-lite/pki-lite- policy-practices.htm –Certificate Profiles For Campus CA and for End-Entity/client certificates PKI-Lite CP/CPS is being sent to various higher education groups for review –Reviewed by two content providers in late 2001 Request to keep certificates validity period to maximum of 12.5 months

9 May 06, 2002 The CREN CA at MIT SafeKeyper HSM Box with the CREN CA This box signs Certificate Signing Requests (CSRs)

10 May 06, 2002 Five Types of Certificates - Its easy to get confused! Root Certificates –Self-signed certs (Authenticate themselves) Institutional Certificates –Also called campus certs Organizational Certificates –Also called department certs, association certs Web server certificates –Also called server-side certs End-Entity Certificates –Also called end-user certs, client certs, individual certs, personal certs, or entity certs –Client certs.. Different ones for signing email and encrypting email, web authentication

11 May 06, 2002 What Do Individuals Use Certificates for? Authenticating oneself to server Signing email –The same certificate can be used for these two purposes of signing email and authenticating oneself to server Encrypting email –Individuals will designate one specific certificate for encrypting email

12 May 06, 2002 CREN Certificate Services for Higher Education Hierarchy of Institutional Certificates –CREN CA Certificates –Operational since 11/99 Web server certificates CREN.net CA for client certificates –CREN.Net CA for staff, members and pilot projects –Potentially for individuals at campuses without CAs who must meet federal mandates

13 May 06, 2002 What are Higher Ed Organizations Doing? HEPKI-TAG (Internet2, CREN, Educause) –Higher Education PKI - Technical Advisory Group –Developing the PKI -Lite environment –Now doing some pilot testing with S/MIME HEPKI-PAG (Internet2, CREN, Educause) –Higher Education PKI - Policy Advisory Group –Developing the PKI -Lite environment Internet2 –Leading the Middleware initiative, including Shibboleth Project –Check out www.internet2.edu/middleware EDUCAUSE –Leading the Higher Ed Bridge CA

14 May 06, 2002 Who is Doing or Planning PKI Use on Campus? Two major classes of applications –Web-based applications –Electronic Mail (S/MIME) –Plus authentication for network access, such as VPN and wireless Campuses that are working with PKI MITGeorgia Tech PrincetonU of Virginia CornellU of Wisconsin U of MNU of Alabama U of MassColumbia Penn StateU of Tennessee Source: J.Jokl/HEPKI-TAG

15 May 06, 2002 Examples of Web-Based Apps and Electronic Mail Authentication Business services Access to class materials Access to remote databases HR self service Telecom requests Electronic mail (S/MIME) general individual use submission of service orders submission of timesheets, travel reports More detail is at... www.cren.net/crenca/icertpages/why.html middleware.internet2.edu/hepki-tag/TAG-PKI-Apps3.xls Source: J.Jokl/HEPKI-TAG

16 On to Campus Stories… Frank and Vace and Alan

17 May 06, 2002 PKI-Lite Environment Standard PKI-Lite Cert Profiles –Certificate Profile for Root Certificates –middleware.internet2.edu/hepki-tag/pki-lite/hepki- tag-pkilite-root-profile-2.html –Certificate Profile for End-entity Certificates –middleware.internet2.edu/hepki-tag/pki-lite/hepki- tag-pkilite-profile-6.html –These profiles come with implementor notes discussing extensions and fields to be filled out at campus level CA

Download ppt "May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC."

Similar presentations

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.
PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
PKI: A High Level View from the Trenches Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado.

PKI: A High Level View from the Trenches Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado.
Higher Ed Certificate Authority by CREN October 12, 2000 TERENA Meeting/Paris.

Higher Ed Certificate Authority by CREN October 12, 2000 TERENA Meeting/Paris.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.

CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

Similar presentations

Ads by Google