Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Ten Years Ago… on a cold dark night”

Published byCaroline Petersen Modified over 4 years ago

Similar presentations

Presentation on theme: "“Ten Years Ago… on a cold dark night”"— Presentation transcript:

1 “Ten Years Ago… on a cold dark night”

2 Welcome Acknowledgments and thanks Security Acronymny: then and now
What’s working What’s proving hard

3 Acknowledgments NIH and NIST – Peter Alterman, Tim Polk and Bill Burr
NSF – Early Adopters and NSF Middleware Initiative Internet2 Membership PKI Labs, PKI Advisory Board, Neal McBurnett Program Committee and Sean Smith

4 Security Acronymny circa 1998
PKI X.500 X.509 CRL RSA PGP

5 Security Acronymny circa 2002
PKI X.500 X.509 CRL OCSP LDAP RSA PGP XKMS SPKI GXA Liberty Magic Carpet SAML Shibboleth XML HEBCA FBCA

6 Security Acronymny circa 2002
E-authentication OGSA GSS E-SIGN E-LOCK ACES CAM DAVE

7 Observations I was really ignorant in 1998 This is proving really hard
There are a lot more approaches, if only because there are lots more needs Partitioning the problem space may be better than the unified solution

8 What’s working At the core, the math of PKI remains extremely elegant
The standards, protocols and processes of PKI are open PKI attracts really smart people

9 What’s proving hard Scaling: virtual organizations, federations, bridged hierarchies Trust: collaborative versus legal Integrating security and privacy Mechanics: mobility, archiving, key escrow, identity Authorization: role based versus atomic rights Reconciling humans and lawyers

10 Interrealm Trust Structures
Federated administration basic bilateral (origins and targets in web services) complex bilateral (videoconferencing with external MCU’s, digital rights management with external rights holders) multilateral Hierarchies may assert stronger or more formal trust requires bridges and policy mappings to connect hierarchies appear larger scale Virtual organizations Grids, digital library consortiums, Internet2 VideoCommons, etc. Share real resources among a sparse set of users Requirements for authentication and authorization, resource discovery, etc need to leverage federated and hierarchical infrastructures.

11 The Continuum of Trust Collaborative trust at one end…
can I videoconference with you? you can look at my calendar You can join this computer science workgroup and edit this computing code Students in course Physics Brown can access this on-line sensor Members of the UWash community can access this licensed resource Legal trust at the other end… Sign this document, and guarantee that what was signed was what I saw Encrypt this file and save it Identifiy yourself to this high security area

12 Dimensions of the Trust Continuum
Collaborative trust handshake consequences of breaking trust more political (ostracism, shame, etc.) fluid (additions and deletions frequent) shorter term structures tend to clubs and federations privacy issues more user-based Legal trust contractual consequences of breaking trust more financial (liabilities, fines and penalties, indemnification, etc.) more static (legal process time frames) longer term (justify the overhead) tends to hierarchies and bridges privacy issues more laws and rules

13 The Trust Continuum, Applications and their Users
Applications and their user community must decide where their requirements fit on the trust continuum Some apps can only be done at one end of the continuum, and that might suggest a particular technical approach. Many applications fit somewhere in the middle and the user communities (those that trust each other) need to select a approach that works for them.

14 Integrating Security and Privacy
Balance between weak identity, strong identity, and attribute-based access (without identity) Balance between privacy and accountability – keeping the identity known only within the security domain

15 Reconciling Humans and Lawyers
Non-repudiation has had a very high bar set… Human nature has been “refined” over a long time We tend to talk globally, think locally and act inconsistently…

16 Conference Outcomes Refine our understandings of security
Cross-pollinate PKI research Identify experiments that should be conducted

17 Why PKI? Single infrastructure to provide all security services
Established technology standards, though little operational experience Elegant technical underpinnings Serves dozens of purposes - authentication, authorization, object encryption, digital signatures, communications channel encryption Low cost in mass numbers

18 Why Not PKI? High legal barriers Lack of mobility support
Challenging user interfaces, especially with regard to privacy and scaling Persistent technical incompatibilities Overall complexity

19 D. Wasley’s PKI Puzzle

20 Federal Activities fBCA NIH Pilot ACES fPKI TWG
Others – federal S/MIME work Internet2/NIH/NIST research conference ...

21 The Industry What's the problem with PKI then? It all boils down to one thing: Complexity. Wanted: PKI Experts By Scot Petersen July 18, 2001

22 The Industry Baltimore in peril PKIforum slows down
OASIS-SAML work (XML to leaven PKI) gains buzz RSA buys Securant

23 Ten Years Forward… The issues here have become immensely important The cutting edge is being blunted by the demands of deployment It’s too important for us to be doing it…

Download ppt "“Ten Years Ago… on a cold dark night”"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.

Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.

PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.

Welcome Acknowledgments and thanks Security Acronymny: then and now What’s working What’s proving hard.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.

Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
Shibboleth and InCommon: Making Secure Collaboration a Reality Scott Cantor Internet2/MACE and The.

Shibboleth and InCommon: Making Secure Collaboration a Reality Scott Cantor Internet2/MACE and The.

Similar presentations

Ads by Google