Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl."— Presentation transcript:

1 PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl

2 University of Virginia PKI Project Goal –Enable PKI support for a range of applications Deploy two campus CAs –Standard Assurance CA Based on the PKI-Lite Policy and Practices document Uses CREN root – will migrate to USHER –High Assurance CA Based on the Higher Education Certificate Policy Expect to cross-certify this CA via HEBCA

3 UVa Standard Assurance CA (PKI-lite) Focus: new applications & ease of use Designed to support many common applications –Web authentication –VPN authentication –S/MIME: signed and encrypted email –SSL server certificates –EAP/TLS for wireless access control –Grid authentication

4 UVa Standard Assurance CA (PKI-Lite) Uses existing account information to validate user request Computing ID, password, and some some database info checked Simple subscriber agreementsubscriber agreement

5 UVa Standard Assurance CA (PKI-Lite) Simple user interface –Internet Explorer or Netscape –Fill in ID check form –Key pair automatically generated, certificate issued, and the whole certificate chain is installed –Supports hardware tokens for mobility if desired –Certificate validity period Students – until the next September Faculty and staff – one year Others – through the end of the current semester

6 UVa Standard Assurance CA (PKI-Lite) Other Design Decisions Certificate Revocation List (CRL) support –Yes/no, partitioning, LDAP/HTTP Privacy and FERPA Key Usage settings –S/MIME & key escrow question Directory integration –Users often obtain multiple certificates –Preferred certificate

7 Applications Cisco VPN services –UVa-Anywhere remote access VPN –“More Secure” network VPN Uses LDAP authorization to prevent student access Wireless authentication migration –LEAP supported now for secure wireless –Adding EAP-TLS VLAN as quickly as possible –Eventually phase out LEAP and its account management

8 Applications S/MIME –Client support now available in our main clients Mulberry 3.1 Communigate Pro webmail –Integration with our anti-spam solution –Considering sending signed official announcements

9 UVa High Assurance CA Focus on applications needing higher assurance levels using 2-factor authentication –SSH authentication for sysadmins of critical systems –VPN authentication for access to special purpose networks (ERP, HIPAA, etc) –Web authentication –Windows 2000/XP authentication? –Digital signatures?

10 UVa High Assurance CA Two-step Registration Authority (RA) Process –In-person photo identification check –Web form and dbase validation protects against a RA Mostly off-line CA Hardware for CA private key protection Hardware token use required –2-factor authentication –Strong private key protection –Enables easy mobility –Provides idle use timeout

11 VPN PKI 2-factor Authentication with LDAP Authorization VPN Concentrators Firewall LDAP AuthZ Servers Oracle ERP S1 S2 S3 Sn Hospital Net INOUT Main Campus Network OUT IN

12

13 High Assurance Applications 2-factor SSH authentication for ERP System Admins and DBAs HiPAA access VPN Service Departmental network admin delegation Internal management applications Future –ERP users with direct database access –Windows domain authentication? –Digital signatures –HEBCA applications

Download ppt "PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl."

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Network Authentication with PKI EDUCAUSE/Dartmouth PKI Summit July 27, 2005 Jim Jokl University of Virginia.

1 Network Authentication with PKI EDUCAUSE/Dartmouth PKI Summit July 27, 2005 Jim Jokl University of Virginia.
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,

INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
1 NMI Testbed Activities at Virginia SURA NMI Testbed Workshop October 1, 2004 Jim Jokl

1 NMI Testbed Activities at Virginia SURA NMI Testbed Workshop October 1, 2004 Jim Jokl
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.

The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.
Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.

Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google