Presentation is loading. Please wait.

Presentation is loading. Please wait.

The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health.

Published byKerry Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health."— Presentation transcript:

1 The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health

2 The Federal Bridge CA is Now the Federal PKI Architecture (SuperSize Me) Components include: Components include: –US Federal Bridge CA –Common Policy Framework CA –E-Authentication CA –Citizen and Commerce Class CA

3

4 Key Points Main connection between US Federal PKI and external PKIs (including other Bridges) continues to be the Federal Bridge CA. Main connection between US Federal PKI and external PKIs (including other Bridges) continues to be the Federal Bridge CA. Common Policy Framework CA issues cross- certificates to SSP primary CAs. Common Policy Framework CA issues cross- certificates to SSP primary CAs. Common Policy Framework CA cross-certified with FBCA Common Policy Framework CA cross-certified with FBCA E-Authentication CA - Two other CAs service E- Authentication levels one and two CSP SSL/TLS server cert issuance E-Authentication CA - Two other CAs service E- Authentication levels one and two CSP SSL/TLS server cert issuance C4 CA services alternative PKIs (ultra lights) C4 CA services alternative PKIs (ultra lights)

5 Cross-Certified with the US FBCA Department of Defense (one way) Department of Defense (one way) DOD Key Management Infrastructure DOD Key Management Infrastructure NASA NASA USDA/National Finance Center USDA/National Finance Center Treasury Treasury State State Energy Energy Labor Labor State of Illinois State of Illinois DST/Identrus ACES (and HHS) DST/Identrus ACES (and HHS) ORC ACES ORC ACES

6 Pending/In Process U.S. Patent and Trade U.S. Patent and Trade Wells Fargo Bank / Identrus Wells Fargo Bank / Identrus Government of Canada Government of Canada Boeing Boeing HEBCA HEBCA Government of Australia Government of Australia UK Ministry of Defence UK Ministry of Defence

7 Approved Shared Service Providers VeriSign VeriSign CyberTrust CyberTrust National Finance Center/USDA National Finance Center/USDA Others pending Others pending

8 Other Bridges Emerging: A Global Trust Infrastructure Aerospace Industry (CertiPath) Aerospace Industry (CertiPath) Pharmaceutical Industry (SAFE)\ Pharmaceutical Industry (SAFE)\ Unofficially, and really not a bridge, but might as well be: Crimson Logic Pacific Rim Import/Export Application (9 economies) Unofficially, and really not a bridge, but might as well be: Crimson Logic Pacific Rim Import/Export Application (9 economies)

9 And Now A Graphic Showing how the Federal PKI fits into the overall U.S. E-Authentication Architecture -  Showing how the Federal PKI fits into the overall U.S. E-Authentication Architecture - 

10 FBCA Certification Authority Two way Cross-certified (FBCA High & FBCA Medium) Agencies (Legacy Agency CA policy) States Foreign Entities Citizen & Commerce Class Common (C4) Certificate Policy -certified Wells FargoAOLPEPCO Private Sector FPKI Common Policy Framework (FCPF) Certificate Policy C4 Policy Certification Authority (Included in browser list ofCAs) FCPF Policy Certification Authority (Trust anchor for Common FPKI Policy hierarchical PKI subscribers) E-Governance Certification Authority (Mutual authentication of SAML/SSL Certificates only) Qualified Shared Service Provider USDA/NCF Verisign DST Two way Cross-certified One way Cross - certified Federal PKI Assurance Level 1 Assurance Level 2 E-Governance Certificate Policy Other BridgeCAs ACES New Agency Optionally Two Way Cross - certified Two Way Cross Federal PKI The US Federal PKI & The E-Authentication Federated Approach Note: Red lines indicate technical areas to resolve. Working Groups are formed to address these areas by 1 st week of March 2004. T w o w a y C r o s s - c e r t i f i e d XKMS OCSP CAM SOAP Others ©p©p Step #1: User goes to Portal to select the AA and ECP Portal Step #3: The user authenticates to the AA directly using SSL or TLS. Figure : FPKI Validation Service AA CA 1 Community 1 CA 4 CA 4bCA 4a CA 2 Community 2 Bridge CA 3 Community 3 FPKI Step #4: The AA uses the validation service to validate the certificate Step #2: The user is passed directly to the AA eAuth Trust List FBCA Certificate Policy

11 Other Federal/Higher Ed Initiatives, or Places We Meet: (In Hoc Signo Vinces) NIH-EDUCAUSE PKI Interoperability Project, Phase 4 NIH-EDUCAUSE PKI Interoperability Project, Phase 4 E-Authentication-Shibboleth Interoperability Initiative E-Authentication-Shibboleth Interoperability Initiative E-Authentication Partnership E-Authentication Partnership International Collaborative Identity Management Forum (ICIDM) International Collaborative Identity Management Forum (ICIDM)

12 Issues Being Pursued Actively Path Discovery / Path Validation Path Discovery / Path Validation –CAM works Bridge-Bridge Interoperability Procedures, including Bridge Operations Issues – Citizenship, etc. Bridge-Bridge Interoperability Procedures, including Bridge Operations Issues – Citizenship, etc. FIPS 201 and HSPD-12 FIPS 201 and HSPD-12

13 Path Discovery / Path Validation CAM 4 RC7 Ready for Prime Time and Configurable to map LOA CAM 4 RC7 Ready for Prime Time and Configurable to map LOA CAM 4 RC8 due January, 2005 (GUI interface for configuration) CAM 4 RC8 due January, 2005 (GUI interface for configuration) Validation Service/Tool Requirements Document about ready for release Validation Service/Tool Requirements Document about ready for release No COTS service/tool yet a reality No COTS service/tool yet a reality Betting on SCVP for next generation validation checking protocol. Betting on SCVP for next generation validation checking protocol.

14 Bridge-to-Bridge Interoperability Policy and Procedures – FPKI Policy Authority Leads the Pack Policy and Procedures – FPKI Policy Authority Leads the Pack Technical Implementation Issues – Architecture and Trust Technical Implementation Issues – Architecture and Trust Politics and Money Politics and Money Current sticking point is citizenship requirements for trusted operators Current sticking point is citizenship requirements for trusted operators

15 HSPD-12, The Black Hole: Background Requires NIST to promulgate technical and procedural standards for electronic identity authentication for Feds and contractors (PIV = Personal Identity Verification) Requires NIST to promulgate technical and procedural standards for electronic identity authentication for Feds and contractors (PIV = Personal Identity Verification) Encompasses physical and logical access to government resources Encompasses physical and logical access to government resources Ultra short timeframe: Standards done in Spring, Agency implementation plans due late June, Agency implementation begins October. Ultra short timeframe: Standards done in Spring, Agency implementation plans due late June, Agency implementation begins October. Means Medium Assurance Digital Certificates on SmartCards, but next generation crypto being pushed. Means Medium Assurance Digital Certificates on SmartCards, but next generation crypto being pushed.

16 HSPD-12, The Black Hole: Status Current action is with three documents: FIPS 201, SP 800-73 and the Implementation Guide Current action is with three documents: FIPS 201, SP 800-73 and the Implementation Guide Current Draft of FIPS 201 being heavily revised, final version due mid-February Current Draft of FIPS 201 being heavily revised, final version due mid-February Revision to SP 800-73 (Smart Card Standards) under way, IAB hard at work revising to accommodate industry input, due late January Revision to SP 800-73 (Smart Card Standards) under way, IAB hard at work revising to accommodate industry input, due late January Implementation in two phases to accommodate installed base and vendor community Implementation in two phases to accommodate installed base and vendor community WILL AFFECT EVERYONE WILL AFFECT EVERYONE

17 Reminder: PKI R&D Workshop April 19 – 21, 2005 April 19 – 21, 2005 NIST Gaithersburg, MD NIST Gaithersburg, MD www.middleware.internet2.edu/pki05 www.middleware.internet2.edu/pki05 www.middleware.internet2.edu/pki05 This year, the workshop has a particular interest in how emergent trust mechanisms will interact with each other at technical, policy and user levels. This year, the workshop has a particular interest in how emergent trust mechanisms will interact with each other at technical, policy and user levels.

Download ppt "The U.S. Federal PKI, 2004: Report to EDUCAUSE Peter Alterman, Ph.D. Assistant CIO for E-Authentication National Institutes of Health."

Similar presentations

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council 202-622-1552.

The U.S. Federal PKI Richard Guida, P.E. Chair, Federal PKI Steering Committee Chief Information Officers Council
Ongoing Efforts to Build The US Federal PKI Bridge

Ongoing Efforts to Build The US Federal PKI Bridge
Stanley J. Choffrey (202) 708-7943 The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.

Stanley J. Choffrey (202) The Federal Bridge Certification Authority Evolving Issues in Electronic Data Collection January.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.

The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA’s PKI Migration to Treasury 13th Fed-Ed Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA’s PKI Migration to Treasury 13th Fed-Ed Meeting 15 June ‘06 Presenter: Tice DeYoung.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.

HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,

Federal Electronic Identity Initiatives – Current Status Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO for E-Authentication,
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Similar presentations

Ads by Google