Presentation is loading. Please wait.

Presentation is loading. Please wait.

A community-based CA: The (slow) rise of the house of Usher (The CA former known as CREN)

Published byLauren Francis Modified over 8 years ago

Similar presentations

Presentation on theme: "A community-based CA: The (slow) rise of the house of Usher (The CA former known as CREN)"— Presentation transcript:

1 A community-based CA: The (slow) rise of the house of Usher (The CA former known as CREN)

2 The CA formerly known as CREN  Lots of discussion for a looong time – HEPKI- TAG, HEBCA-BID, PKI Labs  Plan is finally emerging A few related certificate services –USHER - Level 1 - soon –USHER – Level 2 - start detailed planning for implementation USHER CP –Others if warranted, eventually –All operate on high levels of assurance in I/A of the institution, and in their internal operation at both Internet2 and subcontractors –Place varying degrees of pain, and power, to the institutions Helping on a packaging of open-source low-cost CA servers Work with EDUCAUSE on their related initiatives

3 Usher-Level 1  Modeled after Federal Citizen and Commerce CP/CPS (www.cio.gov/fpkipa/documents/citizen_commerce_cpv1.pdf)www.cio.gov/fpkipa/documents/citizen_commerce_cpv1.pdf  Issues only institutional certs  Those certs can be used for any purposes  CP will place few constraints on campus operations User identification and key management Campus CA/RA activities  Will be operated itself at high levels of confidence  Will recommend a profile for campus use  Good for building local expertise, insuring some consistency in approaches among campuses, and may be suitable for many campus needs and some inter-campus uses  Will not work for signing federal grants, etc…  Operational soon

4 Usher - Level 2  Modeled after FBCA Basic level CP  Issues only institutional certs  Those certs can be used for most purposes  CP will place more constraints on campus operations User identification and key management Campus CA/RA activities  Will be operated itself at high levels of confidence  Will recommend a profile for campus use  Good for many campus needs, many inter-campus uses, and many workings with the federal government  Will peer at the HEBCA  Detailed planning now starting; stand up sometime mid-next year

5 Interesting and Open Issues…  Policy Authority for USHER? Conservation of policy groups HEBCA PA? InCommon-Exec?  Final pricing and packaging Working numbers <$2K first year, <$1K renewal Includes strong institutional I/A, strong USHER operations Leverages InCommon operations  Applications and use

6 Interesting and Open Issues 2  Cost for Usher to peer at bridges  Ability to put Usher into various browsers  Relation to InCommon Distinguishing one from the other –To applications –To users Leveraging one with the other

7 +/- of Usher  Pluses Pricing and lack of usage constraints on campus roots Strong institutional I/A – external and for subdomains Community-consistent ???  Negatives Not easily in browsers Uncharted peering with feds, commercials, etc Places more emphasis on running your own campus CA. ??

8 Early version HEBCA FBCA USHER-Level 2 USHER -Level 1

9 Caveats  Progress has been very slow  On the other hand, good progress is being made with InCommon and much of that can be highly leveraged, at least operationally  HIPAA interpretations and priorities vary dramatically across campuses.  Terena has begun to set up a registry of national R&E CA’s root. It is not clear what leverage that offers.

Download ppt "A community-based CA: The (slow) rise of the house of Usher (The CA former known as CREN)"

Similar presentations

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Higher Ed Certificate Authority by CREN October 12, 2000 TERENA Meeting/Paris.

Higher Ed Certificate Authority by CREN October 12, 2000 TERENA Meeting/Paris.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
Got Directory? January 28, 2004 TIP2004. 2015-06-01 2 metadirectory enterprise directory database departmental directories OS directories (MS, Novell,

Got Directory? January 28, 2004 TIP metadirectory enterprise directory database departmental directories OS directories (MS, Novell,
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.

US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
PKI: Glue of Middleware Michael R Gettes, Duke University EuroCAMP March, 2005 Michael R Gettes, Duke University EuroCAMP March, 2005.

PKI: Glue of Middleware Michael R Gettes, Duke University EuroCAMP March, 2005 Michael R Gettes, Duke University EuroCAMP March, 2005.
The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.

The 4BF The Four Bridges Forum Higher Education Bridge Certificate Authority.
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.

PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress Fed/Ed December 2004.
Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.

Higher Education Bridge Certificate Authority (HEBCA) Project Progress July 2004 Dartmouth PKI Summit.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl

1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Similar presentations

Ads by Google