Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.

Published bySimon Burke Modified over 8 years ago

Similar presentations

Presentation on theme: "PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update."— Presentation transcript:

1 PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update (David Wasley, UCOP) 2:20 pm edt - FBCA and NIH Pilot Update (Peter Alterman, NIH) 2:40 pm edt - Discussion 3:00 pm Break 3:15 pm edt - Sean Smith, Dartmouth PKI Lab 3:30 pm edt - Keith Hazelton, Wisconsin PKI Lab 3:45 pm - Discussion

2 Some general comments There are campus and corporate successes Corporations use internally for VPN, some authentication, signed email (with homogenous client base) MIT, UT medical, soon VA, UCOP Key is limited application use, lightweight policy approaches There is very limited interrealm, community of interest or general interoperable work going on Federal efforts Healthkey Higher Ed Some European miches

3 Why X.509/PKI? Single infrastructure to provide all security services Established technology standards, though little operational experience Elegant technical underpinnings Serves dozens of purposes - authentication, authorization, object encryption, digital signatures, communications channel encryption Low cost in mass numbers

4 Why Not X.509/PKI? High legal barriers Lack of mobility support Challenging user interfaces, especially with regard to privacy and scaling Persistent technical incompatibilities Overall complexity

5 D. Wasley’s PKI Puzzle

6 The Four Planes of PKI on the road to general purpose interrealm PKI the planes represent different levels of simplification from the dream of a full interrealm, intercommunity multipurpose PKI simplifications in policies, technologies, applications, scope each plane provides experience and value

7 The Four Planes are Full interrealm PKI - (Boeing 777) - multipurpose, spanning broad and multiple communities, bridges to unite hierarchies, unfathomed directory issues Simple interrealm PKI - (Regional jets) - multipurpose within a community, operating under standard policies and structured hierarchical directory services PKI-light - (Corporate jets) - containing all the key components of a PKI, but many in simplified form; may be for a limited set of applications; can be extended within selected communities PKI-ultralight (Ultralights) - easiest to construct and useful conveyance; ignores parts of PKI and not for use external to the institution; learn how to fly, but not a plane...

8 Examples of Areas of Simplification Spectrum of Assurance Levels Signature Algorithms Permitted Range of Applications Enabled Revocation Requirements and Approaches Subject Naming Requirements Treatment of Mobility...

9 PKI-Light example (HEPKI) CP: Wasley, etal. Draft HE CP stubbed to basic/rudimentary CRL: ? Applications: (Signed email) Mobility: Password enabled Signing: md5RSA Thumbprint: sha1 Naming: dc Directory Services needed: Inetorgperson

10 PKI-Light example (Texas- Houston) CP: Verisign CRL: Verisign Applications: authentication Mobility: USB dongl;e Signing: md5RSA Thumbprint: sha1 Naming: X>500 Directory Services needed: I? Deployment: 5,000 medical students

11 PKI-Ultralight (MIT) CP: none CRL: limit lifetime Applications: Internal web authentication Mobility: one per system; also password enabled Signing: md5RSA Thumbprint: sha1 Naming: X,500 Directory Services needed: none Deployment: approximately 350,000 over five years

12 Healthkey snippets Organizational commitment to pilot is difficult without more senior level support. Have had significant staff turnover. Biggest concern is impact of system on users ("non-transparency). Given lessons learned, will be investigating "encryption at the border and organizational certificates" rather than encryption and certificates at the desktop.

13 Healthkey snippets · Managing individual digital certificates can be expensive · Digital certificates on the desk top can be vulnerable · Organizations can lose some control with individual certificates · Organizations may not want to accept pre-issued certificates · Checking for revoked certificates puts a burden on e- mail correspondents · Current implementations of digital certificates are not transparent to e-mail users · Vendor contracts do not support community initiatives

14 Interesting recent developments Microsoft bundled root program RSA buys Securant...

Download ppt "PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update."

Similar presentations

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.

NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.

NIH – EDUCAUSE PKI Interoperability Pilot Update Peter Alterman, Ph.D. Director of Operations, Office of Extramural Research, NIH and Senior Advisor to.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,

Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee Michèle Rubenstein Department of the Treasury,
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.

PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google