EDUCAUSE PKI Working Group Where Are We and Where are We Going.
-
Upload
arthur-ryan -
Category
Documents
-
view
218 -
download
1
Transcript of EDUCAUSE PKI Working Group Where Are We and Where are We Going.
EDUCAUSE PKI Working Group
Where Are We and Where are We Going
Overview
Higher Education Bridge Certification Authority (HEBCA)
HEBCA Board of Instantiation and Development (BID)
Where is “the Killer (PKI) App” Final Thoughts
PKI in HE – Where Is It Today?
PKI efforts at about 3 dozen-plus HEIs Nearly all are in a test phase All are campus-focused/inwardly pointed –
few inter-realm interactions Not being implemented quickly across HE
PKI in HE – Where Is It Today?
Implementation can be difficult Some home-grown installations Other HE CA’s are vendor-based e.g.,
Microsoft, Verisign, DST, enTrust, etc. No fully operational production HE Bridge EDUCAUSE sponsoring the BID
Board of Instantiation and Development - the BIDMembers:
– Clair Goldsmith, Chair, University of Texas System – Gary Augustson, Pennsylvania State U– Kathryn Baerwald, Georgetown– Robert Brentrup, Dartmouth– Michael Gettes, Georgetown– Keith Hazelton, U Wisconsin– Jim Jokl, U of Virginia– Ken Klingenstein, Internet2, U Colorado– Lawrence Levine, Dartmouth– Mark Luker, EDUCAUSE– David Wasley, U California Office of the President– Steve Worona, EDUCAUSE– + Nathan Faut, support consultant
PKI in HE – the BID Purpose 1: Make the HE Bridge (HEBCA)
Operational in 1 year (Sept. 2003) Purpose 2: Advise EDUCAUSE Goal 1: Promote PKI throughout HE
– Support the “PKI Killer App”– Develop PKI Services as needed
Goal 2: X-cert the HEBCA w/ the Federal PKI Bridge (FBCA)– FBCA already standing ~ 2years
• Part of eAuthentication Project
– FPKI Policy Authority and Steering Committee working w/ EDUCAUSE & BID
The BID – Work Groups
Operational Bridge– Michael Gettes*, Bob Brentrup, Nathan Faut, Keith
Hazelton, Jim Jokl, Steve Worona,
Business Model– Larry Levine*, Kathryn Baerwald, Nathan Faut,
Michael Gettes, Brad Noblet, Steve Worona
Policy Management Authority– Clair Goldsmith*, Gary Augustson, Kathryn
Baerwald, Nathan Faut, Michael Gettes, Keith Hazelton, Mark Luker, David Wasley, Steve Worona
PKI in HE – the BID
The BID is: Creating a Policy Authority Board to fund
and oversee the HEBCA Developing the policies, guidelines, and
documents needed to create and have HEI CA’s participate in the HEBCA
Finding ways to support the most likely PKI “Killer Apps”
The BID – Deliverables
Operational Bridge Business Model Policy Management Authority
– Operational Authority– Structure of National Bridge Network
Communications and Marketing, e.g., Net@EDU, etc.
Discussion Point
For what applications do you hope to use PKI – In the near-term (12-24 months)?– In the long-term (24 months-plus)?
Discussion Point
What will help you justify investment in PKI?– S/MIME?– VPN access/support?– Access to remote resources (library materials,
research applications, et.al.)– Digital signature applications– Other?
Discussion Point
What applications do you see would justify the existence of a HE PKI Bridge?– E-commerce (trust is important)?– E-transactions w/ Fed gov’t (accountability is
important)?– App-to-app messaging with external parties?– Other?
Discussion Points
What value would you see in a sector CA?
Finally, what PKI usability issues handicap your implementation – Portability? – User interface? – Digital signatures profile? – Credentials left unlocked?
The BID’s near-term focus – 2 likely “Killer Apps” Secured e-mail
– Reduce identity theft– Increase privacy– Increase use of electronic commerce at campus-
& Institutional- & national levels E-grants
– Faster, secured grant processing– Faster (e-)payments– More secured communications & fund Xfers– Federal focus is on this initiative
PKI in HE – What Next?
BID is developing project timeline and goals to stand a production PKI Bridge
BID is developing a HE-focused service model to facilitate increased use of PKI at all levels of HE
PKI in HE – Future Goals
Stabilize technology (w/ Fed)– LDAP with eduPerson & certs– Shibboleth– Bridge-aware Web browsing (esp. Mozilla)– Bridge-aware PKI CA vendors (e.g. Verisign,
etc.)
Support or provide a CA service for those HEIs that do not stand their own CA
PKI in HE – Future Goals
Work with the NSF Middleware Initiative (NMI) to cross-promote our solutions for secured commerce and remote applications that best fit the HE sector
Through PKI, increase efficiency of grants, funding, and e-mail transactions
PKI in HE – Thank you
Conclusion– Questions?– Comments?