1 / 10

The Federal PKI

Learn about the design, operation, and implications of the Federal PKI, including the Federal Bridge Certification Authority and its role in cross-certification. Understand the challenges and opportunities for higher education institutions in the PKI space.

Télécharger la présentation

The Federal PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Federal PKI Or, How to Herd Worms Peter Alterman Senior Advisor, Federal PKI Steering Committee

  2. Drivers for a Federal PKI • Statutes – GPEA & E-SIGN.. so far • Executive Orders • Private industry Alterman I2 3/9/01

  3. Fundamental Design Issues • Single Federal PKI envisioned early • Then reality set in… • Hence the Federal Bridge Certification Authority. • Requires creation of the Federal Bridge Policy Authority to manage Bridge and • Creation of the Federal Bridge Operational Authority to run the Bridge. Alterman I2 3/9/01

  4. Operating Assumptions of the Federal Bridge Certification Authority • No matter how desirable it may be, or how cost-effective, there cannot be a single Federal PKI that will pervade all Executive Agencies. • In order to finesse the above reality, divine inspiration birthed the concept of the Federal Bridge Certification Authority (FBCA). • The model for the FBCA is that of a non-hierarchical hub linking and cross-certifying participating PKIs and bridges. Alterman I2 3/9/01

  5. Elements of the Federal Bridge • Cross-Certification and Policy Mapping • Certificate arbitration (connectivity) • CRL and Directory Services Alterman I2 3/9/01

  6. How the Federal Bridge Works NIH CA IL State CA FBCA user DOE CA HEPKI BCA Others user UA-B CA user Alterman I2 3/9/01

  7. Things You Should Notice • Institutional C.A.s don’t cross-certify with the Federal Bridge CA. • Federal Bridge CA cross-certifies with Federal and State entities and with other Bridges only. • This is a new model: policy and technical issues drive the new model. • New model relies on proliferation of other bridges. Alterman I2 3/9/01

  8. Issues for the Federal Bridge • Where the production Bridge resides • Getting multiple CA products to interoperate within the Bridge • Directory operations • Performance expectations and design upgrades • $$ • Client application software • New products in the PKI space (read Microsoft) • New technology models (challenges to “traditional” PKI Alterman I2 3/9/01

  9. Implications for Higher Ed • Higher education bridge becomes a critical requirement for doing business with the Feds and maybe the States Alterman I2 3/9/01

  10. Questions for Higher Ed and the Feds • Do state institutions cross-certify with the HE bridge or State bridge/FBCA? • Can Institutions use the FBCA-HEPKICA path for non-Federal transactions? Alterman I2 3/9/01

More Related