1 / 11

Addressing Technical Challenges in Deploying PKI on Campuses: Insights from PKI Summit 2004

This document highlights the critical technical issues faced in deploying Public Key Infrastructure (PKI) across campuses, as discussed at the PKI Summit in August 2004. It delves into various aspects, including determining PKI scope, implementing mutual authentication for web services, enabling legacy applications, and the challenges of user authentication. It also covers the need for consistent certificate profiles, validation methods, and the differences in PKI approaches between the US and Europe. The insights aim to guide educational institutions in overcoming deployment hurdles.

dessa
Télécharger la présentation

Addressing Technical Challenges in Deploying PKI on Campuses: Insights from PKI Summit 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technical Issues to Deploying PKI on Campuses PKI Summit August 2004

  2. Technical Issues • Determining the scope of the PKI within a Campus and/or Campuses • What is easy to implement and provides a broad acceptance? • Mutual authenticated Web Services

  3. Technical Issues • PKE • Enabling Legacy Applications • Its difficult to do • How do you Authenticate Users to these applications • Proxy Authentication via Web Server then how do you map that to authorizations to these apps. • New Applications and COTs based PKI Libraries • Do they support PKI the way I need it. • Validation through (CRLS, OCSP, SCVP, XKMS, Bridge aware) • CML (Digitalnet), IAIK Java tools, Peter Guttmans PKI, Suns PKI libs

  4. Technical Issues • Consistent Certificate Profiles • Are the certificates being manufactured in a manor that enable Maximum Interoperability? • http://www.cio.gov/ficc/documents/CertCRLprofileForCP.pdf • http://www.cio.gov/ficc/documents/SSPrepositoryRqmts.pdf

  5. Technical Issues • Consistent Processing of Certificates and Extensions • Validation Methods • Discovery of Paths and Validation of Paths • Standards are to flexible there are to many options. • Europeans are doing things differently than the US.

  6. Betrusted Shared Service Provider (SSP)

  7. What is it in a nutshell? • A pre-qualified PKI services for Federal Agencies • Issue certificates to Federal Employees and Affiliated personnel • Hierarchical PKI signed by a Federal Root which is cross-certified to the FBCA. • All vendors must comply with the Federal Common Policy

  8. So Betrusted is interested in providing a Higher Ed Solution • I will be looking talk with Edu-Cause about Betrusted providing PKI pricing based on a variant of our SSP.

More Related