1 / 8

John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec

John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec. Issuing Digital Credentials. Relying upon our current Kerberos implementation Attributes stored depend upon certificate type: Affiliate Certificate:

masako
Télécharger la présentation

John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec

  2. Issuing Digital Credentials • Relying upon our current Kerberos implementation • Attributes stored depend upon certificate type: • Affiliate Certificate: • No user information stored other than a CA generated CN. • Identity Certificate: • CN, userid, OU, O, L, SP, C • Not in widespread use (still in development stage other than GTRI) relying on IP based access control.

  3. Institute Repositories • Campus wide data warehouse (Oracle) retrieves data from Banner and PeopleSoft • LDAP directory fed from data warehouse • PH directory fed from Kerberos database • Pilot Active Directory fed from data warehouse.

  4. Current Repository Applications • VPN use authorization via LDAP • Phonebook (LDAP, Ph) • Campus DHCP Registration • Bulk mailing list generation • WebCT

  5. Initial Uses Web site auth (GTRI/OIT) Server certificates Network services auth (LAWN) Future Development Digital Signatures Encryption Certificate Usage

  6. PKI Deployment • The initial groups for certificate use will be GTRI, library, and CBT users. • Utilizing GT developed CA software (PERL, MySQL, OpenSSL, Apache) running on a Sun Ultra 2 (Solaris 8)

  7. Content Providers • Access currently limited by IP address range. • Developed a CheckPoint VPN solution as an interim solution.

  8. Are We Ready? • The Certificate Authority software (“Papyrus”) is ready to distribute certificates. • Documentation is available, but does not cover everything. • Browser support is often times unreliable. • User education will be greatest challenge.

More Related