1 / 13

OASIS PKI Adoption TC Objectives and Case Studies

This article discusses the objectives and case studies of the OASIS PKI Adoption TC, focusing on the resurgent and embedded nature of PKI, identity plurality, obstacles faced, and deliverables of the TC.

rays
Télécharger la présentation

OASIS PKI Adoption TC Objectives and Case Studies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.oasis-open.org The OASIS PKI Adoption TC Objectives and Case Studies Burton Group Catalyst Meeting Barcelona, Spain 22 October 2007June Leung OASIS PKI Adoption TC

  2. The PKI environment c. 2006 • PKI is resurgent • Embedded PKI is commonplace • We’re all in the midst of a paradigm shift to identity plurality • Digital Certificates can be about relationships as well as (or instead of) personal identity • Successful PKI has always been application specific, not general purpose

  3. Resurgent, embedded PKI • Closed (vertical) schemes • US PIV, Identrus, ICAO e-passports, CableLabs, Skype, BankID (Sweden) • Health smartcards • France, Germany, Taiwan, Italy, Austria, Australia … • Digital Credentials • US Patent Office, France, Taiwan, Australia …

  4. Identity plurality • “Identity 2.0” (archetype: Cardspace) • Too soon to tell precise outcomes • But it’s a progressive re-think of identity, context, privacy, control etc. • Fundamental concept is plurality of identities. • Stephen Kent’s critique: “For big CAs, there is an implicit assumption that a single certificate is all that a user should need. This assumes that one identity is sufficient for all applications, which contradicts experience”

  5. The top five obstacles According to OASIS Surveys 1 & 2: 1. Software applications don’t support PKI 2. Costs too high 3. PKI poorly understood 4. Too much focus on technology (not need) 5. Poor interoperability

  6. PKIA TC: Fresh objectives • Continue to overcome obstacles with targeted practical initiativesthat improve understanding of PKI • Disseminate case studies • Develop position papers that de-mystify legal, governance and interoperability issues and modernise the PKI message so it reflects real needs • Liaise more closely with other OASIS efforts, esp. under the umbrella of the new IDtrust Member Section

  7. Case studies & TC deliverables

  8. Embedded PKI application:Device authentication schemes Some of the oldest, most successful PKIs are for device authentication: • GSM cell phone SIM cards • SSL server certificates • IPsec VPN devices • CableLabs PKI for Cable TV set-top boxes www.cablelabs.com/certqual/security

  9. Embedded PKI application:Skype • Each Skype subscriber receives a digital certificate embedded in Skype install • “Zero User Interface” (ZUI) principle; i.e. Subscriber unaware of their certificate! • http://share.skype.com/sites/security

  10. Embedded PKI application:Medicos’ smartcards • France (500,000 doctors) • Rolling out 40 million PKI smartcardsfor patients, for secure e-health • Taiwan (300,000 doctors) • Australia (10,000 doctors) • wide range of PKI enabled govt lodgments • electronic prescribing in development • certificates represent doctor’s qualifications • planning “wholesale” supply of certs to hospitals etc. • see www.hesa.gov.au

  11. Vertical PKI application:University sector national PKI • “Australian Access Federation” • an infrastructure to facilitate trusted communications and collaboration within and between higher education and research institutions both locally and internationally … in line with the objective of providing researchers with access to an environment necessary to support world-class research • Working with Shibboleth (single sign on) and inter-national grid computing • See www.hesa.gov.au

  12. PKIA TC Policy Initiative:New legal view points in PKI • Objective to de-mystify traditionally complex or confusing aspects of PKI • e.g. “Security Printer Model” • Conceptualizes backend CA as ‘minting’ certificates on order from RA, like printing cheques • Decouples CA from policy and from user liability • When someone writes a bad cheque, nobody sues the cheque printer! • See http://tinyurl.com/2g4q4d • Aim to complete one or more papers late CY07

  13. www.oasis-open.org OASIS PKI Technical Committeewww.oasis-open.org/committees/pkiStephen Wilson swilson@lockstep.com.au0414 488851

More Related