![Page 1: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/1.jpg)
EDUCAUSE PKI Working Group
Where Are We and Where are We Going
![Page 2: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/2.jpg)
Overview
Higher Education Bridge Certification Authority (HEBCA)
HEBCA Board of Instantiation and Development (BID)
Where is “the Killer (PKI) App” Final Thoughts
![Page 3: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/3.jpg)
PKI in HE – Where Is It Today?
PKI efforts at about 3 dozen-plus HEIs Nearly all are in a test phase All are campus-focused/inwardly pointed –
few inter-realm interactions Not being implemented quickly across HE
![Page 4: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/4.jpg)
PKI in HE – Where Is It Today?
Implementation can be difficult Some home-grown installations Other HE CA’s are vendor-based e.g.,
Microsoft, Verisign, DST, enTrust, etc. No fully operational production HE Bridge EDUCAUSE sponsoring the BID
![Page 5: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/5.jpg)
Board of Instantiation and Development - the BIDMembers:
– Clair Goldsmith, Chair, University of Texas System – Gary Augustson, Pennsylvania State U– Kathryn Baerwald, Georgetown– Robert Brentrup, Dartmouth– Michael Gettes, Georgetown– Keith Hazelton, U Wisconsin– Jim Jokl, U of Virginia– Ken Klingenstein, Internet2, U Colorado– Lawrence Levine, Dartmouth– Mark Luker, EDUCAUSE– David Wasley, U California Office of the President– Steve Worona, EDUCAUSE– + Nathan Faut, support consultant
![Page 6: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/6.jpg)
PKI in HE – the BID Purpose 1: Make the HE Bridge (HEBCA)
Operational in 1 year (Sept. 2003) Purpose 2: Advise EDUCAUSE Goal 1: Promote PKI throughout HE
– Support the “PKI Killer App”– Develop PKI Services as needed
Goal 2: X-cert the HEBCA w/ the Federal PKI Bridge (FBCA)– FBCA already standing ~ 2years
• Part of eAuthentication Project
– FPKI Policy Authority and Steering Committee working w/ EDUCAUSE & BID
![Page 7: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/7.jpg)
The BID – Work Groups
Operational Bridge– Michael Gettes*, Bob Brentrup, Nathan Faut, Keith
Hazelton, Jim Jokl, Steve Worona,
Business Model– Larry Levine*, Kathryn Baerwald, Nathan Faut,
Michael Gettes, Brad Noblet, Steve Worona
Policy Management Authority– Clair Goldsmith*, Gary Augustson, Kathryn
Baerwald, Nathan Faut, Michael Gettes, Keith Hazelton, Mark Luker, David Wasley, Steve Worona
![Page 8: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/8.jpg)
PKI in HE – the BID
The BID is: Creating a Policy Authority Board to fund
and oversee the HEBCA Developing the policies, guidelines, and
documents needed to create and have HEI CA’s participate in the HEBCA
Finding ways to support the most likely PKI “Killer Apps”
![Page 9: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/9.jpg)
The BID – Deliverables
Operational Bridge Business Model Policy Management Authority
– Operational Authority– Structure of National Bridge Network
Communications and Marketing, e.g., Net@EDU, etc.
![Page 10: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/10.jpg)
Discussion Point
For what applications do you hope to use PKI – In the near-term (12-24 months)?– In the long-term (24 months-plus)?
![Page 11: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/11.jpg)
Discussion Point
What will help you justify investment in PKI?– S/MIME?– VPN access/support?– Access to remote resources (library materials,
research applications, et.al.)– Digital signature applications– Other?
![Page 12: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/12.jpg)
Discussion Point
What applications do you see would justify the existence of a HE PKI Bridge?– E-commerce (trust is important)?– E-transactions w/ Fed gov’t (accountability is
important)?– App-to-app messaging with external parties?– Other?
![Page 13: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/13.jpg)
Discussion Points
What value would you see in a sector CA?
Finally, what PKI usability issues handicap your implementation – Portability? – User interface? – Digital signatures profile? – Credentials left unlocked?
![Page 14: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/14.jpg)
The BID’s near-term focus – 2 likely “Killer Apps” Secured e-mail
– Reduce identity theft– Increase privacy– Increase use of electronic commerce at campus-
& Institutional- & national levels E-grants
– Faster, secured grant processing– Faster (e-)payments– More secured communications & fund Xfers– Federal focus is on this initiative
![Page 15: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/15.jpg)
PKI in HE – What Next?
BID is developing project timeline and goals to stand a production PKI Bridge
BID is developing a HE-focused service model to facilitate increased use of PKI at all levels of HE
![Page 16: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/16.jpg)
PKI in HE – Future Goals
Stabilize technology (w/ Fed)– LDAP with eduPerson & certs– Shibboleth– Bridge-aware Web browsing (esp. Mozilla)– Bridge-aware PKI CA vendors (e.g. Verisign,
etc.)
Support or provide a CA service for those HEIs that do not stand their own CA
![Page 17: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/17.jpg)
PKI in HE – Future Goals
Work with the NSF Middleware Initiative (NMI) to cross-promote our solutions for secured commerce and remote applications that best fit the HE sector
Through PKI, increase efficiency of grants, funding, and e-mail transactions
![Page 18: EDUCAUSE PKI Working Group Where Are We and Where are We Going](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649dd95503460f94acec69/html5/thumbnails/18.jpg)
PKI in HE – Thank you
Conclusion– Questions?– Comments?