EDUCAUSE PKI Working Group

Where Are We and Where are We Going

Overview

Higher Education Bridge Certification Authority (HEBCA)

HEBCA Board of Instantiation and Development (BID)

Where is “the Killer (PKI) App” Final Thoughts

PKI in HE – Where Is It Today?

PKI efforts at about 3 dozen-plus HEIs Nearly all are in a test phase All are campus-focused/inwardly pointed –

few inter-realm interactions Not being implemented quickly across HE

PKI in HE – Where Is It Today?

Implementation can be difficult Some home-grown installations Other HE CA’s are vendor-based e.g.,

Microsoft, Verisign, DST, enTrust, etc. No fully operational production HE Bridge EDUCAUSE sponsoring the BID

Board of Instantiation and Development - the BIDMembers:

– Clair Goldsmith, Chair, University of Texas System – Gary Augustson, Pennsylvania State U– Kathryn Baerwald, Georgetown– Robert Brentrup, Dartmouth– Michael Gettes, Georgetown– Keith Hazelton, U Wisconsin– Jim Jokl, U of Virginia– Ken Klingenstein, Internet2, U Colorado– Lawrence Levine, Dartmouth– Mark Luker, EDUCAUSE– David Wasley, U California Office of the President– Steve Worona, EDUCAUSE– + Nathan Faut, support consultant

PKI in HE – the BID Purpose 1: Make the HE Bridge (HEBCA)

Operational in 1 year (Sept. 2003) Purpose 2: Advise EDUCAUSE Goal 1: Promote PKI throughout HE

– Support the “PKI Killer App”– Develop PKI Services as needed

Goal 2: X-cert the HEBCA w/ the Federal PKI Bridge (FBCA)– FBCA already standing ~ 2years

• Part of eAuthentication Project

– FPKI Policy Authority and Steering Committee working w/ EDUCAUSE & BID

The BID – Work Groups

Operational Bridge– Michael Gettes*, Bob Brentrup, Nathan Faut, Keith

Hazelton, Jim Jokl, Steve Worona,

Business Model– Larry Levine*, Kathryn Baerwald, Nathan Faut,

Michael Gettes, Brad Noblet, Steve Worona

Policy Management Authority– Clair Goldsmith*, Gary Augustson, Kathryn

Baerwald, Nathan Faut, Michael Gettes, Keith Hazelton, Mark Luker, David Wasley, Steve Worona

PKI in HE – the BID

The BID is: Creating a Policy Authority Board to fund

and oversee the HEBCA Developing the policies, guidelines, and

documents needed to create and have HEI CA’s participate in the HEBCA

Finding ways to support the most likely PKI “Killer Apps”

The BID – Deliverables

Operational Bridge Business Model Policy Management Authority

– Operational Authority– Structure of National Bridge Network

Communications and Marketing, e.g., Net@EDU, etc.

Discussion Point

For what applications do you hope to use PKI – In the near-term (12-24 months)?– In the long-term (24 months-plus)?

Discussion Point

What will help you justify investment in PKI?– S/MIME?– VPN access/support?– Access to remote resources (library materials,

research applications, et.al.)– Digital signature applications– Other?

Discussion Point

What applications do you see would justify the existence of a HE PKI Bridge?– E-commerce (trust is important)?– E-transactions w/ Fed gov’t (accountability is

important)?– App-to-app messaging with external parties?– Other?

Discussion Points

What value would you see in a sector CA?

Finally, what PKI usability issues handicap your implementation – Portability? – User interface? – Digital signatures profile? – Credentials left unlocked?

The BID’s near-term focus – 2 likely “Killer Apps” Secured e-mail

– Reduce identity theft– Increase privacy– Increase use of electronic commerce at campus-

& Institutional- & national levels E-grants

– Faster, secured grant processing– Faster (e-)payments– More secured communications & fund Xfers– Federal focus is on this initiative

PKI in HE – What Next?

BID is developing project timeline and goals to stand a production PKI Bridge

BID is developing a HE-focused service model to facilitate increased use of PKI at all levels of HE

PKI in HE – Future Goals

Stabilize technology (w/ Fed)– LDAP with eduPerson & certs– Shibboleth– Bridge-aware Web browsing (esp. Mozilla)– Bridge-aware PKI CA vendors (e.g. Verisign,

etc.)

Support or provide a CA service for those HEIs that do not stand their own CA

PKI in HE – Future Goals

Work with the NSF Middleware Initiative (NMI) to cross-promote our solutions for secured commerce and remote applications that best fit the HE sector

Through PKI, increase efficiency of grants, funding, and e-mail transactions

PKI in HE – Thank you

Conclusion– Questions?– Comments?