pki digital id itmc university wisconsin
TRANSCRIPT
University of Wisconsin SystemDigital ID – PKI
Digital CertificateService Overview
Nicholas DavisNovember 8th, 2011
Overview• Digital ID explained• Digital ID uses• Authentication - HRS• Signing – MS Office• Encryption – Email and attachments
• Digital ID Service History and Expansion• Getting a Digital ID• Digital ID storage• Support for Digital ID• Summary of Digital ID uses
• Challenges• Try a Digital ID• Live demonstration
Digital ID Explained• A Digital ID is like an
electronic passport, with extra benefits
• Three ways to identify yourself:
Something you know
Something you are
Something you have
• A Digital ID is something you have, which is very strong in terms of assurance
Digital ID Uses
• Authenticate a person to a protected resource, such as a web application
• Digitally sign documents, with proof of authorship and proof of document integrity
• Encrypt email you send to other people and decrypt email which you receive from others
Digital ID For Authentication
• Coming soon to HRS!• Many HRS users have the ability
to view and change the data of others in the system
• Username and password are not sufficient to protect access to data of others
• Digital ID provides a strong assurance of identity before permitting access to sensitive data
Digital ID For Electronic Document Signing
• Microsoft Office enables using a Digital ID to sign: Word, Excel, Powerpoint files
• Prove who created the file• Prove that the file has not been
altered in any way from its original form
Digital ID for Email Encryption
• Have you ever sent sensitive information via email?
• Your email is not secure• A Digital ID can make
your email and attachments secure
• Works around campus, and around the world
Digital ID Service
• Started in 2005 at UW-Madison• Extended to UW System
campuses in 2011• Each Digital ID is valid for 5
years• Each campus gets their own
Digital ID service, including local administration
• The overall Digital ID Service is maintained by UW-Madison
Centralized Infrastructure
• Simplicity - Only one authentication solution needed per application
• Leverages access to system wide person data
• Scalable and consistent, important for LOA enforcement
Getting a Digital ID
1. Customer visits a Registration Authority
2. Customer is identity proofed
3. Customer receives email with download authorization code
4. Customer downloads Digital ID
Digital ID Storage• May be stored as an encrypted
file on the customer’s computer• May be stored on a smartcard or
USB token• Insert card to authenticate, sign
and decrypt
Technical Support Documentationhttp://kb.wisc.edu/uwdid/
One Digital ID Can Do So Many Things
• Augment username and password to strengthen authentication and protect sensitive system access
• Digitally sign documents to prove authorship and integrity
• Encrypt email and attachments in transit and storage
• Will be required for many users of HRS
Digital ID Challenges
• Customer education about best security practices
• Cost of Digital IDs and associated hardware and software
• Practical adoption issues in the decentralized environment of UW System
Try a Digital ID• Request your own Digital ID at
https://uwdigitalid.wiscsonsin.edu• For support:
• Download your Digital ID onto a Windows or Macintosh computer
• We are always available to help!• Demonstration of the service, by
Chris Spencer