Federal PKI Update - PowerPoint PPT Presentation

About This Presentation
Title:

Federal PKI Update

Description:

No architectural changes in last 6 months stable ... Most of the work diverted to HSPD-12 implementation. Federal PKI: Shared. Service Provider Update ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 10
Provided by: Alte8
Category:

less

Transcript and Presenter's Notes

Title: Federal PKI Update


1
Federal PKI Update
  • Peter Alterman, Ph.D.
  • Chair, Federal PKI Policy Authority

2
Agenda
  • Current state of the Federal PKI
  • Bridge-to-Bridge Update
  • FIPS 201 and Chicken Little
  • Pending Issues
  • Why this matters to You

3
Simplified Diagram of Federal PKI
Federal Bridge CA
Common Policy CA
Cross- Certified gov PKIs
Shared Service Provider PKIs (Common Policy
OID And root Cert)
C4 CA
E-Gov CAs (3)
Cross- Certified External PKIs
eAuth CSPs
?
4
Federal PKI Summary
  • No architectural changes in last 6 months
    stable
  • Closure near on path discovery/path validation
    tools and services
  • Cross-certification approved with first
    commercial partner Wells Fargo Bank, and near
    with Boeing
  • New Federal Bridge CP adopted in RFC 3647 format
    incorporating Medium Hardware LOA
  • New Federal Certificate Profile adopted requiring
    populating AIA or SIA fields
  • Most of the work diverted to HSPD-12
    implementation

5
Federal PKI Shared Service Provider Update
  • New High Assurance Policy for Common Policy CA
    approved
  • One new Shared Service Provider approved and two
    others in process
  • No new self-signed Agency PKIs allowed unless
    waiver granted from OMB.

6
Federal PKI and EAuthentication
  • PKI required for Levels 3 4
  • EAuth management still clueless about integrating
    PKI into operational vision
  • Therefore, focusing on LOA 1 2 with SAML as
    transport

7
Bridge to Bridge Update
  • Policy roadblock (citizenship of trusted
    operators) surmounted by creating commercial
    best practice policies at Medium and Medium
    Hardware LOA
  • FBCA reserves High Assurance cross-certification
    for governments only
  • SAFE bridge (pharmaceutical) operational
  • Certipath bridge (aerospace) open for business
    before 12/31 already in technical
    interoperability testing with FBCA
  • HEBCA aiming for Medium Hardware
    cross-certification with FBCA USHER aiming for ??

8
FIPS 201 and Chicken Little
  • FIPS 201 mandates both identity proofing
    standards and PKI on a SmartCard for all feds and
    inside contractors
  • Identity Proofing standard required 10/05 of ALL
    federal agencies security checks of all new
    hires over next 12 months, security checks of
    all employees and contractors. Huge and
    bottlenecks expected.
  • SmartCard standards in place but incomplete. No
    products yet available. Middleware also playing
    catch-up. Both promised for 2Q06.
  • Agencies stunned and busy playing catch-up with
    little money to implement. Meteorologists
    predict a blast of hot air followed by a blizzard
    of meaningless but expensive paper. A blessed
    few will succeed, making everybody else look
    inept. Blame will be spread wide.

9
Discussion
altermap_at_mail.nih.gov
Write a Comment
User Comments (0)
About PowerShow.com