University of Texas PKI Status - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

University of Texas PKI Status

Description:

CREN-Mellon conference, December 1, 2001. University of Texas PKI Status ... CREN-Mellon conference, December 1, 2001. Readiness to Issue Certs to Select Groups ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 10
Provided by: cren
Category:

less

Transcript and Presenter's Notes

Title: University of Texas PKI Status


1
University of Texas PKI Status
2
PKI TEAM
  • Gene Titus, Systems Architect (U.T. System
    Office of Telecommunication Services)
  • Jim Lyons, Developer and DBA (U.T. Austin
    ITS/Telecommunications and Networking)
  • Frank Sayre, Coordination, Policy (U.T.
    Austin ITS/Telecommunications and Networking)
  • U.T. System Associate Vice-Chancellor, Chief
    Information Officer
  • U.T. System System Audit Office
  • U.T. System Office of Information Resources
  • U.T. Austin Vice-President for Information
    Technology (ITS)
  • ITS Administrative Computing
  • ITS Security Office
  • U.T. Austin Office of Internal Audits

3
Management of Community Data
  • Directory organized as X.500 hierarchy
  • Campus-wide, 100 coverage of entire community
  • Populated through daily feeds from HR and
    Registrar
  • Managed via OpenLDAP v. 1.2x
  • Accessible via Richter/TU Chemnitz web500gw-2.1b3
    at http//directory.utexas.edu/
  • Operated on RedHat Linux 6.x on generic Pentium
    II 450 MHz rackmount system

4
Current Network Authentication Scheme
  • Electronic ID (EID) -- pre-PKI
  • Campus-wide 100 of community using network-based
    electronic services (grades, transcript requests,
    class rosters, time sheets, bio updates, etc,
    etc)
  • Username/password credential providing
    single-sign-on for network-based services
  • Established at face-to-face presentation of
    identity credentials at University ID Center
  • User logon through HTTPS connection to HPUX
    systems tied in with central authorization
    records residing in MVS. Authorization data is
    passed inside RSA MD5-encrypted cookie
  • Viable authentication mechanism for end-user
    certificate requests through HTTPS-based PKI
    Registration Authority

5
Planned Initial Uses, 2002/03
  • SSL server certificates
  • Authentication for network-based services (to
    some degree replacing EID)
  • Digitally signed documents (S/MIME protocol) for
    special groups
  • Digitally signed and encrypted e-mail (S/MIME
    protocol) for special groups

6
Current Deployment Status U.T. System
  • Certification Authority implemented with
    PERL/OpenSSL tested
  • Private key storage in Chrysalis Luna CA3 (FIPS
    140-1, level 3) HSM tested
  • CA certificate to be signed by CREN January,
    2002
  • System operated on RedHat Linux 6.x on generic
    Pentium II 450 MHz rackmount system
  • Issuance of Institutional CA certficates for U.T.
    component campuses Spring, 2002
  • Policy governing CA certificate issuance due
    early Spring, 2002

7
Current Deployment Status U.T. Austin
  • Certification Authority implemented with
    PERL/OpenSSL tested
  • HTTPS-accessible Registration Authority
    implemented in PERL tested
  • Registration Authority integrated with current
    EID network authentication tested
  • Issuance of end-entity certificates to
    Schlumberger CyberFlex smartcards tested
  • Back-end storage and management of certficates in
    Unix dbm tested
  • Initial, informal testing of CRL publication to
    OCSP server completed
  • Initial, informal testing of PKI-enabled client
    applications signficant problems revealed
  • Operated on RedHat Linux 6.x on generic Pentium
    II 450 MHz rackmount system
  • CA certificate signed by U.T. System CA Spring,
    2002
  • Policy governing issuance of SSL server
    certificates early Spring, 2002
  • Issuance of SSL server certificates commence
    Spring, 2002
  • Policy for end-entity certificates for special
    groups drafted Spring, 2002
  • Publication of end-entity certificates to
    Directory need additional testing in Spring, 2002
  • Publication of CRLs to OCSP server need
    additional testing in Spring, 2002
  • Formal testing of PKI-enabled client applications
    commence Summer, 2002
  • Formal testing of OCSP client-server functions
    commence Summer, 2002
  • Preparation of user documentation and support
    procedures commence Summer, 2002

8
Content Providers
  • Most widely used content providers include
    Elsevier, OCLC, JSTOR, Bowker, Gale
  • Access allowed for campus IP address range and by
    scripted logon
  • Library staff would like electronic library
    card to be implemented as part of U.T. Austin
    campus PKI.

9
Readiness to Issue Certs to Select Groups
  • Fall, 2002, or Spring, 2003, at earliest
  • Significant administrative effort in area of PKI
    policy
  • Identification of funds
  • Significant user support for essential PKI
    concepts and for configuration and use of
    PKI-enabled client apps
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "University of Texas PKI Status" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!