NET@EDU - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

NET@EDU

Description:

Office of the President. PKI Workshop. Tempe, AZ. February 5, 2002 ... [ If so, there are neat things one can contemplate regarding records retention. ... – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 21
Provided by: clairgo
Category:
Tags: edu | net | contemplate

less

Transcript and Presenter's Notes

Title: NET@EDU


1
NET_at_EDU
  • Co Chairs
  • C. W. Goldsmith
  • University of Alabama at Birmingham
  • David L. Wasley
  • University of California
  • Office of the President

2
PKI Workshop
  • Tempe, AZ
  • February 5, 2002
  • Meeting Moderator Clair Goldsmith

3
PKI Workshop Agenda
  • 830 Welcome
    Clair G.
  • 840 Campus update roundtable
  • 930 CREN CA update
    David W.
  • 940 HEBCA update
  • NIH experiment
    Steve W.
  • 950 HECP presentation
    David W.
  • 1000 PKI-Lite and S/MIME initiative David
    W.
  • 1015 Break

4
PKI Workshop Agenda
  • 1045 Quick updates
  • FERPA and PKI Directories Steve W.
  • HIPAA update
    Clair G.
  • HealthKey, etc.
    Clair G.
  • 1100 PKI Implementation Issues Clair G.
  • 1200 - 100 Lunch

5
PKI Workshop Agenda
  • 100 Grid Security Technologies
  • Grid Security Requirements John M.
  • CAS
    Von M.
  • Shibboleth Inter-realm author Bob M.
  • HEBCA, HEPKI
    Michael G.
  • KX509
    Ken K.
  • myProxy
    Randy
  • 300 Break

6
PKI Workshop Agenda
  • 330 Continued PKI Implementation Issues
  • Potential pilot projects and/or
    issues to be investigated
  • 500 Adjourn

7
PKI IMPLEMENTATION ISSUES
  • Stategies For Implementing a CA
  • In-house versus outsourcing
  • Vendor code versus open source
  • Institutional resource requirements
  • What about the CP/CPS?

8
PKI IMPLEMENTATION ISSUES
  • Authorization Strategies
  • Legacy applications?
  • Can we categorize applications and appropriate
    strategies?
  • Attribute certificates versus attribute
    directories

9
PKI IMPLEMENTATION ISSUES
  • Portals and other "single sign-on" approaches
    applications such as ERP systems and course
    management systems need to be not just directory
    enabled, but cert-in-directory enabled.

10
PKI IMPLEMENTATION ISSUES
  • Directories
  • Is there an authoritative directory of those
    associated with the institution?
  • If not, what does it take to create one? (best
    practices)

11
PKI IMPLEMENTATION ISSUES
  • Email
  • Can be signed and encrypted.
  • Is a one or two key system best and why?
  • List servers can modify email thereby making
    signing those messages pointless.

12
PKI IMPLEMENTATION ISSUES
  • Email
  • Outlook has two mechanisms
  • One requires that all email be signed in other
    words signing is a configuration parameter of the
    Outlook client
  • Other requires pulldown menus for single use (4
    clicks)
  • Ideally, signing should be something I choose.
  • Should signing require a password (access the
    private key) every time it is performed?
  • Outlook signs only the email message and not
    enclosed attachments.
  • Communicator seems to sign both.

13
PKI IMPLEMENTATION ISSUES
  • Multiple certificates and S/MIME!

14
PKI IMPLEMENTATION ISSUES
  • Digital Signatures
  • How can one sign a document (in Word),
    independent of an email client?
  • Requires a third party product for example
    eLock
  • Adobe allows signing of Acrobat documents through
    proprietary plug-ins, but plug-ins are not
    available for all certificates.
  • How can the Adobe signer be prevented from
    creating certificates?

15
PKI IMPLEMENTATION ISSUES
  • What does it mean to sign a web form?
  • Does it attest to the information placed in
    boxes?
  • The information around the boxes?
  • Or both?
  • If both, what is then done with it? Where is it
    put?
  • Does all of it need to be in a database lock,
    stock, and html? If so, there are neat things
    one can contemplate regarding records retention.

16
PKI IMPLEMENTATION ISSUES
  • Multiple Signatures
  • Having more than one signature on a document is
    rarely supported
  • One signer application (e-Lock version 4.X)
    allows multiple signatures, but you cannot see
    the document content at the time you sign the
    document, which provides opportunities for other
    errors.

17
PKI IMPLEMENTATION ISSUES
  • Other Signature Issues
  • Do you always need to validate signatures as well
    as verify them?
  • If so, application plug-ins such as provided by
    Adobe will not be adequate.
  • Some of the application signers are priced on a
    per use basis!

18
PKI IMPLEMENTATION ISSUES
  • Cert Key Management
  • How to best handle key escrow for decryption
    keys?
  • This problem is compounded when keys expire
    annually.

19
PKI IMPLEMENTATION ISSUES
  • Certificate and private key portability options?
  • Proxy authentication issues

20
PKI IMPLEMENTATION ISSUES FUTURES
  • National Security Card
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NET@EDU" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!