Overview of US PKI

1
Overview of US PKI

• Peter Alterman, Ph.D.
• Chair, Federal PKI Policy Authority and
• Asst. CIO E-Authentication, NIH

2
Overview of Federal PKI
Common Policy
SSPs
In discussion
TAGPMA
CertiPath SSP
FBCA
Test since 2002
begun
CertiPath
SAFE
C4
HEBCA?
Industry PKIs
eGCA (3)
3
Overview of Federal PKI
HEBCA?
DOD DHS NASA Commerce USPS
USPTO HHS DOE IL USDA/NFC DOJ
Boeing State DOD/ECA GPO Treasury Wells
Fargo MIT LL
Common Policy
Total 12 15M users
SSPs
VeriSign Cybertrust ORC Treasury GPO? Exostar? Ide
ntrust? Entrust?
TAGPMA
Serving all other Agencies
CertiPath SSP
FBCA
begun
Abbott Labs AstraZeneca Bristol-Myers
Squibb Genzyme GlaxoSmithKline INC Research
Johnson Johnson Merck Pfizer Procter
Gamble Sanofi-Aventis TAP Pharmaceuticals
CertiPath
SAFE
C4
Industry PKIs
USHER?
Boeing Northrop
Grumman Raytheon Lockheed
Martin Airbus BAE
eGCA (3)
EAF member CSPs TLS certs
4
Current Outward-Facing Initiatives

• Cross certify University of Texas System _at_ Basic
• Cross certify TAGPMA new profile at C4 GRIDS!
• Cross certify SAFE
• Cross certify MIT Lincoln Lab at Medium

5
Current Inward-Facing Initiatives

• Harmonize Common Policy with FIPS 201
• Harmonize Bridge Policy with Common Policy
• Update Crits Methods for both Bridge and SSP

6
Shared Service Provider Update

• Current SSPs
• CyberTrust
• VeriSign
• Treasury
• Exostar
• ORC

• Pending
• GPO
• IdenTrust
• Entrust

7
On The Horizon

• Policy/Guidelines For Encryption Services
• Attributes SAML interfacing
• SCVP