Nih educause pki interoperability project
Download
1 / 12

NIH-EDUCAUSE PKI Interoperability Project - PowerPoint PPT Presentation


  • 98 Views
  • Uploaded on

NIH-EDUCAUSE PKI Interoperability Project. Electronic Grant Application With Multiple Digital Signatures. Peter Alterman, Ph.D. Director of Operations Office of Extramural Research. The Problem.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'NIH-EDUCAUSE PKI Interoperability Project' - evania


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Nih educause pki interoperability project

NIH-EDUCAUSE PKI Interoperability Project

Electronic Grant Application With Multiple Digital Signatures

Peter Alterman, Ph.D.

Director of Operations

Office of Extramural Research


The problem
The Problem

  • NIH receives roughly 40,000 applications for new grants annually. Each application averages 125 pages and five copies are required to be submitted. Multiply that times 40,000: we receive an average of 25 million pages a year!

  • While NIH has been developing strategies to convert paper to electronic processes, good solutions to the problem of electronic signature implementation have been lacking.

  • Institutions are busy deploying PKIs and issuing digital certificates to their faculties and staffs and they want to use those credentials to do business with the government and with each other.


Project goals
Project Goals

  • Receive grant applications in electronic form signed with two different, validated, digital certificates each

  • Use digital certificates issued by Institutions

  • Demonstrate interoperability among four different CA vendors’ products, including two different PKI service providers


Project concept of operations conops

HEBCA

E-Lock

Assured Office

Digital Signed

Grant Appl

Certificate Validation

University A

NIH OER Mail Server

University A

FBCA

Internet

Certificate Validation

University B

E-Lock

Assured Office

Digital Signed

Grant Appl

University B

NIH CAM Server with DAVE

Certificate Validation

University C

Cert

Status

NIH OER Recipient

E-Lock

Assured Office

Digital Signed

Grant Appl

E-Lock

Assured Office

Digital Signed

Grant App.

University C

E-Lock

Assured Office

CAM-enabled

Cert

Status

Project Concept of Operations (CONOPS)


Project accomplishments to date
Project Accomplishments to Date

  • Successful demonstration of bridge-to-bridge interoperability

  • Receipt of digitally-signed electronic submissions from UAB, UWM and Dartmouth with..

  • Successful validation of digital signatures from 3 CA vendors - RSA, iPlanet and Entrust, respectively, using..

  • Software developed for the task (DAVE).

  • In other words, it works!

  • Project received the Management and Leadership Best Practices Award from the Potomac Forum and an E-Gov Pioneer Award.


Reusable infrastructure developed by the nih educause pki project
Reusable Infrastructure Developed By The NIH-EDUCAUSE PKI Project

  • Bridge-to-Bridge Interoperability Infrastructure

  • Certificate Path Discovery Software

  • Support for LDAP directory chaining protocols and LDAP – X.500 directory interoperability

  • Interoperability among multiple CA products (RSA, Entrust, iPlanet)


Implications for pki enabling other agency and institution applications
Implications for PKI-enabling Other Agency and Institution Applications

  • Robust infrastructure supports secure inter-domain information exchange

  • Focus on PKI-enabling local applications rather than on building cross-PKI communications

  • Allows organizations to choose from among many vendors

  • Relying parties do not have to issue, and manage, digital credentials


Next steps planned
Next Steps Planned Applications

  • Automate receipt; verification and validation of digital signatures; archiving of signature data with signed validity assertion

  • Automate return receipt notification

  • Complete interoperability demonstration with VeriSign

  • Encrypt email carrying signed attachments to ensure privacy

  • Add new universities/colleges to pilot

  • Add State CAs and Federal Agency CAs


Lessons learned
Lessons Learned Applications

  • Solving directory issues is the key to interoperability

  • No vendor’s X.509v3 certificates are like any other’s

  • Protocols for everything are in flux

  • There are NO show-stoppers


Participating institutions

University of Texas - Houston  Applications

Participating Institutions



For more information
For More Information Applications

  • Project Report in the Workshop Proceedings

  • Peter Alterman: [email protected]

  • Steve Worona: [email protected]

  • Deb Blanchard: [email protected]

  • Monette Respress: [email protected]


ad