1 / 11

Update: Federal Bridge and NIH-EDUCAUSE PKI Interoperability Project

Update: Federal Bridge and NIH-EDUCAUSE PKI Interoperability Project. Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health. Current Status of Federal Bridge. CA Products in Membrane Entrust (upgrading to v.6) Microsoft .Net CA RSA Baltimore

latifah-hamilton
Download Presentation

Update: Federal Bridge and NIH-EDUCAUSE PKI Interoperability Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Update: Federal Bridge and NIH-EDUCAUSE PKI Interoperability Project Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health

  2. Current Status of Federal Bridge • CA Products in Membrane • Entrust (upgrading to v.6) • Microsoft .Net CA • RSA • Baltimore • Interoperable with • VeriSign, DST • Entities Cross-certified • DOD, NASA, Treasury, USDA/NFC, ACES • Entities in Process of Being Cross-certified • State, Labor, Justice, Illinois, CANADA • Federal Bridge co-located with Federal Root • Will use CA product already in membrane • Federal Root will cross-certify with Federal Bridge at all assurance levels • Root CP derived from Bridge CP

  3. Federal Bridge and e-Authentication Gateway • Federal Bridge serves as validation mechanism for e-Authentication Gateway when digital certificates are presented

  4. Current Issues for FBCA • Path discovery and path validation in real-time: scaling, latency, etc. • Linking the application and user to the infrastructure (MS CAPI not ready for prime time) • Expanding directory services to include LDAP referrals

  5. Phase Two (Cleanup) Status • Configuration Cookbook complete (ver. 1.0) • Prototype HEBCA operational at Mitretek • Prototype HEBCA moving to Dartmouth • Directory Services operational • Real-time path discovery operational

  6. Phase Three Update

  7. U N V E R S T Y HEBCA Internet CA @ College/University Federal Government Digitally Signed XML form. Digitally Signed XML form. Digitally Signed XML form. Digitally Signed XML form FBCA Applicant & cosigner Internal workflow I B M Agency Server Audit U N I V E R S I T Y Log College/University Validate certs Agency Back End Processing (future demo) Receipt message Receipt and Authorization Server XML form

  8. Current Status of Interoperability Project Phase Three • XML document desktop reader/signer/validator application works on MS platform with IE & Netscape • FBCA-HEBCA interoperability works • Real-time path discovery and validation of iPlanet, VeriSign, DST certs demonstrated but cert and directory configurations are finicky. CAM 4.0 works but needs improvement • Automated validation, reply and signed archiving work

  9. Universities Completing Successful Interoperability Testing • Dartmouth College – iPlanet • University of Alabama-Birmingham –Digital Signature Trust • University of Wisconsin-Madison – home-grown CA based on Open SSL • University of California – VeriSign • University of Virginia (based on Open SSL)- Pending • University of Texas-Houston Health Science Center (VeriSign) - Pending

  10. Federal Agencies Adopting (or having shown interest in adopting) Elements of Interoperability Project (to date) • HHS • GSA/Federal Supply Service • NASA • Education

  11. For Further Information • Peter.Alterman@nih.gov • Dblanchard@trustdst.com • Rweiser@trustdst.com • http://pki.od.nih.gov

More Related