us higher education root ca usher update
Download
Skip this Video
Download Presentation
US Higher Education Root CA (USHER) Update

Loading in 2 Seconds...

play fullscreen
1 / 12

US Higher Education Root CA USHER Update - PowerPoint PPT Presentation


  • 141 Views
  • Uploaded on

US Higher Education Root CA (USHER) Update. Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia. USHER - US Higher Education Root CA. Philosophy Lots of discussions about the needs of our community Eventual decision to implement what we call USHER-Basic first

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'US Higher Education Root CA USHER Update' - mulan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
us higher education root ca usher update

US Higher Education Root CA (USHER) Update

Fed/Ed MeetingDecember 14, 2005

Jim Jokl

University of Virginia

usher us higher education root ca
USHER - US Higher Education Root CA
  • Philosophy
    • Lots of discussions about the needs of our community
    • Eventual decision to implement what we call USHER-Basic first
    • A different version of USHER may appear in the future to support applications that require a higher levels of assurance
usher basic summary
USHER Basic Summary
  • Purpose: facilitate inter-institutional use of campus issued PKI credentials
  • USHER-Basic target
    • Campuses that operate their PKI infrastructure at the same LOA as their common password-based systems
      • Email, scheduling, and commodity computing, etc
  • The USHER CA itself will operate at a relatively high level of assurance
pki applications
PKI Applications
  • USHER was designed with some of these example applications in mind
    • LionShare
    • Grids (Globus toolkit)
    • Electronic mail (S/MIME)
    • VPN (IPSec), Wireless (EAP-TLS), & SSH authentication
    • Web authentication
expected practices
Expected Practices
  • When campuses join USHER, they are expected to adhere to a set of “Expected Practices”
    • Will operate their PKI using processes that are at least as strong as how they manage accounts for email and calendaring
    • Campuses may issue certificates to anyone affiliated with their institution – the campus definition of affiliation applies
expected practices6
Expected Practices
  • The campus will actively maintain all services that are implied in their certificates, e.g.,
    • CRLs
    • Policy and practices if Policy OID is present
  • Campuses will not join USHER if they can not or will not meet the expected practices
  • Expected practices are still being finalized
ca ra process
CA/RA Process
  • Signed Participation Agreement
    • Signed by a campus official authorized to commit the university
    • Designates the operational campus entity
    • A strong process similar to the one that was used by CREN is used to validate the campus operator and establish a secure communications channel
    • The campus generates a request which is then signed by the USHER CA
usher some q a
USHER: Some Q&A
  • Can a campus have multiple USHER CAs?
    • Yes, and some may do this for organizational reasons
    • Also, one campus USHER CA can issue an Authority Certificate to another as long this is consistent with existing campus ID management practices
  • Eligibility
    • US Higher Education Institutions
    • Other entities sponsored by a US Higher Education member
usher some q a9
USHER: Some Q&A
  • What is the minimum LOA that a relying party can assume?
    • A campus official designated a campus organization to operate the USHER CA
    • USHER used a strong process to validate the organization and establish a secure communications channel
    • The USHER CA signs campus authority certificates using a strong technical process
pki and usher hebca
PKI and USHER/HEBCA
  • (How) do all of these PKI pieces fit together?
    • USHER – US Higher Education Root CA
    • HEBCA – Higher Education Bridge CA
    • Campus Certification Authorities
    • EDUCAUSE contract for outsourced certificates
  • What should a campus be doing?
  • Where’s the glue?
a higher level view of inter organizational trust

FBCA

HEBCA

SAFE

Commercial

Others

A Higher-level View of Inter-organizational Trust

Educause Verisign CA

Campus CA

Campus Users

Campus CA

Campus CA

Campus Users

Campus Users

USHER CA

Campus CA

Campus CA

Campus CA

slide12
Thank you
  • Questions/Discussion
ad