1 / 6

Dartmouth PKI

This document discusses the plans and challenges faced by Dartmouth College regarding their PKI implementation. Topics include the use of hardware tokens, support for HEPKI initiatives, evaluation of replacement options, legislative compliance, and upcoming rollouts.

rsandra
Download Presentation

Dartmouth PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dartmouth PKI: Plans & Challenges(Scott Rea – Dartmouth College)Internet2 Member Meeting, Dec 2006 PKI Implementers Workshop - Chicago, IL

  2. PKI Lab since 2001 Campus operational PKI since 2003 9000 active certificates Students/Staff/Faculty Use of hardware tokens (Aladdin eToken) for secure or high value transactions Support HEPKI initiatives HEBCA Policy Authority HEBCA Operating Authority USHER Operating Authority TAGPMA Founding Member PKI Outreach CA-in-a-box Dartmouth PKI

  3. Campus PKI Existing Netscape Enterprise CA Iplanet -> Red Hat End of Life in July 2006 Require replacement Evaluation of replacement options presented to Management Options Considered Commercial Hosted CA Services Commercial Vendor product run at Dartmouth Open/“Free” product run at Dartmouth Options Outcome Lowest risk but too expensive Medium risk – Possibility based on strategic partnerships Medium risk – least expensive 10,000 certificates is the hump of the camel Expect replacement cut over by mid 2007 Cross-certification with HEBCA next year Dartmouth PKI

  4. Campus PKI PKI is the default authentication mechanism on campus Other supported methods via modified CAS include: Username/Password LDAP based authentication Shibboleth Required for certain applications Legislative compliance HIPAA, FERPA, CALEA High value transactions require hardware based key storage (eTokens) Dartmouth PKI

  5. Campus PKI PKI is optional for most applications today Will become required for certain applications by July 2007 Require hardware token based access by 2008 Hold ups to roll out: Platform support/processes and procedures Drivers for hardware tokens Proposed Roll out Required for network authentication Facilitate management of Encrypted File Systems Document work flow S/MIME Dartmouth PKI

  6. For More Information • Dartmouth Website: http://www.dartmouth.edu/ • PKI Lab http://www.dartmouth.edu/~pkilab/ Scott Rea - Scott.Rea@dartmouth.edu

More Related