Download
1 / 10
110 likes | 224 Views
This document outlines the initiatives of the SAFE (Secure Access for Everyone) Public Key Infrastructure (PKI) led by Terry Zagar, focusing on the biopharmaceutical community. It discusses the SAFE Community Framework, architecture drivers, and the significance of trusted e-identity credentials in regulatory compliance and business efficiency. It also addresses governance, specifications for for-profit and non-profit entities, issuer services, and future directions for SAFE applications, emphasizing the development of interoperable systems that prioritize security and compliance in the biopharmaceutical sector.
E N D
SAFE Public Key Infrastructure (PKI) Terry Zagar Chair, SAFE Operations & Technology Working Group April 21, 2005
Topics • SAFE & Biopharmaceutical Community • SAFE Community Framework • Architecture Drivers • SAFE Architecture • Certificate/OCSP Structure • Building Understanding & Conformance • Future SAFE Directions
SAFE & Bio-Pharmaceutical Community MAY 2003 SAFE strategic PhRMA initiative CONCEPT • Trusted e-identity credentials • Closed contractual system • Accredited • Business focus DRIVERS • Regulatory compliance • Business efficiency • Cost savings DEC 2003 Seed investment 12 bio-pharmaceuticals JUN 2003 SAFE Standard v1.0 DEC 2004 SAFE-Biopharma 8 bio-pharmaceutials JUN 2005 [planned] SAFE Bridge IOC & SAFE Standard v2.0
SAFE-Biopharma Agreement Agreement Member Issuer SAFE Standard • Business/Legal • Governance • Specifications Full • For-Profit Entities • Not-For-Profit Entities • Government Orgs Services • SAFE Bridge CA • Directory • Issuer Services for Medical Practitioners/Others Associate • Medical Practitioners • Other Entities/Individuals designated by SAFE Agreement SAFE Community Framework Services • CA / RA / CSA • Credentials for Members • Identity Proofing
SAFE Architectural Drivers • High trust system • Pre-existing Member PKIs • Minimum of reinvention • Regulatory compliance • Move burden from user to infrastructure • Do not preclude other uses • What time is it in …?
C P C P C P SAFE Architecture SAFE Issuer Registration and Certificate Management Systems OCSP Request OCSP Response Cross Certificates SAFE Certificate SAFE Certificate OCSP SAFE Cert. Response Subscriber Authentication SAFE- Biopharma SAFE Bridge CA Central Systems End-User Systems Machine Systems OCSP Request Validation Request & Response Signing & Validation Request & Response Signing & Validation Request & Response OCSP Request OCSP Response SAFE Member SAFE Enabled Applications Details contained in associated Details contained in SAFE CP Technical Specification
Key SAFE Certificate & OCSP Features SAFE Subscriber Certificate • Issuer & Subject Distinguished Name field • Subject Alternate Name extension • Key Usage extension • Authority Information Access extension • Certificate Policies extension SAFE OCSP Request/Response • SAFE certificate validation must use OCSP • OCSP Responder must accept unsigned requests • Nonce required for digital signature validation purposes only
Building Understanding & Interoperability • Participation • Member working groups • Member control mechanisms • Member tools • Issuers, Infrastructure providers, Application vendors, Integrators • Accreditation • Members • Issuers • Certification • Application vendors • Infrastructure providers • Integrators
Future SAFE Directions • Easing SAFE application enablement • API Specification between applications and certificate validation software/services • API Specification between applications and smart card/token middleware • Verifying SAFE application enablement • Designation of independent certification test labs • Supporting other uses for SAFE identity • SAFE specifications/guidance for authentication uses
