alterman pki 05 13 01

Information about alterman pki 05 13 01

Published on January 1, 2008

Author: Mee12

Source: authorstream.com

Content

The U.S. Federal PKI and the Federal Bridge Certification Authority:  The U.S. Federal PKI and the Federal Bridge Certification Authority Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee and Acting Director, Federal Bridge Certification Authority Introduction - Overview:  Introduction - Overview The Goals of the U.S. Federal PKI:  The Goals of the U.S. Federal PKI A cross-governmental, ubiquitous, interoperable Public Key Infrastructure. The development and use of applications which employ that PKI in support of Agency business processes. Why A U.S. Federal PKI?:  Why A U.S. Federal PKI? Statutory mandates for e-government and implementing electronic signature technology Demands for improved services at lower cost International Competition International Collaboration Why NOT a U.S. Federal PKI?:  Why NOT a U.S. Federal PKI? Concerns of Privacy Advocates Agency internal politics Vendor battles for market space Cost The Approach to a U.S. Federal PKI:  The Approach to a U.S. Federal PKI Agencies implement their own PKIs Create a Federal Bridge CA using COTS products to bind Agency PKIs together Establish a Federal PKI Policy Authority to oversee operation of the Federal Bridge CA Ensure directory compatibility Use ACES for transactions with the public A Snapshot of the U.S. Federal PKI:  A Snapshot of the U.S. Federal PKI Federal Bridge CA NFC PKI Higher Education Bridge CA NASA PKI DOD PKI Illinois PKI University PKI CANADA PKI The U.S. Federal Bridge Certification Authority (FBCA):  The U.S. Federal Bridge Certification Authority (FBCA) FBCA Overview:  FBCA Overview Designed to create trust paths among individual Agency PKIs Employs a distributed - NOT a hierarchical - model Commercial CA products participate within the membrane of the Bridge Develops cross-certificates within the membrane to bridge the gap among dissimilar products FBCA Goals:  FBCA Goals Leverage emerging Agency PKIs to create a unified Federal PKI Limit workload on Agency CA staff Support Agency use of: Any FIPS-approved cryptographic algorithm A broad range of commercial CA products Propagate policy information to certificate users in different Agencies FBCA Architecture:  FBCA Architecture Multiple commercial CAs within a “membrane” that cross-certify and interoperate CAs offline No network connectivity (CA sneaker net to directory) FBCA directory online 24 X 7 X 365 FBCA Directory Architecture:  FBCA Directory Architecture Chained X.500 directories Dual-rooted FBCA directory is “hub” dc=gov o=U.S. Government, c=US LDAP supported for non-X.500 directories Directory Model:  Directory Model FBCA Operation:  FBCA Operation Issues Certificates to Participating CAs only FPKI Steering Committee oversees FBCA development and operations Documentation Enhancements Client-side software Operates in accordance with Policy Authority and FPKISC direction FPKI Policy Authority :  FPKI Policy Authority Determines participants and levels of cross-certification Participants become voting members Administers Certificate Policy Enforces compliance by member organizations General Services Administration serves as Operational Authority Policy Mapping:  Policy Mapping Candidate Certificate Policies evaluated against the FBCA CP for adequacy and levels of assurance: Identity binding CA security Performed by the Federal Policy Management Authority Certificate Policy Working Group with contractor support Requirements publicly available on NIST website Policy Equivalence Example:  Policy Equivalence Example Policy Mapping Example:  Policy Mapping Example DoD CLASS 3 Subscriber DoD CLASS 3 Subscriber Can. HIGH Subscriber Can. MED Subscriber DoD CLASS 4 = Federal High DoD CLASS 3 = Federal Medium Federal High = DoD CLASS 4 Federal Medium = DoD CLASS 3 Canadian High = Federal High Canadian Medium = Federal Medium Federal High = Canadian High Federal Medium = Canadian Medium References:  References Federal PKI Steering Committee Website: http://www.cio.gov/fpkisc NIST PKI Website: http://csrc.nist.gov/pki ANSI Website: http://www.ansi.org IETF Website: http:/www.ietf.org Acknowledgements:  Acknowledgements Thanks to: Judith Spencer, Chair, Federal PKI Steering Committee Tim Polk, National Institute of Standards and Technology Dave Fillingham, National Security Agency

Related presentations


Other presentations created by Mee12

08 Dog and Cat Nutrition
16. 11. 2007
0 views

08 Dog and Cat Nutrition

miguel angel bustamante
01. 10. 2007
0 views

miguel angel bustamante

Athens 2004
02. 10. 2007
0 views

Athens 2004

hauer1
27. 09. 2007
0 views

hauer1

aws
06. 11. 2007
0 views

aws

Chapters 9 10
26. 11. 2007
0 views

Chapters 9 10

ContinuousIntegration final
28. 11. 2007
0 views

ContinuousIntegration final

N A V I G T O R S VBB 2007
30. 11. 2007
0 views

N A V I G T O R S VBB 2007

Fruit Insects
01. 12. 2007
0 views

Fruit Insects

raghavachari
04. 12. 2007
0 views

raghavachari

Test Anxiety 1
06. 12. 2007
0 views

Test Anxiety 1

ProvidentialHistory
31. 10. 2007
0 views

ProvidentialHistory

chap08 og
01. 11. 2007
0 views

chap08 og

handout 184637
05. 11. 2007
0 views

handout 184637

2004 harm present
05. 11. 2007
0 views

2004 harm present

E DESC AK PACOM POL CONF ver31
13. 11. 2007
0 views

E DESC AK PACOM POL CONF ver31

bedeutung innovation
15. 11. 2007
0 views

bedeutung innovation

Parity01 grames slides
23. 11. 2007
0 views

Parity01 grames slides

GA Conf07Lomas
13. 12. 2007
0 views

GA Conf07Lomas

CooperativeLearning
17. 12. 2007
0 views

CooperativeLearning

Friendship 1
23. 12. 2007
0 views

Friendship 1

plant lifecycles
28. 12. 2007
0 views

plant lifecycles

Millay
28. 12. 2007
0 views

Millay

RMA 2005
02. 01. 2008
0 views

RMA 2005

OH
04. 01. 2008
0 views

OH

pp Bioeconomy Polansky Dec2007
04. 01. 2008
0 views

pp Bioeconomy Polansky Dec2007

nazca lines
07. 01. 2008
0 views

nazca lines

4330IBS
30. 10. 2007
0 views

4330IBS

Wk4 Mon
04. 01. 2008
0 views

Wk4 Mon

lh1
21. 11. 2007
0 views

lh1

econ and mgnt of privatization
20. 11. 2007
0 views

econ and mgnt of privatization

jre imps2005
06. 11. 2007
0 views

jre imps2005

EE541 451 class29
28. 11. 2007
0 views

EE541 451 class29

Aquatic Equipment
08. 11. 2007
0 views

Aquatic Equipment

WomensEmploymentJan2 001
24. 02. 2008
0 views

WomensEmploymentJan2 001

1025 QM05 Nardi
29. 10. 2007
0 views

1025 QM05 Nardi

wendybear
24. 12. 2007
0 views

wendybear

Martinac
14. 03. 2008
0 views

Martinac

DynaMed
25. 10. 2007
0 views

DynaMed

IntStu
27. 03. 2008
0 views

IntStu

Country Risk Sep07
13. 04. 2008
0 views

Country Risk Sep07

Eco 336 Constitutional Limits on
17. 12. 2007
0 views

Eco 336 Constitutional Limits on

2003 lecture crypto1
31. 12. 2007
0 views

2003 lecture crypto1

robo lectures
14. 11. 2007
0 views

robo lectures

Ders1
29. 12. 2007
0 views

Ders1

REDLOBSTER
07. 12. 2007
0 views

REDLOBSTER

WarmUps WHII
25. 12. 2007
0 views

WarmUps WHII

pres riccardo
30. 10. 2007
0 views

pres riccardo

Chapt3overhead
12. 11. 2007
0 views

Chapt3overhead

SHFA280301
28. 11. 2007
0 views

SHFA280301

IfA jan03v1
15. 11. 2007
0 views

IfA jan03v1