PKI Infrastructure Deployment
Project
Responsible Director:Jim Jokl
Project Manager: Martha Stearns
Demo Site: http://pkidemo.itc.virginia.edu
Project Working Group Page: http://www.itc.virginia.edu
Send mail to: pki-cdp@virginia.edu
Project Start Date: 6/29/2000
Purpose:
To evaluate existing technology and university data security procedures/processes
in order to implement a Public Key Infrastructure (PKI) that provides long-term,
cost-effective solutions that meet university requirements for access to
sensitive information, both on and off grounds and is compatible with various
university, state, and national PKI initiatives.
Goal:
To design, develop, and deploy a PKI infrastructure for general university
use without imposing an undue burden on either the user or the provider
of the service and employing open source, software-based solutions when
possible. Topics to be addressed/reviewed in achieving this
goal are:
-
Policies and procedures currently used to protect sensitive information
and how PKI should be incorporated into the framework.
-
Data Classification categories and protection requirements
-
Candidate applications/systems to be PKI-enabled, such as form and document
signing, signed and encrypted e-mail, and general application and Web authentication..
-
Infrastructure and standards-based tool set required to support a PKI
-
Certificate Authority (CA)
-
Registration Authority (RA)
-
Certificate Revocation List (CRL)/Online Certificate Status Protocol (OCSP)
-
Directory
-
Mobility of users and potential solutions such as hardware tokens
-
Provision of hardware and software to provide long term support for PKI-enabled
services
-
Documentation and training requirements
-
Participation in the CREN CA, Internet2 Middleware, and other national
PKI initiatives.
-
Support for the state PKI Bridge Project to ensure interoperability
with the prototype and production state bridges.
-
Communications & Systems initiatives that may impact (or be impacted
by) project
-
Network Systems on LDAP directory changes.
-
Microcomputer Systems on Win2K issues.
-
University initiatives that will impact project
-
E-mail CDP and requirements for a S/MIME client.
-
Electronic Signature (E-Sig) Committee
Impact:
As more applications make use of PKI and users begin to trust
the technology, the number of central and departmental systems and services
using this technology will grow. It is also likely that many of the
requirements that necessitate the use of SecureID and the proxy server
will be incorporated into the applications themselves through the use of
the standards-based tool set deployed by this CDP. This will provide
a security architecture that can be applied consistently across all platforms
and data at the University.
.
Participants/Members:
Ian Brill
Hamp Carruth
Jeff Collyer
Barbara Deily
Jerry Dodd
Vonda Durrer
Mike Jewel
Jim Jokl
Debbie Mills
Shirley Payne
Olaf Pors
Ken Ruggaber
Yuji Shinozaki
Tim Sigmon
Tom Spraggins
Martha Stearns
Tony Townsend
Peter Vines
Services and Costs:
Services and costs will vary depending on decisions made in the project.
Sufficient funding has been allocated to investigate technologies and deploy
an open source-based solution.
Schedule:
Begin Cross Divisional Project effort June 2000.
Assumptions:
-
The project team will work in phases, focusing on early wins and deploying
appropriate levels of authentication as needed.
-
National efforts will be tracked and followed as appropriate.
-
The focus will be on authentication not authorization unless this precludes
participation in pilot projects identified by the team.
Working
Group Page
