logging in or signing up alterman pki 05 13 01 Mee12 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 197 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: January 01, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript The U.S. Federal PKI and the Federal Bridge Certification Authority: The U.S. Federal PKI and the Federal Bridge Certification Authority Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee and Acting Director, Federal Bridge Certification AuthorityIntroduction - Overview: Introduction - Overview The Goals of the U.S. Federal PKI: The Goals of the U.S. Federal PKI A cross-governmental, ubiquitous, interoperable Public Key Infrastructure. The development and use of applications which employ that PKI in support of Agency business processes.Why A U.S. Federal PKI?: Why A U.S. Federal PKI? Statutory mandates for e-government and implementing electronic signature technology Demands for improved services at lower cost International Competition International CollaborationWhy NOT a U.S. Federal PKI?: Why NOT a U.S. Federal PKI? Concerns of Privacy Advocates Agency internal politics Vendor battles for market space CostThe Approach to a U.S. Federal PKI: The Approach to a U.S. Federal PKI Agencies implement their own PKIs Create a Federal Bridge CA using COTS products to bind Agency PKIs together Establish a Federal PKI Policy Authority to oversee operation of the Federal Bridge CA Ensure directory compatibility Use ACES for transactions with the publicA Snapshot of the U.S. Federal PKI: A Snapshot of the U.S. Federal PKI Federal Bridge CA NFC PKI Higher Education Bridge CA NASA PKI DOD PKI Illinois PKI University PKI CANADA PKIThe U.S. Federal Bridge Certification Authority (FBCA): The U.S. Federal Bridge Certification Authority (FBCA) FBCA Overview: FBCA Overview Designed to create trust paths among individual Agency PKIs Employs a distributed - NOT a hierarchical - model Commercial CA products participate within the membrane of the Bridge Develops cross-certificates within the membrane to bridge the gap among dissimilar productsFBCA Goals: FBCA Goals Leverage emerging Agency PKIs to create a unified Federal PKI Limit workload on Agency CA staff Support Agency use of: Any FIPS-approved cryptographic algorithm A broad range of commercial CA products Propagate policy information to certificate users in different AgenciesFBCA Architecture: FBCA Architecture Multiple commercial CAs within a “membrane” that cross-certify and interoperate CAs offline No network connectivity (CA sneaker net to directory) FBCA directory online 24 X 7 X 365FBCA Directory Architecture: FBCA Directory Architecture Chained X.500 directories Dual-rooted FBCA directory is “hub” dc=gov o=U.S. Government, c=US LDAP supported for non-X.500 directoriesDirectory Model: Directory ModelFBCA Operation: FBCA Operation Issues Certificates to Participating CAs only FPKI Steering Committee oversees FBCA development and operations Documentation Enhancements Client-side software Operates in accordance with Policy Authority and FPKISC directionFPKI Policy Authority : FPKI Policy Authority Determines participants and levels of cross-certification Participants become voting members Administers Certificate Policy Enforces compliance by member organizations General Services Administration serves as Operational AuthorityPolicy Mapping: Policy Mapping Candidate Certificate Policies evaluated against the FBCA CP for adequacy and levels of assurance: Identity binding CA security Performed by the Federal Policy Management Authority Certificate Policy Working Group with contractor support Requirements publicly available on NIST websitePolicy Equivalence Example: Policy Equivalence ExamplePolicy Mapping Example: Policy Mapping Example DoD CLASS 3 Subscriber DoD CLASS 3 Subscriber Can. HIGH Subscriber Can. MED Subscriber DoD CLASS 4 = Federal High DoD CLASS 3 = Federal Medium Federal High = DoD CLASS 4 Federal Medium = DoD CLASS 3 Canadian High = Federal High Canadian Medium = Federal Medium Federal High = Canadian High Federal Medium = Canadian MediumReferences: References Federal PKI Steering Committee Website: http://www.cio.gov/fpkisc NIST PKI Website: http://csrc.nist.gov/pki ANSI Website: http://www.ansi.org IETF Website: http:/www.ietf.orgAcknowledgements: Acknowledgements Thanks to: Judith Spencer, Chair, Federal PKI Steering Committee Tim Polk, National Institute of Standards and Technology Dave Fillingham, National Security Agency You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
alterman pki 05 13 01 Mee12 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 197 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: January 01, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript The U.S. Federal PKI and the Federal Bridge Certification Authority: The U.S. Federal PKI and the Federal Bridge Certification Authority Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee and Acting Director, Federal Bridge Certification AuthorityIntroduction - Overview: Introduction - Overview The Goals of the U.S. Federal PKI: The Goals of the U.S. Federal PKI A cross-governmental, ubiquitous, interoperable Public Key Infrastructure. The development and use of applications which employ that PKI in support of Agency business processes.Why A U.S. Federal PKI?: Why A U.S. Federal PKI? Statutory mandates for e-government and implementing electronic signature technology Demands for improved services at lower cost International Competition International CollaborationWhy NOT a U.S. Federal PKI?: Why NOT a U.S. Federal PKI? Concerns of Privacy Advocates Agency internal politics Vendor battles for market space CostThe Approach to a U.S. Federal PKI: The Approach to a U.S. Federal PKI Agencies implement their own PKIs Create a Federal Bridge CA using COTS products to bind Agency PKIs together Establish a Federal PKI Policy Authority to oversee operation of the Federal Bridge CA Ensure directory compatibility Use ACES for transactions with the publicA Snapshot of the U.S. Federal PKI: A Snapshot of the U.S. Federal PKI Federal Bridge CA NFC PKI Higher Education Bridge CA NASA PKI DOD PKI Illinois PKI University PKI CANADA PKIThe U.S. Federal Bridge Certification Authority (FBCA): The U.S. Federal Bridge Certification Authority (FBCA) FBCA Overview: FBCA Overview Designed to create trust paths among individual Agency PKIs Employs a distributed - NOT a hierarchical - model Commercial CA products participate within the membrane of the Bridge Develops cross-certificates within the membrane to bridge the gap among dissimilar productsFBCA Goals: FBCA Goals Leverage emerging Agency PKIs to create a unified Federal PKI Limit workload on Agency CA staff Support Agency use of: Any FIPS-approved cryptographic algorithm A broad range of commercial CA products Propagate policy information to certificate users in different AgenciesFBCA Architecture: FBCA Architecture Multiple commercial CAs within a “membrane” that cross-certify and interoperate CAs offline No network connectivity (CA sneaker net to directory) FBCA directory online 24 X 7 X 365FBCA Directory Architecture: FBCA Directory Architecture Chained X.500 directories Dual-rooted FBCA directory is “hub” dc=gov o=U.S. Government, c=US LDAP supported for non-X.500 directoriesDirectory Model: Directory ModelFBCA Operation: FBCA Operation Issues Certificates to Participating CAs only FPKI Steering Committee oversees FBCA development and operations Documentation Enhancements Client-side software Operates in accordance with Policy Authority and FPKISC directionFPKI Policy Authority : FPKI Policy Authority Determines participants and levels of cross-certification Participants become voting members Administers Certificate Policy Enforces compliance by member organizations General Services Administration serves as Operational AuthorityPolicy Mapping: Policy Mapping Candidate Certificate Policies evaluated against the FBCA CP for adequacy and levels of assurance: Identity binding CA security Performed by the Federal Policy Management Authority Certificate Policy Working Group with contractor support Requirements publicly available on NIST websitePolicy Equivalence Example: Policy Equivalence ExamplePolicy Mapping Example: Policy Mapping Example DoD CLASS 3 Subscriber DoD CLASS 3 Subscriber Can. HIGH Subscriber Can. MED Subscriber DoD CLASS 4 = Federal High DoD CLASS 3 = Federal Medium Federal High = DoD CLASS 4 Federal Medium = DoD CLASS 3 Canadian High = Federal High Canadian Medium = Federal Medium Federal High = Canadian High Federal Medium = Canadian MediumReferences: References Federal PKI Steering Committee Website: http://www.cio.gov/fpkisc NIST PKI Website: http://csrc.nist.gov/pki ANSI Website: http://www.ansi.org IETF Website: http:/www.ietf.orgAcknowledgements: Acknowledgements Thanks to: Judith Spencer, Chair, Federal PKI Steering Committee Tim Polk, National Institute of Standards and Technology Dave Fillingham, National Security Agency