1 / 21

Public Key Infrastructure at the University of Pittsburgh

Public Key Infrastructure at the University of Pittsburgh. Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring 2000 Task Force Meeting. University of Pittsburgh Profile. Member of AAU Pittsburgh Campus

hayfa-phelps
Download Presentation

Public Key Infrastructure at the University of Pittsburgh

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring 2000 Task Force Meeting

  2. University of Pittsburgh Profile • Member of AAU • Pittsburgh Campus • 25,853 Students / 35% Graduate and Professional • 3,468 Faculty • 4,891 Staff • Heavy Concentration of Graduate and Professional Programs • High Level of Research, Large Medical Complex • Regional Campuses (4) • 6,420 Undergraduate Students • 378 Faculty • 440 Staff

  3. Information Technology Strategic Plan • Three Year Plan – Fiscal Years 2001-2003 • Focus on: • Infrastructure • Computing Equipment and Facilities • Support • Emphasis on Defining Appropriate Locus of Responsibility • Technology Planning Fully Integrated into Academic Planning

  4. Infrastructure • Support vBNS and Abilene Networks • Transitioning to Gigabit Ethernet Backbone • Kerberos V4 authentication services • AFS for file serving • 26,500 Active Ethernet Ports

  5. Infrastructure (continued) • Student Access • 1900 Computers for Undergraduate Use • Ten campus computing labs • Specialized Labs • Calculus/Engineering • Chemical Engineering • Art History • Journalism • Residence Halls • 8006 Ports • E-mail Stations • 100 Planned Over Three Years

  6. Computer AccountsCurrent • Internally-developed accounts management database • 56,000 Active Accounts • Decentralized Management (1,500 administrators) • Limited Functionality • Not integrated with payroll and student information systems • Attribute changes difficult

  7. Computer AccountsFuture • Directory-Enabled Applications • Automatic Account Creation and Deletion • Centralized Administration • Development of Web-based Tools • Moving Toward Single-Sign-On

  8. Need for Security • Initially Looking at Options for: • Privacy Enhanced-E-mail • Access to Restricted Databases • File Encryption • Digital Signatures • Immediate Need • e-Store

  9. e-Store • Closed In-house PC Center July 1998 • Implemented On-Line Computer Store August 1998 • Required Confirmation of University Affiliation • Multiple Options

  10. Options • Authentication Using Kerberos • Lack of vendor support for restricted databases • Development effort • Network Restrictions –IP-Based or Domain -Based • Difficult to maintain • Too Restrictive

  11. Options (continued) • Web-enabled Authentication • Insecure • Difficult to Maintain • Public Key Infrastructure • Limited Portability • Relatively New Technology

  12. PKI Solution Chosen • University Made a Decision to Adopt PKI • Met Immediate Need • Provided Interoperability • Provided Extensibility • Industry Adoption Anticipated • Implementation Decision: • In-House Certification Authority • Outsourced Certification Authority • Hybrid Model

  13. PKI Solution Chosen (continued) • In-House Certification Authority • Internal Effort • Full Control • No Trust Beyond University • Inadequate Facilities and Expertise • Outsource Certification Authority • Implicit trust • Secure Facilities • Simplified Implementation • Interoperability

  14. PKI Solution Chosen (continued) • Hybrid Model – Chosen • Provided Advantages of Outsourced and In-House Certification Authorities • Provided Local Control while Maintaining Implicit Trust • Provided Fastest Implementation • Few Vendors Offering Solution

  15. Selection of VeriSign • Leading Provider of Internet Trust Services • 3.9 Million Digital Certificates Issued to Individuals • 215,000 Web Site Digital Certificates Issued • Strategic Relationships with Industry Leaders • Provided High Level to Technical Support • Responsive to Needs of the University

  16. VeriSign at the University of Pittsburgh • Hybrid Solution Implemented • Manual Administration • Auto Administrator Feature Planned • Automate verification process • Local Hosting • Customized Web-Interface • 50,000 Co-branded Certificates

  17. University of Pittsburgh OnSite Architecture

  18. Current Uses • e-Store • Primarily used by Students and Faculty for Personal Purchases • Department Administrators for University Purchases • E-mail Signing and Encryption • Used with Supported E-mail Clients (Outlook, Netscape)

  19. Challenges • End User • Limited Portability • Resistance to Adopting New Technology • Vendors • Slow adoption of PKI • Pitt Environment • Integration with Legacy Administrative Applications • Business Practice Changes • Cost of Smartcard Solution

  20. Future Implementations • Integration with Enterprise Level Directory • CDS Development Underway • Early Adopters Program • New Administrative Projects • Human Resources / Payroll • Financial Information System • Institutional Advancement • Enhancing Legacy Systems • Integration with Smartcards • Access to Restricted Databases • Integration with E-Commerce

  21. Questions ? • Presentation Available Online: • http://www.pitt.edu/~packr • E-mail: • robert.pack@pitt.edu Robert F. Pack Vice Provost Academic Planning and Resources Management 809 Cathedral of Learning University of Pittsburgh Pittsburgh, Pennsylvania 15260

More Related