80 likes | 93 Views
This project presents recommendations and specifications for a smart card-based public key infrastructure in Finnish higher education, aiming for first implementations by 2002.
E N D
FEIDHE Electronic Identification in Finnish Higher Education A PKI Project A presentation at TERENA PKI-COORD meeting by Janne Kanner CSC / Funet Electronic Identification in Finnish Higher Education Janne Kanner
Project • The recommendations and specifications for a smart card based public key infrastructure in Finnish higher education. First implementations to be possible during 2002. • Collaborative project • all universities and polytechnics • student organizations from both sectors • virtual university and virtual polytechnic projects • CSC, the Finnish center for high-performance computing and networking Electronic Identification in Finnish Higher Education Janne Kanner
Basics • 1.6.2000 - 31.3.2002 • Project organization and personnel: • Steering group • Project group with 5 members, about 75 man months • Technical and service expert groups, 10-15 people • Funding: universities and polytechnics, CSC,ministry of education, ministry of transport and communications, total ~ 800 000 € Electronic Identification in Finnish Higher Education Janne Kanner
Background • Outsourced CA • National CA by Finland’s Population Register Centre • Commercial CA’s: Certall, NovoTrust, Sonera, ... • Legislation since 1999 • Wide acceptance in society(higher education, public and commercial sectors) • Identity card, student card, bank card, city card, ... • Plain certificates for identification(even email addresses controversial) • First motive to get rid of passwords and improve security,other motives new services throught the network,cost savings and streamlining of processes and practises Electronic Identification in Finnish Higher Education Janne Kanner
Work in progress • Looking into: CA, certificate, CP, CPS, registration, distribution • Testing and evaluating smart cards, card readers, client/server software, protocols/technologies etc. • How to integrate PKI into services, systemsand user management • Co-ordination of service development • Security issues and responsibilities • Legislation considerations, e.g. digital signatures, privacy issues • Marketing: what kind of a concept do the users want • Usability issues: cards, PKI, pilot services • Financing possibilites for implementationand plans for a bidding contest • Dissemination of information about PKI Electronic Identification in Finnish Higher Education Janne Kanner
9 Pilots • 30 people working in 8 higher education institutes • about 1000 persons piloting: students, lecturers, researchers, administrators, sysadmins, librarians • What are the components available(commercial, open source)? • How should it be implemented technically? • What parts need to be tailored in each HEI? • How much work is needed? • Does a large-scale implementation make sense(benefits and cost savings vs. work and price)? Electronic Identification in Finnish Higher Education Janne Kanner
Piloting • SSL client authentication: student registry, intranet, ... • Centralized web authentication (SSL and cookies) • Libraries: IP-proxy to article databases • Secure Shell logon • W2K logon: extra cert (w2k CA, OpenCA), VPN plug-in • Centralized user management for a university andintegrating PKI into it • Digital signature for administrative tasks(to reduce bureaucracy and paper work) • VPN connections for remote workers • Passage control in buildings • Unix/Linux PKI functionality (PC/SC, PKCS#11, PAM) Electronic Identification in Finnish Higher Education Janne Kanner
More information? • Something (but not very much) in english at http://hstya.funet.fi/hopefully pilot details etc. Q1 next year • Janne Kanner( janne.kanner@csc.fi, +358 9 457 2076 ) Electronic Identification in Finnish Higher Education Janne Kanner