1 / 12

NIH-EDUCAUSE PKI Interoperability Project

NIH-EDUCAUSE PKI Interoperability Project. Electronic Grant Application With Multiple Digital Signatures. Peter Alterman, Ph.D. Director of Operations Office of Extramural Research. The Problem.

evania
Download Presentation

NIH-EDUCAUSE PKI Interoperability Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIH-EDUCAUSE PKI Interoperability Project Electronic Grant Application With Multiple Digital Signatures Peter Alterman, Ph.D. Director of Operations Office of Extramural Research

  2. The Problem • NIH receives roughly 40,000 applications for new grants annually. Each application averages 125 pages and five copies are required to be submitted. Multiply that times 40,000: we receive an average of 25 million pages a year! • While NIH has been developing strategies to convert paper to electronic processes, good solutions to the problem of electronic signature implementation have been lacking. • Institutions are busy deploying PKIs and issuing digital certificates to their faculties and staffs and they want to use those credentials to do business with the government and with each other.

  3. Project Goals • Receive grant applications in electronic form signed with two different, validated, digital certificates each • Use digital certificates issued by Institutions • Demonstrate interoperability among four different CA vendors’ products, including two different PKI service providers

  4. HEBCA E-Lock Assured Office Digital Signed Grant Appl Certificate Validation University A NIH OER Mail Server University A FBCA Internet Certificate Validation University B E-Lock Assured Office Digital Signed Grant Appl University B NIH CAM Server with DAVE Certificate Validation University C Cert Status NIH OER Recipient E-Lock Assured Office Digital Signed Grant Appl E-Lock Assured Office Digital Signed Grant App. University C E-Lock Assured Office CAM-enabled Cert Status Project Concept of Operations (CONOPS)

  5. Project Accomplishments to Date • Successful demonstration of bridge-to-bridge interoperability • Receipt of digitally-signed electronic submissions from UAB, UWM and Dartmouth with.. • Successful validation of digital signatures from 3 CA vendors - RSA, iPlanet and Entrust, respectively, using.. • Software developed for the task (DAVE). • In other words, it works! • Project received the Management and Leadership Best Practices Award from the Potomac Forum and an E-Gov Pioneer Award.

  6. Reusable Infrastructure Developed By The NIH-EDUCAUSE PKI Project • Bridge-to-Bridge Interoperability Infrastructure • Certificate Path Discovery Software • Support for LDAP directory chaining protocols and LDAP – X.500 directory interoperability • Interoperability among multiple CA products (RSA, Entrust, iPlanet)

  7. Implications for PKI-enabling Other Agency and Institution Applications • Robust infrastructure supports secure inter-domain information exchange • Focus on PKI-enabling local applications rather than on building cross-PKI communications • Allows organizations to choose from among many vendors • Relying parties do not have to issue, and manage, digital credentials

  8. Next Steps Planned • Automate receipt; verification and validation of digital signatures; archiving of signature data with signed validity assertion • Automate return receipt notification • Complete interoperability demonstration with VeriSign • Encrypt email carrying signed attachments to ensure privacy • Add new universities/colleges to pilot • Add State CAs and Federal Agency CAs

  9. Lessons Learned • Solving directory issues is the key to interoperability • No vendor’s X.509v3 certificates are like any other’s • Protocols for everything are in flux • There are NO show-stoppers

  10. University of Texas - Houston  Participating Institutions

  11. Participating Companies and Organizations

  12. For More Information • Project Report in the Workshop Proceedings • Peter Alterman: peter.alterman@nih.gov • Steve Worona: sworona@educause.edu • Deb Blanchard: dblanchard@trustdst.com • Monette Respress: mrespres@mitretek.org

More Related