90 likes | 108 Views
Get insights on the current state of Federal PKI, FIPS 201 trends, pending issues, and how it affects you. Learn about shared service providers, e-Authentication, and FIPS 201 mandates. Stay informed to navigate the evolving landscape effectively.
E N D
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority
Agenda • Current state of the Federal PKI • Bridge-to-Bridge Update • FIPS 201 and Chicken Little • Pending Issues • Why this matters to You
Simplified Diagram of Federal PKI Federal Bridge CA Cross- Certified gov PKIs Common Policy CA Shared Service Provider PKIs (Common Policy OID And root Cert) C4 CA E-Gov CAs (3) Cross- Certified External PKIs eAuth CSPs ?
Federal PKI: Summary • No architectural changes in last 6 months – stable • Closure near on path discovery/path validation tools and services • Cross-certification approved with first commercial partner – Wells Fargo Bank, and near with Boeing • New Federal Bridge CP adopted in RFC 3647 format incorporating Medium Hardware LOA • New Federal Certificate Profile adopted requiring populating AIA or SIA fields • Most of the work diverted to HSPD-12 implementation
Federal PKI: Shared Service Provider Update • New High Assurance Policy for Common Policy CA approved • One new Shared Service Provider approved and two others in process • No new self-signed Agency PKIs allowed unless waiver granted from OMB.
Federal PKI and EAuthentication • PKI required for Levels 3 & 4 • EAuth management still clueless about integrating PKI into operational vision • Therefore, focusing on LOA 1 & 2 with SAML as transport
Bridge to Bridge Update • Policy roadblock (citizenship of trusted operators) surmounted by creating “commercial best practice” policies at Medium and Medium Hardware LOA • FBCA reserves High Assurance cross-certification for governments only • SAFE bridge (pharmaceutical) operational • Certipath bridge (aerospace) open for business before 12/31 – already in technical interoperability testing with FBCA • HEBCA aiming for Medium Hardware cross-certification with FBCA; USHER aiming for ??
FIPS 201 and Chicken Little • FIPS 201 mandates both identity proofing standards and PKI on a SmartCard for all feds and inside contractors • Identity Proofing standard required 10/05 of ALL federal agencies; security checks of all new hires; over next 12 months, security checks of all employees and contractors. Huge $$ and bottlenecks expected. • SmartCard standards in place but incomplete. No products yet available. Middleware also playing catch-up. Both promised for 2Q06. • Agencies stunned and busy playing catch-up with little money to implement. Meteorologists predict a blast of hot air followed by a blizzard of meaningless but expensive paper. A blessed few will succeed, making everybody else look inept. Blame will be spread wide.
Discussion altermap@mail.nih.gov