110 likes | 219 Views
Update: Federal Bridge and NIH-EDUCAUSE PKI Interoperability Project. Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health. Current Status of Federal Bridge. CA Products in Membrane Entrust (upgrading to v.6) Microsoft .Net CA RSA Baltimore
E N D
Update: Federal Bridge and NIH-EDUCAUSE PKI Interoperability Project Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health
Current Status of Federal Bridge • CA Products in Membrane • Entrust (upgrading to v.6) • Microsoft .Net CA • RSA • Baltimore • Interoperable with • VeriSign, DST • Entities Cross-certified • DOD, NASA, Treasury, USDA/NFC, ACES • Entities in Process of Being Cross-certified • State, Labor, Justice, Illinois, CANADA • Federal Bridge co-located with Federal Root • Will use CA product already in membrane • Federal Root will cross-certify with Federal Bridge at all assurance levels • Root CP derived from Bridge CP
Federal Bridge and e-Authentication Gateway • Federal Bridge serves as validation mechanism for e-Authentication Gateway when digital certificates are presented
Current Issues for FBCA • Path discovery and path validation in real-time: scaling, latency, etc. • Linking the application and user to the infrastructure (MS CAPI not ready for prime time) • Expanding directory services to include LDAP referrals
Phase Two (Cleanup) Status • Configuration Cookbook complete (ver. 1.0) • Prototype HEBCA operational at Mitretek • Prototype HEBCA moving to Dartmouth • Directory Services operational • Real-time path discovery operational
U N V E R S T Y HEBCA Internet CA @ College/University Federal Government Digitally Signed XML form. Digitally Signed XML form. Digitally Signed XML form. Digitally Signed XML form FBCA Applicant & cosigner Internal workflow I B M Agency Server Audit U N I V E R S I T Y Log College/University Validate certs Agency Back End Processing (future demo) Receipt message Receipt and Authorization Server XML form
Current Status of Interoperability Project Phase Three • XML document desktop reader/signer/validator application works on MS platform with IE & Netscape • FBCA-HEBCA interoperability works • Real-time path discovery and validation of iPlanet, VeriSign, DST certs demonstrated but cert and directory configurations are finicky. CAM 4.0 works but needs improvement • Automated validation, reply and signed archiving work
Universities Completing Successful Interoperability Testing • Dartmouth College – iPlanet • University of Alabama-Birmingham –Digital Signature Trust • University of Wisconsin-Madison – home-grown CA based on Open SSL • University of California – VeriSign • University of Virginia (based on Open SSL)- Pending • University of Texas-Houston Health Science Center (VeriSign) - Pending
Federal Agencies Adopting (or having shown interest in adopting) Elements of Interoperability Project (to date) • HHS • GSA/Federal Supply Service • NASA • Education
For Further Information • Peter.Alterman@nih.gov • Dblanchard@trustdst.com • Rweiser@trustdst.com • http://pki.od.nih.gov