Higher Education Bridge Certificate Authority (HEBCA) Project Progress

Fed/Ed June 2005

2

HEBCA Project• What is it?

– The HEBCA Project being undertaken by Dartmouth College includes all activities related to the instantiation and operation of a production-level Public Key Infrastructure (PKI) Bridge Certificate Authority for the Higher Education community.

3

HEBCA Project

• What’s been done in last 6 months?– Policy Authority formed– A slew of documents (required for Audit sign-off prior to

production roll out) have been drafted• Certificate Practices Statement• Certificate Profiles• Interoperability Guidelines• Criteria and Methods• Business Continuity and Disaster Recovery Plan• Base Memorandum of Agreement (MOA)

– HEBCA Test infrastructure instantiated at Dartmouth– HEBCA Test cross-certified with the Prototype FBCA

4

HEBCA Project• What’s been done in last 6 months?

– Establishment of the HEBCA.ORG domain – Auditors for pre-operational compliance engaged– Technical Interoperability completed with FBCA– HEBCA Production infrastructure completed (imminent

deployment)• AirGap solution constructed & operational

– HEBCA/USHER Synergies project proposed, accepted and under way

– Presentations on HEBCA concepts, progress, and related projects or participation in panel discussions at 5 different industry conferences / workshops

– Participation in industry workgroups ( Path-Val, I-CIDM, FBCA CPWG, HEBCA PAWG, OSG TG-Sec, TAGPMA, HEPKI-TAG, IIWG)

5

HEBCA Project• Issues Encountered and Solutions Implemented

– Discovery of a vulnerability in the protocol for indirect CRLs

• Will now use Issuing CA to sign CRLs

– How to construct a high availability online service based on an offline infrastructure (to mitigate risk) all on a shoestring budget

• Our AirGap Solution was constructed for under $100 in parts

– FBCA requirement for US citizenship of “trusted roles” personnel prior to cross-certification

• Participation in industry collaborative process which appears to have generated a workable solution

6

HEBCA Project• What’s on the Radar?

– Production HEBCA infrastructure deployment– Creation of the HEBCA keys– CPS to CP Audit– Operational Processes and Procedures Audit– HEBCA is live– Cross-certification with UVA– Cross-certification with Dartmouth College– Cross-certification with FBCA– USHER deployment– USHER cross-certification

7

HEBCA Project• Other Projects in the mix

– USHER infrastructure instantiation

– Dartmouth PKI token roll-out

– NIH-EDUCAUSE PKI Interoperability Pilot• Digitally Signed XML Forms

– PESC Standard based Transcripts

– SF-424 Grant Applications

– ED1049 Eligible Institutions

– HHS grappling with PKI on the Apple platform

– GRID Computing

– Lionshare

– SHIB/eAUTH

– Security in Mobile Wireless Networks

8

For More Information• Dartmouth PKI Summit

– July 25-27 on Dartmouth College Campus, Hanover, NH

– Website: http://www.educause.edu/PKI05

9

For More Information• HEBCA Website:

http://webteam.educause.edu/hebca/

Scott Rea - Scott.Rea@dartmouth.edu

Steve Worona - sworona@educause.edu