Embed Size (px)
Citation preview
Public Key Infrastructure at the University of Pittsburgh
Robert F. Pack, Vice Provost Academic Planning and Resources ManagementMarch 27, 2000
CNI Spring 2000 Task Force Meeting
University of Pittsburgh Profile
Member of AAU Pittsburgh Campus
– 25,853 Students / 35% Graduate and Professional
– 3,468 Faculty
– 4,891 Staff
– Heavy Concentration of Graduate and Professional Programs
– High Level of Research, Large Medical Complex
Regional Campuses (4)– 6,420 Undergraduate Students
– 378 Faculty
– 440 Staff
Information Technology Strategic Plan
Three Year Plan – Fiscal Years 2001-2003 Focus on:
– Infrastructure– Computing Equipment and Facilities– Support
Emphasis on Defining Appropriate Locus of Responsibility
Technology Planning Fully Integrated into Academic Planning
Infrastructure
Support vBNS and Abilene Networks Transitioning to Gigabit Ethernet Backbone Kerberos V4 authentication services AFS for file serving 26,500 Active Ethernet Ports
Infrastructure (continued)
Student Access– 1900 Computers for Undergraduate Use
• Ten campus computing labs• Specialized Labs
– Calculus/Engineering – Chemical Engineering– Art History– Journalism
– Residence Halls • 8006 Ports
– E-mail Stations • 100 Planned Over Three Years
Computer AccountsCurrent
Internally-developed accounts management database
56,000 Active Accounts Decentralized Management (1,500 administrators) Limited Functionality
– Not integrated with payroll and student information systems
– Attribute changes difficult
Computer AccountsFuture
Directory-Enabled Applications Automatic Account Creation and Deletion Centralized Administration Development of Web-based Tools Moving Toward Single-Sign-On
Need for Security
Initially Looking at Options for:– Privacy Enhanced-E-mail– Access to Restricted Databases– File Encryption– Digital Signatures
Immediate Need– e-Store
e-Store
Closed In-house PC Center July 1998 Implemented On-Line Computer Store
August 1998– Required Confirmation of University
Affiliation – Multiple Options
Options
Authentication Using Kerberos– Lack of vendor support for restricted databases– Development effort
Network Restrictions –IP-Based or Domain -Based– Difficult to maintain– Too Restrictive
Options (continued)
Web-enabled Authentication– Insecure– Difficult to Maintain
Public Key Infrastructure– Limited Portability– Relatively New Technology
PKI Solution Chosen University Made a Decision to Adopt PKI
– Met Immediate Need– Provided Interoperability– Provided Extensibility– Industry Adoption Anticipated
Implementation Decision:– In-House Certification Authority– Outsourced Certification Authority– Hybrid Model
PKI Solution Chosen (continued)
In-House Certification Authority– Internal Effort– Full Control– No Trust Beyond University– Inadequate Facilities and Expertise
Outsource Certification Authority– Implicit trust– Secure Facilities– Simplified Implementation– Interoperability
PKI Solution Chosen (continued)
Hybrid Model – Chosen– Provided Advantages of Outsourced and In-
House Certification Authorities– Provided Local Control while Maintaining
Implicit Trust– Provided Fastest Implementation– Few Vendors Offering Solution
Selection of VeriSign
Leading Provider of Internet Trust Services– 3.9 Million Digital Certificates Issued to
Individuals– 215,000 Web Site Digital Certificates Issued
Strategic Relationships with Industry Leaders
Provided High Level to Technical Support Responsive to Needs of the University
VeriSign at the University of Pittsburgh Hybrid Solution Implemented Manual Administration Auto Administrator Feature Planned
– Automate verification process
Local Hosting– Customized Web-Interface
50,000 Co-branded Certificates
University of Pittsburgh OnSite Architecture
Current Uses
e-Store– Primarily used by Students and Faculty for
Personal Purchases– Department Administrators for University
Purchases E-mail Signing and Encryption
– Used with Supported E-mail Clients (Outlook, Netscape)
Challenges
End User– Limited Portability
– Resistance to Adopting New Technology
Vendors– Slow adoption of PKI
Pitt Environment– Integration with Legacy Administrative Applications
– Business Practice Changes
– Cost of Smartcard Solution
Future Implementations Integration with Enterprise Level Directory
– CDS Development Underway– Early Adopters Program
New Administrative Projects – Human Resources / Payroll– Financial Information System– Institutional Advancement
Enhancing Legacy Systems Integration with Smartcards Access to Restricted Databases Integration with E-Commerce
Questions ?
Presentation Available Online:– http://www.pitt.edu/~packr
E-mail:– [email protected]
Robert F. PackVice ProvostAcademic Planning and Resources Management809 Cathedral of LearningUniversity of PittsburghPittsburgh, Pennsylvania 15260
