Presented at PKI Meetings

Having PKI-authenticated applications is not enough. In this session, we will discuss how applications have been PKI enabled and how they have been accepted and used. You will hear from institutions that have implemented and maintain multiple applications that are PKI authenticated and are well accepted by their user community.

Password-based security is no longer enough for many kinds of sensitive data, with dual-factor authentication now a requirement under some legislation. In this session, you will find what some schools have been doing to address higher levels of authentication with multifactor devices that use PKI. The Aladdin eToken will be featured, demonstrating flexible deployment configurations (smartcard and USB form factors) on multiple operating systems, including the three most important to higher education: Linux (or some variant), Apple Mac (OS X and PowerPC chip sets), and Windows. We are specifically seeking schools to participate in a new user group to be formed around support of these eToken devices.

A level of assurance (LoA) refers to the degree of certainty that (1) a resource owner can assume a specific known physical person is associated with credentials issued by a registration authority, and (2) that physical person presented credentials before attempting to access the resource. The requirements for the level of certainty at both ends of that set of transactions should be driven by a risk assessment based on the value of the resources being protected. This session will describe the concept of LoA, outline its general components, and discuss how PKI can fit into a successful implementation of LoA.

Auditing is an important and necessary step for establishing trust among relying parities when running a CA, PKI, and IdM system. This session will discuss what implementers should have ready when establishing their PKI, what auditors will expect from implementers, and what auditors will provide to implementers. It will also offer some illustrative real-world scenarios. You'll hear from an auditor from a Big Four firm and the CIO of a PKI shop who worked with auditors.

Do you already have a grid-computing deployment on campus? Or do you have researchers who need to access grid-computing resources from high-performance computing centers around the globe? In this session, you will find out how to configure your CA to issue International Grid Trust Federation (IGTF)-compliant certificates and join over a hundred CAs currently certified under approved IGTF profiles. Hear real-life experiences from SURAgrid, see bridge PKIs in action, and learn how to leverage your campus PKI infrastructure to facilitate access to worldwide grid-computing efforts.

Deploying PKI can be complex and tricky, but more and more campuses are solving the technical and logistical problems and reporting positive outcomes. This session will feature representatives from three campuses where PKI has been successfully rolled out. They'll tell you how they did it.

From digital signatures to encrypted VPN sessions, PKI can only be successful if the computing community understands how to use it effectively. Cultivating this understanding requires careful planning, training, and even some creative motivational strategies. In this session, representatives from our host campus will describe how they met this challenge.

One of the first decisions facing campuses that have decided to deploy a PKI is whether to build their PKI in house, with the necessary personnel and infrastructure it entails, or to buy their PKI from a vendor, which can have a seemingly high sticker price. What are the driving factors behind this decision? How do you accurately assess all costs, both short- and long-term? How do you measure the benefits/ROI of a given choice? What signing options should you consider? Come to this session to participate in a discussion with panelists who have made decisions in each of these directions.