PKI @ USC 1
Historical Overview NMI Testbed v. 1 USCGrid USC Pub. Cookie USC Authx USC CA USC PGP Shibboleth 2
NMI Testbed r. 1 3
NMI Testbed Globus Toolkit Condor-G KX. 509 http: //www. nsfmiddleware. org/testbe d/testbed_status. asp 4
USCGrid 5
USCGrids require PKI host certs persistent service certs people certs http: //www. usc. edu/us cgrid 6
Pub. Cookie 7
Pub. Cookie Web. ISO Initial installation rocky but UMich very helpful Scheduled for its own server My second most favorite NMI component 8
USC Authx 9
USC Authx Grid-based authentication & authorization Web-based authentication & authorization http: //www. usc. edu/au thx 10
USC Authx Globus CA announces its impending shutdown Forced replacement of all host & persistent service certs Commercial CA, noncommercial CA, or build our own 11
The Checkered History of USC CA 12
USC Certificate Authority Large prominent grid user: Southern California Earthquake Center Need to have our certs accepted by entities, like SDSC, NPACI, PSC Build our own — how hard could it be? 13
USC Certificate Authority Quickly slapped up something called the USC CA using openssl Quickly realized that we didn’t know what we were doing Quickly realized we’d need to reconstitute the CA 14
USC Certificate Authority Wealth of information on running a certificate authority, sort of After review of existing information, decided to base our CA on PKI Lite Making KCA subsidiary to USC PKI Lite CA 15
USC Certificate Authority http: //middleware. inte rnet 2. edu/hepkitag/pki-litepolicy-practicescurrent. html http: //www. usc. edu/au thx/CA 16
USC Certificate Authority Recent “coming-ofage” incident 17
Email & Pretty Good Privacy 18
Email & PGP http: //www. usc. edu/isd /services/authx/service s/pgp. html http: //www. openpgp. o rg/about_openpgp http: //www. gnupg. org 19
Shibboleth 20
Shibboleth Scholar’s Portal Signet Whither Pub. Cookie? Grids 21
Stuff We’re Looking at Doing 22
Stuff We’re Looking At Nessus http: //www. nessus. org/ signed administrative email USC PKI Heavy CA WS-* 23
The USC Auth. X Group Asbed Bedrossian Phil Dibowitz Brian Mendenhall John Mullins Linda Savage Garrick Staples 24
Hardly The End shelley@usc. edu authx@usc. edu 25