PKI Unlocked

Summit and Workshop for Deploying PKI to End Users in Higher Education

Dartmouth College, Hanover, NH

July 13 – 15, 2004

 

Tuesday, July 13 (pre-workshop seminar) 1

Wednesday, July 14 Sessions 1

Thursday, July 15 Workshop. 2

 

This agenda is preliminary and subject to change.

Tuesday, July 13 (pre-workshop seminar)

Wheelock Room, 2nd Floor, Hanover Inn

12:30 Registration

1:00 Introduction to PKI and its applications in higher education

2:00 Hands-on PKI tutorial

  • Obtaining a certificate
  • Key stores and tokens
  • SSL Web authentication
  • S/MIME email (Outlook, Mozilla, Thunderbird)
  • Digital signatures in MS-Office
  • SYMPA email list manager (enroll, use)

4:00 Survey of issues to consider when deploying PKI

  • Outsource vs. run your own CA
  • Policies and practices
  • Private key protection for CA
  • Private key protection and portability for users
  • Escrow of private encryption keys
  • Identities and publishing certificates
  • CRLs: what they are and options

5:30 Adjourn

 

Hayward Lounge, Lobby Level, Hanover Inn

6:00 – 8:00 Reception for all attendees

Wednesday, July 14 Sessions

Wheelock Room, 2nd Floor, Hanover Inn

7:30 Continental breakfast/Registration

7:50 Welcome (Mark Franklin)

8:00 Case studies:

  • 8:00 HEBCA (Steve Worona/Scott Rea)
  • 8:30 UVA (Jim Jokl)
  • 9:00 Johnson & Johnson (Rich Guida)
  • 9:30 Wisconsin (Eric Norman/Nick Davis)

10:10 Break

10:30 Case studies (continued):

  • 10:30 UT Houston (Barry Ribbeck)

·       11:00 Federal/Higher Education collaboration (Peter Alterman)[MJF1] 

  • 11:20 USC (Shelley Henderson)

11:50 Lunch/Meet the developers

  • PKI Lab team and developers from case study institutions

1:30 Case studies (continued)

  • 1:30 OSAF Chandler/Westwood (Heikki Toivonen)

1:50 Activities and Projects

·       1:50 MIT (Jeffrey Schiller)[MJF2] 

·       2:20 OASIS PKI TC (Steve Hanna (Sun Microsystems), OASIS PKI Technical Committee Co-chair)

  • 2:40 Dartmouth (Bob Brentrup)
  • 3:00 PKI Lab user studies (Denise Anthony)

3:30 Break

3:50 Activities and Projects (continued)

  • 3:50 Open source CA in a box (Mark Franklin)

·       4:20 JDK and libpkix (Steve Hanna)

  • 4:40 GreenPass and Other PKI Lab R&D (Sean Smith)

5:00 Adjourn

 

Hayward Lounge, Lobby Level, Hanover Inn

6:00 Cocktails

7:00 Dinner, talk by Rich Guida on SAFE

Thursday, July 15 Workshop

Wheelock Room, 2nd Floor, Hanover Inn

7:30 Continental breakfast

7:50 Introduction[MJF3]  (Mark Franklin)

8:00 Panel Discussion/Workshop 1: Opportunities[MJF4] 

  • What are good applications for PKI in higher education?
  • What are short term opportunities?
  • Long term opportunities?
  • How can we use PKI to better secure the increasingly valuable network transactions we are all implementing?

9:15 Workshop 2: Obstacles[MJF5] 

  • What are obstacles to higher education institutions adopting PKI?
  • How have schools addressed these obstacles?
  • What obstacles still need addressing?

10:30 Break

11:00 Workshop 3: Working Together[MJF6] 

  • How can we band together to address obstacles and seize opportunities?
  • How can we help our colleagues at other schools with PKI?

12:00 Lunch

1:00 Workshop 4: Moving Forward

  • What will it take for PKI to really take off in higher education?
  • What parts of PKI are worth pursuing in higher education?
  • How do we secure resources in our institutions to deploy PKI?
  • How do we measure PKI ROI?
  • What would we like our vendors to improve?

2:30 Break

2:45 Workshop 4: Moving Forward (continued)

  • What open source software would help?
  • What applications are missing?
  • What specific actions should we take (both on campus and in collaboration with other schools)?
  • What message(s) would we like to send to others in higher education?

4:00 Adjourn

 

Last modified 7/8/04

 [MJF1]Actually part of Activities and Projects, but out of sequence to accommodate travel schedules.

 

 [MJF2]Actually part of Case Studies, but out of sequence to accommodate travel schedules.

 [MJF3]Define boundaries of what we mean by “PKI”.  Asymmetric key encryption with a focus on x.509 format and related tools and applications because that is what has widest adoption so far. The topics for today overlap and are circular, so the topic boundaries will blur.  Taking notes, publish conclusions.  Explain format a bit.

 [MJF4]Stronger  authN (including two factor and higher assurance registration)

Enable standards-based encryption between users

Enable improved business processes via digital signatures and the electronic transactions they enable

Inter-institutional transactions and trust

Federal and state governments

 [MJF5]Sociological issues (gotta be easy enough, need to enable legitimate delegation (without sharing credentials), mismatched expectations with value of what people are protecting with PKI (try to make their PKI perfect and unassailable)

 [MJF6]PUG, OASIS PKI TC, HEPKI-TAG

Influence vendors
Share experience (~deploypki web?)

Worona announce group purchase of certs?