Transcript Wisconsin Case Study

The Unique Challenges of Rolling
Out a PKI in the U.W. Academic
Environment
Nicholas A. Davis
Overview
• Eric Norman spoke about how the U.W. has
protected its top level Root CA.
• Nick will speak about the challenges
associated with bringing production quality
PKI functionality to the U.W. academic
environment.
Agenda
• Nick’s background with PKI and associated
Public Key technologies.
• The U.W. end user environment
• The Requirements gathering process
• The specific PKI issues we are facing at the
U.W.
• Our goals
• Q&A
Nick’s
Background with
PKI
• Spent the last 3 years as the PKI Administrator, EBusiness Server (McAfee PGP) Administrator,
and Remote User Authentication Administrator at
American Family Insurance
• Very familiar with Entrust
• Managed the PKI needs of 6000 corporate users
• Joined U.W. Division of Information Technology
in April 2004 as PKI Program Manager
The U.W. End User
Environment
• OS Environment at the U.W. is the opposite of
my corporate experience. To use the term
“varied” is an understatement. Windows 95, 98,
ME, 2000, XP and of course, a smattering of
Windows 3.1, Macintosh of all flavors, Linux,
OS/2, Free BSD, and others
• Administration is highly decentralized.
• User skill level is highly varied
• User degree of devotion to their OS and
associated applications fills the entire spectrum
from passive to fanatical
The Requirements
Gathering Process
• Why bother with requirements gathering?
– “The customer knows best”
– Helps to educate our potential user community.
– Gives them a sense of having true involvement
with the end product
– Gives us clear, stated milestones to assist us in
rolling out our PKI
– Last but not least, helps to settle internal PKI
team debate
The Requirements
Gathering Process
(Continued)
• Our requirements gathering process is made of:
– Education
– “Advertising” the virtues of PKI to the user
community
– Soliciting input from our “customers” in the form of
both closed and open ended questions
– Formulating a results “summary” and “next steps”
document for management consideration
The Specific PKI Issues
We Are Facing at the
U.W.
• “To sign or not to sign?” – that is the first question
• Will we focus on server certificates, user certificates, or
both?
• What will the certificates be used for? Authentication,
Signing, Encryption, VPN, securing websites?
• Who do the end user certificates belong to?
• Will we perform Private Key Escrow?
• How will the system be administered and how will end
user needs be managed?
• What Operating Systems and Applications will we
support?
Our Goals
• Most importantly, a PKI which is endorsed
by users on campus, widely used and meets
end user needs.
– In order to meet these goals, the PKI MUST be:
• Secure, at least to industry standards
• Manageable
• Compatible with the needs and desires of end users
• Flexible
• At a tolerable dollar cost for the U.W.
All questions and suggestions are welcome!
Thank You!
Nicholas A. Davis
[email protected]