Transcript {*******z

The Trusted Network
· · · LEFIS PKI · · ·
2nd June, 2006 · Sofia
by Leonardo Catalinas · May 2006
<[email protected]>
Internet security today
 Simplest authentication methods and
unprotected data traffic implies:
✗ Poor user's confidentiality
✗ Poorly verified user's identity
✗ Unverified data integrity
What we can do?
 well-authenticated
access to resources
 Digital Signature
 private access which prevents non
related people to spy member's actions
Tools
 Use of Public Key Technologies to
increase security
 Our own PKI
✔ Open Source Software
✔ Interoperability
✔ Cross CA
✔ Secure and identified web access
✔ Signed documents
✔ Signed e-mail
.
PKI Design
 PKI Design…
 Trust based in APTICE CA
 Hierarchical
 Permits building multiple PKIs
 Capable of recognize other PKIs
 Cross Certification between PKIs
APTICE
Certification
Authority
Lays Trust
Base
signs
LEFIS
Subordinated CA
delegates
APTICE CA
Lays Trust Base
The
LEFIS
PKI
manages
LEFIS
PKI
Trust
ORG1
PKI
ORG2
PKI
Used
Trust
Trust
LEFIS
Registration
Authorities
PKI Enrollment
 But, how to get a LEFIS Certificate?
✔ PDF Guide in english
✔ CSR Generation Adv.
✔ Easy Web Interface
✔ Local Keys Generation
✔ Platform independent
LEFIS_MAN_EN_
ENROLL_LEFIS_PKI.pdf
LEFIS Web Site Aims
 Moodle
• Is a ‘CMS’
• WG Activities Support
• User’s communication
• Dynamic contents
• Workshops
• Tasks
• Wiki
 Public Side (Informative)
 Private Side (for validated
members)
LEFIS' Innovative idea
 Moodle + PKI = MoodlePKI
✔An extension designed and developed by ourselves
✔Makes Moodle able to identify users by their Certificates
✔Certificates can be easily obtained in our PKI public web page
✔We plan to recognize Certificates signed by other PKIs or CAs
Accessing The LEFIS Web Page
With a Digital Certificate