HEPKI-TAG September 19th, 2005

*PKI Working Group Meeting*
Internet2 Member Meeting, Philadelphia
September 19, 2005

*Attendees*

Jim Jokl (chair) - Virginia
David Walker - UCOP
Kelly McDonald - BYU
Tom Scavo - NCSA
Mairead Martin - Wisconsin
Sanjay Kapur - Stony Brook
C.C. Chang - Academia Sinica
Denis Hancock - Missouri
Mike LaHaye - Internet2
Etan Weintraub - Johns Hopkins
Andy Baldwin - Johns Hopkins
Mike Grady - UIUC
Shumon Huque - Penn
Gordon Springer - Missouri
Stephen White - Missouri - St. Louis
John Hine - NGI-NZ
IJ Kim - Internet2
Steve Worona - EDUCAUSE
Renee Shuey - Penn State
Mark Miller - Penn State
Christian Fernau - Oxford
Jill Gemmill - UAB
David Merrifield - Arkansas
John Krienke - Internet2
Nick Lewis - Internet2
Barry Ribbeck - Rice
David Wasley - independent
Ben Chinowsky (scribe) - Internet2

*Discussion*

The meeting opened with a round of introductions. Most people were attending to get a general sense of where things are at with PKI. Jim introduced HEBCA (bridge topology, middleweight assurance procedure) and USHER (hierarchical topology, lightweight assurance based on existing campus procedures). Mapping to Federal Government Levels of Assurance is currently planned for HEBCA. An "USHER-Heavy", which would have procedures like those of the original USHER ("USHER-Lite") but add audit requirements, is also being contemplated; this would make mapping to the lowest Federal LoA possible for USHER also. John noted that the Australia / New Zealand pilot is planning to take an approach like that of USHER-Heavy. Renee noted that LionShare is now officially committed to using USHER. Some confusion was expressed about how HEBCA and the two varieties of USHER relate to each other and to the InCommon CA; Jim noted that a updated diagram of how everything fits together is in the works.

The group discussed audit requirements. Most campuses have uses for PKI that involve higher levels of assurance than can be offered without audits, but internal auditors lack the necessary technical know-how. Jim reported that a PKI audit "cookbook" is around 75% complete; there was strong interest in having this available as a resource on the campuses.

Steve Worona outlined EDUCAUSE's work on improving options for schools that want to buy certs instead of, or as well as, setting up their own PKIs. The EDUCAUSE Identity Management Services Program (http://www.educause.edu/imsp/) negotiates bulk purchases of certs; it just made its first deal this summer, with VeriSign. Worona stressed that the aim of this work is to enable campuses to get the best of both the do-it-yourself and commercial-certs approaches. Mairead Martin noted that getting certs into browsers is a major issue with the do-it-yourself approach; also, while this approach is cheaper once it's set up, it's more expensive to get started. Barry Ribbeck pointed out that a key factor in choosing whether to buy or issue certs is whether or not the users on your campus understand PKI well enough to make good decisions about which roots to trust.

Worona also noted the availability of dual-key certs (to separate signing and encryption keys without requiring separate certs) and triple-key certs (which add a self-identification function).