2
Program BenefitsProgram Benefits
A shared PKI infrastructure to promote interoperability among higher education institutions at a significantly reduced cost.
Cost effectively offer Educause member organizations ability to leverage one PKI system, contract vehicle, and a standard policy
Shared Educause Member CA and associated policy
Rapid Implementation
Cross-certification with HEBCA and FBCA for interoperability with other non-member Universities
Pre-negotiated and Standardize Contract (MSA) for Education
Leveraging buying power across all members
3
PKI OfferingPKI Offering
Managed PKI for SSL Global, Standard, and Intranet – SSL Certificates Issues from one control center.
– Each Member have it own Managed PKI for SSL Account.
Educause PKI – Each Member can leverage the Educause root CA but
has it’s own dedicated Sub-CA.– VeriSign Trust Network with use of Global Directory– Premium Options Include:
Key Management for Key Escrow Premium Validation - OCSP
– Gold Support Plan– 2 Admin Kits– Auto Enrollment Kit
4
VeriSign Managed PKI ServiceVeriSign Managed PKI Service
Core Managed PKI Service– Create and host enterprise Certificate Authorities (CAs)– Manage the lifecycle of digital certificates (i.e., approve,
issue, revoke, renew, recover and audit certificates)
MPKI Service Includes– VeriSign PKI services, support, maintenance, software
upgrades, and PKI system back-ups– VeriSign-supplied FIPS 140-1 Level 3 Certificate Signing
Unit (CSU)– Local Hosting Module– Automated Administration Hardware (Luna token and
reader) – Disaster Recovery for CA– Gold Support Plan – Including 90 day test Pilot System.– Service Level Agreements
5
Higher Ed PKI Architecture Proposal Higher Ed PKI Architecture Proposal #2#2
HEBCA
VeriSign Global Repository
VeriSign Class 2 PCA
VeriSign/Educause Member CA
University
of Texas
CA
FBCA
University #1
Sub CA
University #2 Sub CA
University #3 Sub CA
1) Interoperability via common VeriSign Root CA
2) All certificates posted in VeriSign global directory in addition to individual university directories
3) Common Educause member CA policy subordinate to VeriSign VTN policy-- Educause branding/site seal
4) Shared CA with keys stored on FIPS 140-1 Level 3 hardware. CA domain partitioned with each university having RA access over its piece of the CA domain.
5) Cross certification with HEBCA and FBCA at Shared CA level (Requires Sub CA Cert Profile reconfiguration and AUDIT of sub RA operations)
6
Questions?
Top Related