PKI and Multi-level Authentication

I'm at an Educause confab in Snowmass this weekend. Today was the first day of a Public Key Infrastructure summit of the Identity Management Working Group. The PKI meeting today consisted of some interesting case studies from several universities and companies. Universities, particularly large ones (with 10's of thousands of students, faculty, and staff), have a significant challenge with scale (and thus cost!).

I was particularly impressed with the work done at the University of Wisconsin in evaluating various approaches to PKI and devices, such as USB keys, to hold credentials. (this was recently outlined in detail via an Educause online seminar. They looked at initial and 10-year costs of developing their own system from open source, developing their own system with commercial pieces, or partnering with key vendors to provide them with a solution. It turned out, when taking into account staff investment, that the vendor-partner solution was the most cost effective up front and over ten years.... and involved the shortest time to deploy a solution. The UW PKI Lab as well as collaborators at Dartmouth have done a good amount of investigation over the past few years in this area.

Given the difficulty in getting staff, faculty and students to buy into an extra device that they carry around, it was suggested the ideally the PKI vendors might consider developing toward the use of cel phones and iPods to hold credentials. (I thought this was a cool idea)

There were also overviews of Apple's approach to PKI and a presentation from Aladdin on the scale of the problem of identity theft in universities and labs. One of the innovative tools we are looking at within TeraGrid was discussed - the myVocs system from the UAB Advanced Technology Lab.

myVocs is a good example, along with Shibboleth and the Gridshib project, of technology that TeraGrid can leverage in a two-way partnership with campuses. This is, after all, where most of our users live and so we are seeking ways to lower barriers to their use of TeraGrid while (just as importantly) improving the security of our systems.

Tomorrow is a workshop where about 40 universities will be talking about how to work together to create cyberinfrastructure. More on that later this weekend.

(my location via Google Earth)


Post a Comment

<< Home