the mit ca experience
play

The MIT CA Experience Jeffrey I. Schiller Massachusetts Institute - PowerPoint PPT Presentation

Mar 03, 2023 •425 likes •576 views

The MIT CA Experience Jeffrey I. Schiller Massachusetts Institute of Technology Jeffrey I. Schiller Page 1 EasyCert BOF 11/11/04 Introduction MIT Built its PKI in 1996 In the belief PKI would take over the world I'm still

  1. The MIT CA Experience Jeffrey I. Schiller Massachusetts Institute of Technology Jeffrey I. Schiller Page 1 EasyCert BOF 11/11/04

  2. Introduction • MIT Built its PKI in 1996 – In the belief PKI would “take over the world” • I'm still waiting... – We have about 40,000 “live” certificates – Over 1.6 Million issued since 1996 – Originally were v1 certs, now v3 certs • Major Application: Web Authentication Jeffrey I. Schiller Page 2 EasyCert BOF 11/11/04

  3. Buy vs. Build • Vendor solutions were (are) complex and expensive • Notion of charge per certificate – Non trivial charge per certificate • Build: Fixed cost of software development – Not a function of number of certificates – Flexibility to have many certificates per user Jeffrey I. Schiller Page 3 EasyCert BOF 11/11/04

  4. Technology Requirements • Easy to Use • Cost Effective • Incrementally Deployable Jeffrey I. Schiller Page 4 EasyCert BOF 11/11/04

  5. Easy to Use • We are slaves to the Browser Vendors – We support Netscape, Mozilla, IE and Safari – We work around the largest problems • Biggest Problem: Exporting Certificate and associated keys to import into another system – Work Around: Obtain multiple certificates – Works because we only do Web authentication Jeffrey I. Schiller Page 5 EasyCert BOF 11/11/04

  6. Cost Effective • Home grown software doesn't have a cost per certificate • “Standard” Support costs that you expect from any software product – Actually, not that bad, we issue ~ 1,000 new certificates (freshman) each summer with ~ 10-20 problems Jeffrey I. Schiller Page 6 EasyCert BOF 11/11/04

  7. Incremental Deployment • Not all applications at MIT use Certificates yet – But we encourage their use • 99.9% of Students have certificates • 66% of Faculty and Staff have certificates – This number will go up as applications they must use are converted (from paper!) Jeffrey I. Schiller Page 7 EasyCert BOF 11/11/04

  8. MIT CA Implementation • Up to version 3 • First two versions based on Java and Cryptix toolkit – Version 1: servlet – Version 2: jsp • Version 3 about to be deployed – Based on Python front end to openssl • Does not “fork” scalable implementation Jeffrey I. Schiller Page 8 EasyCert BOF 11/11/04

  9. Registration Procedure • Certificates obtained by authenticating to CA website with Kerberos name, password and MIT ID Number • Kerberos name is issued via a “Coupon” with six word secret – Only valid for initial account creation and can only be used once – Coupon mailed to students during the Summer – Website permits authorized staff to create duplicate PDF file for students who lose it Jeffrey I. Schiller Page 9 EasyCert BOF 11/11/04

  10. Tips • Revocation is rarely if ever asked for – We do not encode authorization into certificates • Most people don't know when they are compromised, so they don't request revocation • May have to deal with this soon Jeffrey I. Schiller Page 10 EasyCert BOF 11/11/04

  11. Certificate Lifetimes • All certificates issued prior to June expire July 31 st • In mid June we advance the “dead date” further 1 year • Certificates issued to freshman from off-campus computers expire on September 1 st – So they don't leave them on their parent's computer Jeffrey I. Schiller Page 11 EasyCert BOF 11/11/04

  12. Services Offered • Web Authentication – Student Registration – Employee HR “Self Service” • Health care enrollment etc. – On-line purchasing • Partners accept our certificates – Many others Jeffrey I. Schiller Page 12 EasyCert BOF 11/11/04

  13. What we do not have • A Certificate Practice Statement • A Certificate Policy Statement • In “practice” no one in the “real world” (read: not the government) cares • Biggest issue with outside vendors is helping them get infrastructure setup • It is always more secure then issuing names and passwords Jeffrey I. Schiller Page 13 EasyCert BOF 11/11/04

  14. Future • S/MIME Support – Challenge due to multiple certificates and key escrow issues – Most S/MIME implementations store encrypted messages in the original encryption key • This is probably a bad idea – Encrypted mail is more important to us then signed mail Jeffrey I. Schiller Page 14 EasyCert BOF 11/11/04

Recommend

The Candidate Experience What is Candidate Experience? Candidate Experience How job seekers

The Candidate Experience What is Candidate Experience? Candidate Experience How job seekers

The Candidate Experience What is Candidate Experience? Candidate Experience How job seekers perceive an organizations recruitment process This includes everything from initial sourcing, recruiting, interviewing, hiring, and even

537 views • 31 slides
THOUGHT> thought > experience > thought > experience > thought >

THOUGHT> thought > experience > thought > experience > thought >

THOUGHT> thought > experience > thought > experience > thought > experience> behavior 69 Experience: the totality of cognitions given by perceptions 70 Perception: a single unified awareness derived (via thought) from

815 views • 26 slides
Work Experience Work experience This will be completed by all Y12 students on 22-26 th June

Work Experience Work experience This will be completed by all Y12 students on 22-26 th June

Work Experience Work experience This will be completed by all Y12 students on 22-26 th June 2020 What is work experience? Work experience in an unpaid voluntary short term work placement. It usually involved shadowing another person and

320 views • 19 slides
User Experience for Business Analysts Parker Malenke What is User Experience Design? Users An

User Experience for Business Analysts Parker Malenke What is User Experience Design? Users An

User Experience for Business Analysts Parker Malenke What is User Experience Design? Users An Experience But is it Designed? UXD is the purposeful construction of a complete experience Journey Mapping Long Term Value Adoption

528 views • 34 slides
EXPERIENCE THE ESSENCE OF BALI Experience a truly Balinese way of life in one of our seven

EXPERIENCE THE ESSENCE OF BALI Experience a truly Balinese way of life in one of our seven

EXPERIENCE THE ESSENCE OF BALI Experience a truly Balinese way of life in one of our seven exclusive guest rooms located in the heart of rural Manggis. One the original family compound, this property was re-designed for our guests who have a

167 views • 16 slides
Connecting with stakeholders to improve the student experience Improving the student experience

Connecting with stakeholders to improve the student experience Improving the student experience

Connecting with stakeholders to improve the student experience Improving the student experience We restore the student experience by resolving individual complaints from international students We help private education providers make

172 views • 14 slides
UCFSD Transportation Annual Report 17-18 Student Experience Department Experience Financial

UCFSD Transportation Annual Report 17-18 Student Experience Department Experience Financial

UCFSD Transportation Annual Report 17-18 Student Experience Department Experience Financial Experience Student Experience: Who do we serve? Public Non Spec Public Ed Schools 6 35 21 Students 4,131 295 37 Student Experience: Ride

121 views • 10 slides
an extraordinary experience INTRODUCTION Dinner in the Sky is an extraordinary experience with a

an extraordinary experience INTRODUCTION Dinner in the Sky is an extraordinary experience with a

an extraordinary experience INTRODUCTION Dinner in the Sky is an extraordinary experience with a culinary touch which allows people to dine at over 100 feet in the air, where ever they want: in the city or in the country side, on sports grounds

331 views • 9 slides
Practical Experience with Practical Experience with Practical Experience with Practical

Practical Experience with Practical Experience with Practical Experience with Practical

Practical Experience with Practical Experience with Practical Experience with Practical Experience with performance monitoring performance monitoring performance monitoring performance monitoring Ryszard Jurga CERN openlab March 29, 2006

577 views • 24 slides
EXPERIENCE E VIBRANT WATERSIDE SOPHISTICATION Experience the 5-star Sofitel welcome from the

EXPERIENCE E VIBRANT WATERSIDE SOPHISTICATION Experience the 5-star Sofitel welcome from the

EXPERIENCE E VIBRANT WATERSIDE SOPHISTICATION Experience the 5-star Sofitel welcome from the striking porte-cochere. Life is Magnifique in Sydney! A hotel that artfully combines French elegance with local culture to create exceptional

241 views • 23 slides
The Patient Experience Journey: Strength Based Approach Sue Murphy RN, BSN, MS Chief Experience

The Patient Experience Journey: Strength Based Approach Sue Murphy RN, BSN, MS Chief Experience

The Patient Experience Journey: Strength Based Approach Sue Murphy RN, BSN, MS Chief Experience Officer Patient Experience and Engagement Program June 6, 2019 Learning Objectives Role of Chief Experience Officer Vision of Patient

501 views • 23 slides
US US FD FDA Experience Experience in in the the Re Regulatory Applic Applicatio ion of of (Q

US US FD FDA Experience Experience in in the the Re Regulatory Applic Applicatio ion of of (Q

US US FD FDA Experience Experience in in the the Re Regulatory Applic Applicatio ion of of (Q (Q)S )SAR AR Naomi L. Kruhlak, Ph.D. Division of Applied Regulatory Science Office of Clinical Pharmacology Office of Translational Sciences FDAs

447 views • 43 slides
EXPERIENCE Experience DYouville is a collection of opportunities that prepares students for

EXPERIENCE Experience DYouville is a collection of opportunities that prepares students for

EXPERIENCE Experience DYouville is a collection of opportunities that prepares students for college and upskills the community. Some of these experiences can be built into MOUs with local organizations and schools in order to form deeper

280 views • 4 slides
Good judgment comes from experience. Experience comes from bad judgment. Nasrudin

Good judgment comes from experience. Experience comes from bad judgment. Nasrudin

Operational Experience Feedback and reliability data Eric Marsden <eric.marsden@risk-engineering.org> Good judgment comes from experience. Experience comes from bad judgment. Nasrudin data probabilistic model event

647 views • 25 slides
S9884 USER EXPERIENCE IS KEY TO VDI SUCCESS, COLOR ACCURACY IS THE KEY TO USER EXPERIENCE Nachiket

S9884 USER EXPERIENCE IS KEY TO VDI SUCCESS, COLOR ACCURACY IS THE KEY TO USER EXPERIENCE Nachiket

S9884 USER EXPERIENCE IS KEY TO VDI SUCCESS, COLOR ACCURACY IS THE KEY TO USER EXPERIENCE Nachiket Karmakar Sr. Performance Engineer - NVIDIA SESSION TARGET Why is it key to choose the right protocol to get the best user experience CITRIX

334 views • 29 slides
Week 6 User Experience Interactive Process & Practice Design User experience is something

Week 6 User Experience Interactive Process & Practice Design User experience is something

Spring 2018 ar589.github.io Week 6 User Experience Interactive Process & Practice Design User experience is something you design. Useful Factors Usable Desirable that influence Valuable user Findable Accesible experience

672 views • 48 slides
Sustainable microfinance: Sustainable microfinance: international experience international

Sustainable microfinance: Sustainable microfinance: international experience international

Sustainable microfinance: Sustainable microfinance: international experience international experience international experience international experience Nataliya Mylenko World Bank April 28, 2010 1 2.7 billion people (70% of adult

121 views • 11 slides
NHFD the Manchester Royal Infirmary experience Infirmary experience Dr Marie Hanley

NHFD the Manchester Royal Infirmary experience Infirmary experience Dr Marie Hanley

NHFD the Manchester Royal Infirmary experience Infirmary experience Dr Marie Hanley Consultant Physician and Orthogeriatrician The New Hospital Development NHFD The MRI experience Introduction How we became involved Data

367 views • 21 slides
Toward an International and Inclusive Learning Experience: Approaches to Assessment Design

Toward an International and Inclusive Learning Experience: Approaches to Assessment Design

Toward an International and Inclusive Learning Experience: Approaches to Assessment Design Patrick Leung Centre for Applied English Studies The University of Hong Kong Contents Experience Reflective Outcomes Process Concrete Experience

526 views • 13 slides
EXPERIENCE PROTOTYPING Point of Views | How Might Wes | Experience Prototypes TEAM MEMBERS Po

EXPERIENCE PROTOTYPING Point of Views | How Might Wes | Experience Prototypes TEAM MEMBERS Po

EXPERIENCE PROTOTYPING Point of Views | How Might Wes | Experience Prototypes TEAM MEMBERS Po Tsui Bonnie Nortz Jenny Kim Grace Hong EDUCATING EMPATHY INITIAL POV We met Sandy, mother, soccer coach, and Intuit employee We were amazed

422 views • 16 slides
AGE* 13 YEARS OF AGE AND OLDER PREVIOUS GAME EXPERIENCE* NA PREVIOUS CERTIFICATION EXPERIENCE*

AGE* 13 YEARS OF AGE AND OLDER PREVIOUS GAME EXPERIENCE* NA PREVIOUS CERTIFICATION EXPERIENCE*

GRASSROO SSROOT T CER ERTIFIC FICATIO ATION N REQ EQUIREM REMEN ENTS ENROLLMENT REGISTRATION AGE* 13 YEARS OF AGE AND OLDER PREVIOUS GAME EXPERIENCE* NA PREVIOUS CERTIFICATION EXPERIENCE* NA TRAINING ONLINE + IN-PERSON GRASSROOTS

332 views • 19 slides
Reimagining the Automotive Consumer Experience FEBRUARY 2020 1 Todays experience needs to

Reimagining the Automotive Consumer Experience FEBRUARY 2020 1 Todays experience needs to

Reimagining the Automotive Consumer Experience FEBRUARY 2020 1 Todays experience needs to evolve! 36% of consumers are very satisfied with their vehicle dealership 1 of dealers agree they 89% must find alternative ways to sell and

431 views • 30 slides
Demystifying the Clinical Fellowship Experience and 4 th Y ear Experience S ession Reminders:

Demystifying the Clinical Fellowship Experience and 4 th Y ear Experience S ession Reminders:

Demystifying the Clinical Fellowship Experience and 4 th Y ear Experience S ession Reminders: Please silence your cell phones Email nsslhaexp@asha.org for all session handouts Complete your session evaluation form & leave it

620 views • 42 slides
2015 & Beyond Build a company that focuses on the customer experience Experience Design

2015 & Beyond Build a company that focuses on the customer experience Experience Design

2015 & Beyond Build a company that focuses on the customer experience Experience Design Company Theres no longer any real distinction between business strategy and the design of the user experience Harvard Business Review -

389 views • 12 slides

More recommend