Credential Provisioning Workshop - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Credential Provisioning Workshop

Description:

Bernard Aboba, Microsoft. Bob Moskovitz, ICSA Labs. Charlie Kaufman, IBM ... Updates: are they needed, and how to handle? Revocation: is it needed, and how to handle? ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 18
Provided by: geoffw7
Category:

less

Transcript and Presenter's Notes

Title: Credential Provisioning Workshop


1
Credential Provisioning Workshop
  • November 17, 2002
  • Atlanta, GA
  • Sunday before IETF 55 Meeting

Rev D last update 11/8/02 These slides to be
included in Jesse and Russ section level slide
sets
2
Workshop Speakers(order of appearance)
  • Russ Housley, RSA Labs
  • Jesse Walker, Intel
  • Bernard Aboba, Microsoft
  • Bob Moskovitz, ICSA Labs
  • Charlie Kaufman, IBM
  • Thomas Hardjono, VeriSign
  • Tim Polk, NIST
  • Greg Nakanishi, Motorola

3
Desired Outcome
  • Agreement on problem and scope
  • Common understanding what has been done to-date
  • Determine what is needed (whether one or multiple
    items) and where each should be developed

4
Workshop AgendaTop Level
Finish By
  • Introduction
  • Scenarios overview scope and nature of the
    problem
  • Certificate profiles
  • Break
  • Certificate enrollment protocols
  • Underlying transport protocol
  • Next steps

10 min 65 min 45 min 10 min 65 min 15 min 30 min
715 PM 800 PM 810 PM 915 PM 930 PM 10 PM
5
Scenarios Overview - Scope and Nature of the
Problem
Finish By
  • Background
  • Scenarios opportunity
  • AAA provisioning with certificates
  • Radius provisioning
  • Requirements summary
  • Discussion
  • Outside scope headless devices with no secure
    storage for certs
  • Provisioning for which credentials (certs,
    symmetric keys, username/password, etc)
  • What is the authorization model

Jesse Walker Bernard Aboba Bob Moskovitz Jesse
Walker
625 PM 635 PM 645 PM 650 PM 715 PM
10 min 10 min 10 min 5 min 25 min
Jesse W, Charlie Kaufman
6
Discussion Problem Scope, Mechanisms
  • Outside scope headless devices with no secure
    storage for certs
  • Provisioning for which credentials (certs,
    symmetric keys, username/password, etc)
  • What is the authorization model

End time 715PM
7
Workshop AgendaTop Level
Finish By
  • Introduction
  • Scenarios overview scope and nature of the
    problem
  • Certificate profiles
  • Break
  • Certificate enrollment protocols
  • Underlying transport protocol
  • Next steps

10 min 60 min 45 min 10 min 65 min 15 min 30 min
715 PM 800 PM 810 PM 915 PM 930 PM 10 PM
8
Certificate Profiles
Finish By
  • Background
  • 802.11 certificate profile
  • WLAN certificate hierarchy TLS certificate
    profile
  • IPsec certificate profile
  • Discussion
  • How are authorization rights conveyed after
    authentication?
  • Attribute certificate use? Relationship to
    certificate profiles?
  • Should generic IPsec, TLS, and S/MIME
    certificates have subcategories for specific
    usage?

720 PM 730 PM 735 PM 800 PM
Russ Housley Thomas Hardjono Tim Polk
5 min 10 min 5 min 25 min
Russ H, Charlie Kaufman
9
Discussion Certificate Profiles Related Issues
  • How are authorization rights conveyed after
    authentication?
  • Attribute certificate use? Relationship to
    certificate profiles?
  • Should generic IPsec, TLS, and S/MIME
    certificates have subcategories for specific
    usage?

End time 8 PM
10
Break
  • We will resume at 810 (sharp)

11
Workshop AgendaTop Level
Finish By
  • Introduction
  • Scenarios overview scope and nature of the
    problem
  • Certificate profiles
  • Break
  • Certificate enrollment protocols
  • Underlying transport protocol
  • Next steps

10 min 60 min 45 min 10 min 65 min 15 min 30 min
715 PM 800 PM 810 PM 915 PM 930 PM 10 PM
12
Certificate Enrollment Protocols
820 PM 825 PM 830 PM 840 PM 845
PM 915 PM
Finish By
  • Background
  • Whats already out there (SCEP, CMC, CMP,
    PKCS10)
  • XKMS summary
  • DOCSIS and PacketCable Enrollment
  • Whats wrong with PIC
  • Lessons learned/summary
  • Discussion
  • Life cycle considerations
  • Is a common bootstrap certificate profile needed?
  • Updates are they needed, and how to handle?
  • Revocation is it needed, and how to handle?
  • Should an existing enrollment protocol be
    modified, or a new one developed?

10 min 5 min 5 min 10 min 5 min 30 min
Russ Housley Thomas Hardjono Greg
Nakanishi Bernard Aboba Russ Housley
Russ H, Charlie Kaufman
13
Discussion Certificate Enrollment Protocols
  • Life cycle considerations
  • Is a common bootstrap certificate profile needed?
  • Updates are they needed, and how to handle?
  • Revocation is it needed, and how to handle?
  • Should an existing enrollment protocol be
    modified, or a new one developed?

End time 915 PM
14
Workshop AgendaTop Level
Finish By
  • Introduction
  • Scenarios overview scope and nature of the
    problem
  • Certificate profiles
  • Break
  • Certificate enrollment protocols
  • Underlying transport protocol
  • Next steps

10 min 60 min 45 min 10 min 65 min 15 min 30 min
715 PM 800 PM 810 PM 915 PM 930 PM 10 PM
15
Underlying Transport Protocol
Finish By
  • Background
  • Summary of requirements
  • Discussion
  • Other requirements?
  • Does EAP satisfy these requirements?

920 PM 930 PM
Jesse Walker
5 min 10 min
Jesse W, Charlie Kaufman
16
Discussion Underlying Transport Protocol
  • Other requirements?
  • Does EAP satisfy these requirements?

End time 930 PM
17
Next StepsWhat New Work is Needed, and Where
Should It Be Done?
  • BIN list
  • Credential enrollment use models

End time 10 PM
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Credential Provisioning Workshop" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!