EEMA & “pkiC” Frank Jorissen Deputy Vice President, Utimaco Safeware AG Vice Chair, EEMA...
-
Upload
jade-parrill -
Category
Documents
-
view
219 -
download
2
Transcript of EEMA & “pkiC” Frank Jorissen Deputy Vice President, Utimaco Safeware AG Vice Chair, EEMA...
EEMA & “pkiC”
Frank JorissenDeputy Vice President, Utimaco Safeware AG
Vice Chair, EEMA ([email protected])
IDA - Meeting of National Security Experts on PKI Interoperability
WHAT IS EEMA?• A European, independent, non-profit forum • Formed 1987• Assisting Users, Vendors & Service Providers• Close to 250 member organisations
- “Vendors” including: Microsoft, IBM, Compaq, Alcatel, - “Vendors” including: Microsoft, IBM, Compaq, Alcatel, Siemens, Lotus, SAP, iD2, Entrust, GlobalSign, VeriSign, Siemens, Lotus, SAP, iD2, Entrust, GlobalSign, VeriSign, Baltimore, Bull, Identrus, Utimaco Safeware, BTBaltimore, Bull, Identrus, Utimaco Safeware, BT
- “Users” including Unilever, Reuters, Shell, Volvo, BP, Exxon, - “Users” including Unilever, Reuters, Shell, Volvo, BP, Exxon, ING Bank, Glaxo Wellcome, Hoffmann la Roche, ING Bank, Glaxo Wellcome, Hoffmann la Roche, AstraZeneca, SWIFT, ICC, UK Post, etc. AstraZeneca, SWIFT, ICC, UK Post, etc.
+ + Most PTO’s and Service ProvidersMost PTO’s and Service Providers
--> --> A major force in the growth of EU E- Business
EEMA Interest Groups
ICT Security initiatives:--> “PKI Challenge”--> “PKI Challenge”--> ECAF Model--> ECAF Model
--> ISSE2000 Conference--> ISSE2000 Conference--> EESSI Steering Group liaison--> EESSI Steering Group liaison
--> PKI Forum liaison (NEW !)--> PKI Forum liaison (NEW !) ......
+ Other E-business-related Interest Groups: Directories, Unified Messaging, Users, EDI / E-Commerce, Knowledge Management, Events & Marcom, Standards
WHAT IS “WEMA” ?• World Forum for electronic business• Virtual Composition of all “EMA’s” worldwide:
USUS: ‘EMA’: ‘EMA’Europe: ‘EEMA’Europe: ‘EEMA’Australia: ‘ECA Tradegate’Australia: ‘ECA Tradegate’Brazil: ‘BRISA’Brazil: ‘BRISA’Japan: ‘JEMA’Japan: ‘JEMA’Asia/Oceania: ’AOEMA’Asia/Oceania: ’AOEMA’Russia: ‘RANS’Russia: ‘RANS’
“Challenges”:a rich WEMA
Interoperability Tradition
• Since the early 90’s• On evolving technologies: X400, X500, SMTP, LDAP, S/MIME,
X.509,...• By “WEMA” organisations worldwide• EEMA + EMA (+... ?): PKI “Challenge showcases”, during the
period 1999-2002• EMA’s Challenge was demonstrated at last EMA Annual
Conference, April 2000
EMA “Challenge99/2000”=
FBCA
• “Federal Bridge CA” = a US Federal Gov’t effort to solve the practical interoperability problems between the PKI’s&PKA’s of various Federal agencies (GSA, NASA, NIST, DoD,…)
• This ad hoc solving of US Fed Gov’t PKI interoperability issues is narrower than what most vendors & users want:no “client to-CA/RA” interoperability
• Nevertheless the “Bridge CA” concept has strong merits for CA/domain - CA/domain interoperability in general !
• See http://csrc.nist.gov/pki/documents/emareport_20001015.pdf
pkiC Objectives:• Core Objective& Main Differentiator:
To provide a low-threshold, well-managed&funded test infrastructure,that will effectively enable PKI interoperability between many, global PKI&PKA vendors at the level of both PKI & PKA (=PKI-enabled apps)--> PKI “as an (open) operating system” for various PKA’s
• Based on stable standards, eg PKIX, CMP, X.509v3, S/MIMEv3,…;• Also considering EU-specific requirements (to the extent possible & reasonable in the period
2001-2002...):eg the European Electronic Signature Directive & the accompanying “EESSI standards” by ETSI and CEN/ISSS;
• To disseminate, demonstrate & promote ‘open’ results;• currently 3 strong liaisons: EESSI, TeleTrusT, PKI Forum
Crypto
Applications
Crypto
Applications
END ENTITY A END ENTITY B
COMMUNICATIONS
DirectoryServices
PKI A
CA
RARA
PKI B
CA
RA RA
I
X.509 V3X.509 V3
X.509 V3X.509 V3
II
CA
III
Scope of interoperabilityin C2K context:
Today’s Status
• Project accepted under the “Fifth Framework program” (FP5/IST) - all consortium members sign a contract with the Commission & get funding;
• Contract signature expected November/December
• ==> Project kick-off : NY 2001 ==> Project kick-off : NY 2001 Duration: 2 years Duration: 2 years
Phase 1: Project Infrastructure & Management
WP1: Project Co-ordination, management & QA WP2: produce scope and definition of the criteria for
interoperability of PKI products and services WP3: performing awareness activity & identifying
participants, negotiating and contracting with them. WP4: producing the detailed plan and specifications
for the interoperability tests WP5: building the test infrastructure
Phase 2: The Interoperability Testing
WP3 (part) - identifying potential participants, negotiating and contracting with them.
WP6 - performing the interoperability tests WP7 - demonstrating and disseminating the
results of WP6 at “ISSE2002” and “EBE2002” (= Annual EEMA) Conference. Perhaps also at liaison partner events.
WP8 - writing the final project report
Who participatein “phase 1” ?
Consortium members:
Baltimore, Belgacom, EEMA, Entegrity, Entrust, GlobalSign, iD2, KPMG, Makra, Security&Standards, UK Post,
University of Leuven (“COSIC” & “ICRI” Labs), University of Salford,
Utimaco Safeware
Who will be involved in “phase 2” ?
• “Active” Participants• “Passive” Participants
--> OPEN PARTICIPATION, BUT LIMITED NUMBERS !
Utimaco & PKI/PKA interoperability
• Project Co-ordination of pkiC, but also:• Participant in TIE (Esprit),• DTRUST interoperability,• Entrust interoperability in Award winning BOLERO (SWIFT)
project context,• Award winner in SPHINX,• …etc..: commitment to be an ‘open’ PKA/PKI vendor (via
membership of EEMA, TTT, PKI Forum,...)
SPHINX
• Pilot project of German government • Will lead to end-to-end security all over the
German Gov‘t Administration• Sphinx is based on the MailTrusT specification,
which is now a subset of international accepted Standards (SMIME, X.509, PKCS#10, etc)
• Since 1998 several products of different vendors were tested
SPHINX Step 2 - Features
S/MIMEv2
X.509v3 + extensions
CRLv2 + extensions
LDAPv3
Double key pair
Decentralised key generation
......