A recent ECAR report identified public key infrastructure (PKI) as one of the 10 “least familiar technologies in the higher education IT environment. This post explores several points of confusion when it comes to understanding PKI and PKI implementations on campus.
Barry Ribbeck is the Security Program Manager under the CISO at Rice University. He is a past co-chair of the [email protected] Identity Management working group, sat on the Higher Education Bridge Policy Authority (HEBCA) and US Higher Education Root (USHER) Policy Board and participates in various working groups within Internet 2 and Educause. Barry completed an undergraduate in mathematics in Louisiana and a master's degree in Biomedical Statistics at The University of Texas and maintains certifications in networking (Cisco), ITIL and security (CISSP). Current job responsibilities include working with the CISO to produce and manage policy, procedure, risk assessments, IT security audits and compliance.
Public key infrastructure (PKI) certificates form the backbone of most if not all Internet security authentication for sites and services and encrypted network transport today. Higher education is heavily invested in the technology used to create and manage these certificates. PKI supports secure data exchange and authentication over the Internet via the distribution and identification of public encryption keys.
Four case studies were undertaken in the course of this project with partial funding from an Extending the Reach (ETR) grant from the National Science Foundation Middleware Initiative-Enterprise and Desktop Integration Technologies (NMI-EDIT) Consortium.