SURA PKI Consortium proposal response

SURA PKI Consortium Response to Internet2 "PKILabs" RFP

June 30, 2000

Executive Summary

This proposal represents a collaborative response to the Internet2 "PKILabs" request for proposal (http://www.internet2.edu/middleware/pkilabs/). This collaborative proposal, sponsored by the Southeastern Universities Research Association (SURA), will team leading PKI researchers with institutional Chief Information Officers from the following SURA institutions: Georgia State University , Georgia Institute of Technology, the University of Georgia, the University of Alabama, the University of Alabama at Birmingham, the University of Alabama in Huntsville, and the University of Tennessee. SURA is a consortium of forty-seven universities in 13 southeastern states and the District of Columbia.

SURA institutions have active partnerships with Internet2 initiatives, the Next Generation Internet, Net@Edu PKI Working Group, and advanced research agendas of NSF, DOE, DOD, NASA, DOT, and NIH. The institutions responding to this proposal belong to Southern Crossroads (SoX), a cooperative initiative of SURA, designed to facilitate access to current and future highly integrated, digital communications services for education, research and economic development within the region and across the United States.

The SURA membership represents a significant subset of the nation’s research academic community and as such is an ideal, cohesive community that can provide a regional test bed for many of the scaling and interoperability issues associated with the development and deployment of Public Key Infrastructure solutions. The linking of SURA institution CIOs with academic researchers brings a unique strength to this proposal: linking of researchers with institutional CIOs is how the PKI work gets moved from the lab to real institutional trial deployments.

SURA institutions are actively engaged in building PKI infrastructure to support research collaboration, sharing, and interoperation of advanced technical resources. SURA is interested in solutions in the areas of certificate management policy and practice (assurance levels of certificates, liability assumptions, validity period, acceptable usage), establishing common directory solutions (meta-directories), using open source solutions for interfaces and interoperability, and investigating scalability, performance, and Quality of Service.

The research agenda proposed by the "PKILabs" RFP fits well with the activities of the responding institutions, the interests of its academic and research faculty as well as the actively ongoing deployment of advanced networks and Public Key infrastructures. Further, SURA is prepared to provide matching funds, up to $100,000 over the life of the project, to further leverage the "PKILabs" research agenda to the mutual benefit of SURA, higher education, Internet2, and AT&T.

Finally, while the proposed PKI activity will benefit the SURA region, it moreover will benefit the national I2 community. True, SURA could be a model for others. However, this program is not so much a call for proposals that could benefit from extra funding as it is a call for existing efforts/expertise to come forward and collaborate in information sharing and PKI development at a broader level. SURA is, in fact, a community of researchers, CIOs, and technical staff working collaboratively, sharing expertise, and deploying solutions to complex advanced networking problems. Selecting the SURA PKI Consortium to be one of the two designated PKI centers can demonstrate how this collaborative approach benefits the larger Internet2 community.

Background

Analogous to the commercial sector’s engagement with eCommerce, today’s institutions of higher education are rapidly entering a system of basic communications and transactional services that could be called the "eUniversity," or the electronic, next-generation institution of higher education.

These basic communications and transactional services are part of an emerging definition of "middleware" services that sit between the hardware of the Internet and the learning, research, and administrative applications of the higher education community. In support of the core functions of the academy's eUniversity initiatives and collaborative research challenges, it is critical that middleware provide the fundamental strong security necessary to build a trusted and consistent infrastructure enabling the identification and authorization of individuals and services, providing for confidentiality and privacy, and ensuring integrity of transactions.

Adding to the complexity of the problems themselves is the breadth of scope of the problems, requiring significant inter-operation among institutions. The Department of Education initiative in student digital signatures, the Internet2 Middleware initiative, the CREN certificate authority pilot, and the Federal PKI Working Group activities reflect the growing emphasis on national interoperation.

There is a strategic advantage in developing mechanisms for secure, collaborative sharing of higher education resources such as online libraries, vendor database services, and advanced research facilities. Quality of Service issues in allocation of bandwidth require identification, authentication, and authorization services of a robust, interoperable PKI.

These mechanisms for a secure, interoperable higher education environment require:

A broader paradigm of directory services than application-specific solutions
Comprehensive, scalable methodologies to validate authenticity
Association of specific validations with pre-specified authorizations — such as matching research applications to quality of service providing needed bandwidth
Seamless, comprehensive interfaces to integrate all components of the eUniversity

SURA Consortium — Proposal Approach

Using the I2 PKI Lab RFP as a catalyst, the seven SURA member institutions participating in this proposal will collectively coordinate existing and plan new PKI activities in the SURA region by:

Establishing a SURA PKI Consortium (Georgia State University, Georgia Institute of Technology, University of Georgia, University of Alabama, University of Alabama at Birmingham, University of Alabama in Huntsville, and the University of Tennessee) linking leading PKI research initiatives in the SURA region with the institutional IT leadership in those institutions. This will create a distributed initiative with the goal of creating a public key infrastructure distributed test bed linking current research with operational deployments within the participating institutions. As successful test bed deployments occur, SURA offers the potential to further test scaling and interoperability issues among and between the larger SURA community.
Establishing an "I2 PKI Lab" at the Georgia Tech Research Institute Public Key Infrastructure Lab and work with the other SURA institutions to establish the research environment.
Engaging academic researchers to conduct the proposed I2 PKI Labs research agenda of the (http://www.internet2.edu/middleware/pkilabs/research-agenda.shtml) and to provide consultation to the SURA PKI Consortium Technical Working Group on design, performance, and scalability of security policy, management, and architecture.
Establishing a Technical Working Group from the SURA PKI Consortium members to provide direction and leadership in operational aspects of PKI solutions, including the implementation of prototypes demonstrating the proposed solutions. The Technical Working Group will coordinate with the researchers and CIO leadership in moving toward field deployment of PKI components.
Conducting institutional surveys of the SURA PKI Consortium members using a profile model similar to that developed by the Internet2 Middleware Early Adopters project. The profile responses will serve the consortium in identifying the issues related to interoperability, security, Quality of Service or other infrastructure areas and in establishing an overall collaborative environment for research, services, and resources.
Defining an interoperable policy strategy leading to development of a strategic environment for implementation of certificate policies and practice statements.
Helping establish the overall strategy for continued PKI implementation for SURA institutions and promote collaborative opportunities in Public Key Infrastructure initiatives of higher education (Internet2 Middleware, Net@Edu, etc.) or government (Georgia Technology Authority, or Federal PKI for example).

The SURA PKI Consortium is being proposed at the same time as this proposal is being submitted. The SURA PKI Consortium will have SURA's administrative resources available and will provide overall coordination of the proposal work. SURA will serve in the role of contract management, providing primary responsibility for administrative, financial, and reporting accountability for project commitments, deliverables, and reporting. Recognizing that the PKILabs research agenda will likely involve multiple projects, a Project Management Leader will serve to coordinate the various specific projects. As each project is defined, a Principle Investigator with the required expertise will be named and have the primary responsibility for conducting/directing work or research. This proposal includes disciplinary researchers (cf. Shealy-computational physics, Wang-biochemistry, etc.) who can work with computer scientists in this middleware proposal.

SURA Research Environment — PKI Resources & Opportunities

SURA PKI Consortium’s research agenda fits well with the I2 PKI Labs research agenda. Close coordination between these two initiatives will speed the deployment of an identification, authentication, and authorization infrastructure for research collaboration and higher education interoperation. The SURA PKI Consortium institutions have an unique, and existing, capability to run an I2 PKI Lab and to interface PKI technology into major Internet2 applications, such as video, remote use of instruments & large databases, distributed high performance computing associated with NCSA & computational grid, and distributed storage applications. The SURA PKI Consortium environment includes:

Southeastern Universities Research Association (http://www.sura.org) has a mission to foster excellence in scientific research and to strengthen the scientific and technical capabilities of the nation and of the Southeast. SURA is the managing entity for Jefferson Lab (www.jlab.org), a U.S. Department of Energy National Accelerator Facility.

The Southern Crossroads (SoX) (http://www.sox.net/) "is a cooperative initiative by the members of SURA. SoX is designed to facilitate access to current and future highly integrated, digital communications services for education, research and economic development … throughout the Southeast."

Georgia State University/Georgia Institute of Technology vBNS — (http://www.gsu.edu/~wwwhsn/vbns/vbnsdoc.html) This proposal established the vBNS network in the Southeast, providing research institutions in the region with access to high-speed data connections to other research institutions in the country. GSU is implementing enterprise directory solutions and working with University System to define a meta-directory and PKI solution to support the eUniversity.

Georgia Tech Research Institute PKI Lab — ( ITTLpkil.html ) "The mission of the GTRI PKI Lab (PKIL) is to explore and promote Public Key Infrastructure technology… The capabilities of the PKIL span the entire spectrum of PKI related activities and research including components, policy and business issues, applications design and development, legacy system ennoblement, and testing, evaluation and assessment across the breadth of PKI issues and applications."

Georgia Institute of Technology — Georgia Tech is an original pilot member of the CREN CA initiative (http://www.cren.net/ca/index.html) and is implementing PKI solutions for authenticating use of internal services, web pages, mobile access, and research library databases.

University of Georgia — Enterprise directory services (EDS) based on Novell Directory Services is being implemented to provide a single authentication/authorization service for all IT resources (http://www.uga.edu/ucns/tti/Computer_Review/Summer2000/enterprise-dir.html). EDS will interface via LDAP V3 with an emerging, statewide, meta-directory service initiative to provide a common authentication/authorization mechanism for accessing multi-institutional IT resources in an eUniversity environment.

University of Alabama -- The University of Alabama, located in Tuscaloosa, is a charter member of Internet2 and is actively engaged in Internet2 activities (http://bama.ua.edu/~i2/). University personnel are active participants in the Higher Education PKI Technical Advisory and the Net@Edu PKI Working Group.

University of Alabama at Birmingham - The University of Alabama at Birmingham has a broad range of Internet2 activities (http://WWW.UAB.EDU/internet2/). With its peers, University of Alabama and University of Alabama in Huntsville, an advanced networking environment has been established that requires the implementation of PKI capabilities to enable new applications (http://www.gulfcentralgigapop.net/). UAB has been using LDAP for five years and is currently rolling out a PKI pilot project.

University of Alabama in Huntsville — The University of Alabama in Huntsville is actively engaged Internet2 related work (http://io.uah.edu/demo/vbns/) and advanced collaborative research, such as the NASA Global Hydrology Resource Center (http://ghrc.msfc.nasa.gov/) that is a part of the Global Hydrology and Climate Center (http://wwwghcc.msfc.nasa.gov/ghcc_home.html) located in Huntsville.

University of Tennessee —The Scalable Intracampus Research Grid (SInRG) project (http://www.cs.utk.edu/sinrg/index.html) "will deploy a research infrastructure on the … campus that mirrors the underlying technologies and the interdisciplinary research collaborations that are characteristic of the emerging national technology grid." Development of middleware to manage SinRG's distributed component architecture is a fundamental requirement.

Related SURA Organizations & Initiatives with Strong Interest in PKI Initiatives

Video Development Initiative — (http://sunsite.utk.edu/vide/index.html) "The goal of The Video Development Initiative (ViDe) is to promote the deployment of digital video in higher education by leveraging collective resources and expertise towards addressing challenges to deployment – poor interoperability, volatile standards and high cost." Access to multipoint control units (MCUs) and Voice over IP servers would be greatly enhanced by access control, authentication and directory server capabilities.

SER-CAT Consortium - http://bcl15.bmb.uga.edu/SER-CAT/sercat/index.html The Southeast Regional Collaborative Access Team Consortium includes researchers from 19 institutions, with Dr. B.C. Wang, University of Georgia, as Director. The primary objective of SER-CAT is to provide reliable, rapid, and timely access to the best possible synchrotron x-ray beamlines for structural biology research. There is an ongoing effort involving SER-CAT, D.L. Shealy (UAB), M.C. Wright (ONRL), and R.M. Sweet (BNL) to secure IT research and infrastructure funding to automate the remote use of synchrotron beamlines in a time-sharing manner so that users anywhere in the world can use these instruments. The implementation of appropriate security and authorization processes will be critical to the success of this effort. The Next Generation Internet/Internet2 applications of online instrumentation for real time data acquisition and reduction, the emerging computational grid, and the developing middleware capabilities will be used to build an integrated solution.

See Attachment A for additional information regarding SURA Institutions’ Activity in Support of National PKI Initiatives.

Research Personnel

Dr. Samir Chatterjee — http://www.cis.gsu.edu/~schatter/

Dr. Sara Graves — http://www.itsc.uah.edu/sgraves/vitaedtl.html

Dr. Sham Navathe — http://www.cc.gatech.edu/~sham/

Dr. David Shealy — http://www.phy.uab.edu/~shealy/

Dr. Mani Subramanian — http://www.cc.gatech.edu/people/home/manis/

John Wandelt, Senior Research Scientist GTRI — jwBIO.html

Dr. B. C. Wang, — http://www.uga.edu/cms/FacBCW.html

CIO & Operational Leadership

Reid Christenberry (SURA Board of Trustees)

Associate Provost and CIO