Interim Director
Projects & Initiatives
Contact Information
Formation of the OIT

Departmental Directory
UCSB Directory Service
Directory Assistance
UCSB Website Directory
UC Directories

Network Description
Report Trouble
Policy & Procedures
DMCA Reporting

Monitoring and Statistics
Network Time Services
SSL Certificates
VPN Service
Organizations
Report Trouble

Datasets Signoff Process
Computer Security Guide
Securing & Protecting
News, Advisories, & Alerts
Report an Incident
Recover from Intrusion
Other Security Sites
Mailing Lists
Policies

For Students
For Faculty & Staff

Email
Supercomputing
Software

EduCause

IT Board (ITB)
IT Planning Group (ITPG)
Campus Network (CNC)
Acad. Technology (ATWG)
Backbone Engineering (BEG)
DECAF
UC Committees

Current Openings
How to Apply

OIT Home > Committees > ITPG > 1999 Proposals > PKI Certificates

PKI Certificates

Project: PKI Certificates for UCSB Faculty, Staff, and Students

Sponsor: IS&C in Conjunction with the UC Common Authentication Project (UCCAP)

Summary

Funding to cover the cost of participating in UCCAP for all people at UCSB is required. PKI Certificates are small data files that are encrypted with the private key from a private-key/public-key pair and installed in a network browser. When the browser is pointed to a certificate-enabled site, that site uses the associated public key to decrypt the certificate and authenticate the browser and, thus, its user. This technique will work with any site that respects the UC PKI hierarchy. It may be used to access a variety of services, including self-service features of the UC benefits system and access to library content licensed for UC or UCSB personnel. Browser users avoid logging on and avoid having to remember and maintain passwords for each service they access. Service providers avoid maintaining ID/password files for all their users.

How This Project Supports the Academic Mission

Providing easy access to library materials, research information, and a variety of campus- and university-provided services will be crucial to operating in the networked world of the very near future. The PKI infrastructure is a leading technique for uniquely identifying users on the World Wide Web, and the University of California is an early academic adopter of PKI technology.

Funding Source

Unknown – however, the members of the UCCAP Steering Committee recently agreed to approach their respective campus decision makers with the notion that each campus should participate in a UC-wide contract with one of the commercial certificate providers.

Costs

UCOP has completed an RFP process and has selected Verisign as the vendor of choice for providing certificates and required components of the supporting PKI architecture. UCOP anticipates that the combination of the licenses and the costs of the infrastructure will generate a total cost of $5 per year for each person associated with UC (each person may have more than one certificate). Estimating that UCSB has 25,000 faculty, staff and students produces an estimated yearly cost of $125,000. Recognizing that the RFP specified a total UC participation of 300,000 people and recognizing that UCSB usually absorbs about one tenth of such costs indicates the cost to the campus could approach $150,000 per year.

Matching Opportunities

None at present although UCOP staff members are exploring all possibilities.

Staff Support Required

Help desk support will be needed to show people how to download and install certificates in the various browsers that they use in their daily activities.

If certificates of greater than minimal strength are implemented, additional staff support would be required to conduct the process of qualifying people for those certificates. For example, if certificates of a certain strength imply that one has presented a picture ID, someone will have to be in place to conduct the process of checking the ID and issuing the certificate.

Existing Resources to Be Used

One item in the certificate "payload" would be the UCNetID. Therefore, certificate users must be included in the UC directory.

Project Timeline

All UC campuses will be experimenting with certificates beginning in February 2000. A "go/no-go" decision on the contract with Verisign for 300,000 certificates is expected to be made in October 2000.

Life Cycle of Result

Use of certificates as a means of authenticating users is expected to grow over the next several years. One might expect the result to be in place until displaced by a newer technology.

Back to Proposals Index



	Copyright © 2003-2025 The Regents of the University of California, All Rights Reserved Web contact • Terms of Use • Accessibility Last modified: 10/19/2007