The Corporation for Research and Educational Networking (CREN) and MIT have announced a significant development in Internet technology service that supports secure resource-sharing among institutions. The two organizations are launching a new, top-level Certificate Authority Service offered to institutions of higher education by CREN, with MIT's technical support, which reviews, validates and issues digital certificates that campuses use for secure transactions over the network.
An information session on the new service will be held on campus this afternoon (November 17).
In making the announcement, Ira Fuchs, president and CEO of CREN as well as vice president for computing and information technology at Princeton, said, "I am delighted that CREN is taking a leadership role in launching this service today. Supporting resource-sharing among institutions of higher education will enable students, faculty and staff to make significant advances in their teaching and research over the Internet."
An essential part of the current infrastructure for conducting secure transactions over the web, digital certificates verify both the authenticity of the sender of an electronic message and the integrity of that message, signaling to the recipient that it has not been altered.
Serving as the trusted third-party for institutions and resource providers, the new certificate authority service will issue institutional certificates, allowing individuals at CREN subscriber institutions to share online information and electronic resources in a cryptographically secure environment.
By digitally signing the certificates issued by campus authorities, the service eliminates the need for each organization to establish secure relationships with every other institution on a case-by-case basis. Users at different institutions will be able to automatically verify the authenticity of the certificates they receive from each other's sites, simply by configuring their browser software for CREN's top-level certificate authority. This will facilitate inter-institutional relationships and support authenticated access to online information resources such as specialized databases and digital information resources.
The service was developed at MIT, which served as one of three pilot institutions, along with the Georgia Institute of Technology and Princeton University.
Jim Bruce, vice president of information systems, noted that MIT has long been a leader in this area. In the early days of Project Athena, he explained, staff at MIT recognized the importance of authentication--uniquely and securely identifying an individual to multiple trusting servers across a network. From this came MIT's Kerberos authentication system which enabled authorization--the ability for a server to authorize the authenticated individual to use its resources&emdash;and encryption of the data stream to and from the individual.
Today's launch "takes this to the next level, putting in place a mechanism for authenticating students, faculty and staff at one educational institution to servers and services at another institution," Professor Bruce said. "This is an early step in the routine, widespread, secure sharing of information throughout the educational community. We are very pleased to have had a part in this new venture."
Dr. M.S. Vijay Kumar, assistant provost and director of academic computing, said, "Extending the concept of secure transactions from within institutions to across institutions, the CREN certificate authority takes us one step closer to building and accessing a richer repository of shared resources and collaborations."
MIT TO MAKE 'KEYS'
To initiate the new certificate authority service, network security expert Jeff Schiller, manager of network services at MIT and principal architect of this service, will generate an initial CREN "key" or root certificate, "cut" a private key, and generate one institutional certificate for each of the three pilot institutions.
Presentations and a Q&A session this afternoon will feature Ira Fuchs, Jeff Schiller, CREN executive director Judith Boettcher, Jim Bruce, Richard Guida of the Federal Personal Key Infrastructure initiative, Daniel Oberst of Princeton, David Wasley of the University of California system and M.S. Vijay Kumar. The session will take place in Rm E40-302 from 12:30-1:30pm.
Once an institution has completed a process of authority registration with CREN, MIT will handle the certificate issuance process, reviewing each request for a certificate and then, if valid, issuing another certificate to the institution. In addition to providing the technical operations for the service, MIT's Network Operations Team is also developing software to automate the technically painstaking process which involves numerous steps for the proper exchange of certificates and activation of hardware.
One content provider who will be using the new service is the Journal Storage Project or JSTOR, a not-for-profit organization that is building a searchable digital database with the complete back files of academic journals.
"As a trusted member of the academic community, CREN offers a reliable and affordable solution for authorizing digital certificates," said Spencer Thomas, JSTOR's technical coordinator. "Providing remote access to scholarly resources is one of the more vexing problems facing both users and providers of electronic information at colleges and universities. JSTOR is extremely pleased to participate in this important initiative."
Another endorsement of the service came from Ken Klingenstein, director of information technology services at the University of Colorado at Boulder and middleware project director of UCAID (University Corporation for Advanced Internet Development), the organization responsible for Internet2.
"This is an important step towards building a national interoperable higher education security infrastructure," he said. "With the CREN certificate authority mechanism as an anchor, we can begin the substantive work of establishing trust relationships within our community and enabling new institutional resource-sharing. Many agendas will be advanced with this deployment."
Established in 1984, CREN (http://www.cren.net) is a nonprofit member organization that supports the technical and practical information needs and tools of networking and information technology professionals. There are more than 225 members ranging from small, private institutions such as Smith College to large public institutions such as the University of Wisconsin.
A version of this article appeared in MIT Tech Talk on November 17, 1999.