SlideShare uma empresa Scribd logo

talk

Transferir como PPT, PDF
J
John Hines
1 de 16
2 Netscape Certificate Management System 4.0 1999 RSA Data Security Conference John Hines Engineering Manager jhines@netscape.com
Agenda • Netscape Commerce-Ready Infrastructure • Certificate Management System 4.0 • Architecture & Interoperability • Partners & Services
1998 was the year of Internet e-commerce early adopters... • Scales to millions • Available 24 x 7 x 365 • Integrated across applications • Extranet security • Scales to millions • Available 24 x 7 x 365 • Integrated across applications • Extranet security • Scales to 10’s of thousands • Incompatible infrastructure across applications • Scales to 10’s of thousands • Incompatible infrastructure across applications Internal Focus External Focus
… and Netscape’s customers and partners deployed real solutions
• Internet infrastructure for reliable, scalable, secure E-commerce applications • Secure management and authentication of millions of users & hundreds of applications E-Commerce Ready Infrastructure Broad Foundation for Internet Commerce Quality of Service Application Services Content Delivery Services Integration Services Directory & Security Services Professional Services
Netscape Directory for Secure E-Commerce 4.0 • Broad foundation for Internet commerce • Complete solution for the mainstream that provides a flexible range of security options – Username and password authentication – Certificate (PKI) based authentication – SSL for secure communication • Significantly simplifies administration and deployment of secure e-commerce applications – Enables customer self service – Deployable PKI Netscape Directory for Secure E-Commerce 4.0 • Certificate Management System 4.0 • Directory Server 4.0 • Delegated Administrator 4.0
Certificate Management System 4.0 New Features and Functionality • Deployment flexibility and scalability – RA, CA & KRA easily distributed across systems – Scales to millions of users – Enhanced directory integration • Broad support for client, server, CA, and VPN certificates • Hardware signing and acceleration through PKCS#11 CSPs • Simplified end user experience • Corporate key recovery Data Recovery Manager Certificate Manager Registratio n Manager
Certificate Management System 4.0 Additional Cryptographic Features • Dual key & expanded algorithm support • FIPS 140-1 – Level 1 & 2 CSPs – Interoperability with FIPS 140-1 Level 3 validated hardware CSPs • Secret splitting for signing and key recovery keys • Integration with Litronic Profile Manager for bulk issuance of smart cards • Supports CRS and can issue IPSEC certificates for Cisco Routers
Architecture Overview R e g is t r a t i o n M a n a g e r D a t a R e c o v e r y M a n a g e r C e r t i f i c a t e M a n a g e r H T T P S H T T P S C R S E E in t e r n a l L D A P in t e r n a l L D A P in t e r n a l L D A P E x t e r n a l P u b lic D r e c t o r y C o m m u n i c a t o r 5 . 0 C R S /R S A o n ly L D A P c e r t / p u b l i s h in g L D A P c e r t /C R L p u b l i s h in g C R M F /C M M F d u a l k e y R S A /D S A /m ix e d K E Y G E N E E P K C S # 1 0 E E R S A /D S A K E Y G E N P K C S # 1 0 R S A o r D S A H T T P H T T P S E E s H T T P H T T P S H T T P H T T P S E x t e r n a l P u b lic D r e c t o r y E E s CMMF/HTTPS
Internal Architecture M id d l e w a r e C A R A K R A J a v a S e c u r i t y S e r v ic e s ( J S S ) ( J a v a - J N I la y e r ) N e t s c a p e S e c u r it y S e r v i c e s ( N S S ) P K C S # 1 1 la y e r S S L L D A P J D K 1 .1 . 6 a n d 1 . 2 I n t e r n a l C S P ( L e v e l 1 ) F I P S L e v e l 2 C S P T h i r d p a r t y v e n d o r s IN C L U D E D C S P s S O F T W A R E o r H A R D W A R E C S P s E x p o s e d D e v e l o p e r A P Is C u s t o m A u t h e n t ic a t i o n / P o li c y m o d u l e s T h i r d p a r t y v e n d o r s FIPS 140-1 Validated layer Pure Java layer
Certificate Management System 4.0 Flexibility and Extensibility • Java Plug-in interfaces -- write once, run everywhere – Out of the box authentication modules – Ability to add groups of extensions – Customizable policy constraints for different types of keys/certificates • Published APIs and tools enable integration – Kerberos and SecurID authentication modules – RDBMSs and ERP systems • Flexible LDAP publishing • Internationalized end user and admin GUIs
Certificate Management System 4.0 Flexibility and Extensibility
Certificate Management System 4.0 Flexibility and Extensibility
Certificate Management System 4.0 Standards Compliance • IETF PKIX Certificate Management Standards – CRMF: Certificate Request Message Format – CMMF: Certificate Management Message Format • CRS: Certificate Request Syntax [Cisco IPSec] • FIPS 140-1: NIST Security Requirements for Cryptographic Modules • PKCS #11 2.01 • X.509 v3: formats for digital certificates (v1, v3) • LDAP v2, v3: Lightweight Directory Access Protocol • SSL 2.0, 3.0: Secure Socket Layer
Extending Security Solutions Through Partnerships & Services • Cross-company trust • Hardware tokens & cryptographic accelerators • Secure networking & VPNs • Systems integration & consulting • Training
Netscape Delivers Robust Security Solutions Today • Certificate Server 1.0 deployed today • Robust infrastructure grows as fast and as large as required • Directory Server provides foundation for Internet security • Certificate Management System delivers strong authentication for extranet and e-commerce services • Netscape extends solutions through partners, tools, and services

Recomendados

Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
 
nana.owusu resume 3
nana.owusu resume 3nana.owusu resume 3
nana.owusu resume 3Nana Owusu
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
 
An introduction to RTIR
An introduction to RTIRAn introduction to RTIR
An introduction to RTIRJesse Vincent
 
A brief introduction to RTIR
A brief introduction to RTIRA brief introduction to RTIR
A brief introduction to RTIRJesse Vincent
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usPriyanka Aash
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204dJohn Hines
 
Microservices Delivery Platform. Tips & Tricks
Microservices Delivery Platform. Tips & TricksMicroservices Delivery Platform. Tips & Tricks
Microservices Delivery Platform. Tips & TricksAndrey Trubitsyn
 

Recomendados

Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
 
nana.owusu resume 3
nana.owusu resume 3nana.owusu resume 3
nana.owusu resume 3Nana Owusu
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
 
An introduction to RTIR
An introduction to RTIRAn introduction to RTIR
An introduction to RTIRJesse Vincent
 
A brief introduction to RTIR
A brief introduction to RTIRA brief introduction to RTIR
A brief introduction to RTIRJesse Vincent
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usPriyanka Aash
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204dJohn Hines
 
Microservices Delivery Platform. Tips & Tricks
Microservices Delivery Platform. Tips & TricksMicroservices Delivery Platform. Tips & Tricks
Microservices Delivery Platform. Tips & TricksAndrey Trubitsyn
 
SAI - Serverless Integration Architectures - 09/2019
SAI - Serverless Integration Architectures - 09/2019SAI - Serverless Integration Architectures - 09/2019
SAI - Serverless Integration Architectures - 09/2019Samuel Vandecasteele
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksJoseph Holbrook, Chief Learning Officer (CLO)
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA SuiteKalyana Sundaram
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Cisco Connect Ottawa 2018 secure on prem
Cisco Connect Ottawa 2018 secure on premCisco Connect Ottawa 2018 secure on prem
Cisco Connect Ottawa 2018 secure on premCisco Canada
 
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...Databricks
 
Service mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communicationsService mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communicationsSatya Syam
 
Mohamed_Omar_Cv
Mohamed_Omar_CvMohamed_Omar_Cv
Mohamed_Omar_CvMohamed Elhamshary
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
 
RizwanJamal-Resume
RizwanJamal-ResumeRizwanJamal-Resume
RizwanJamal-ResumeRizwan Jamal
 
A Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionA Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionPriyanka Aash
 
Keynote - AWS Summit Milano 2018
Keynote - AWS Summit Milano 2018Keynote - AWS Summit Milano 2018
Keynote - AWS Summit Milano 2018Amazon Web Services
 
FIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Office 365 Message Encryption
Office 365 Message EncryptionOffice 365 Message Encryption
Office 365 Message EncryptionJoel Brda
 
Network Architecture for Containers
Network Architecture for ContainersNetwork Architecture for Containers
Network Architecture for ContainersCumulus Networks
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentPerficient, Inc.
 

Mais conteúdo relacionado

Semelhante a talk

SAI - Serverless Integration Architectures - 09/2019
SAI - Serverless Integration Architectures - 09/2019SAI - Serverless Integration Architectures - 09/2019
SAI - Serverless Integration Architectures - 09/2019Samuel Vandecasteele
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Cisco Connect Ottawa 2018 secure on prem
Cisco Connect Ottawa 2018 secure on premCisco Connect Ottawa 2018 secure on prem
Cisco Connect Ottawa 2018 secure on premCisco Canada
 
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...Databricks
 
Service mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communicationsService mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communicationsSatya Syam
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
 
RizwanJamal-Resume
RizwanJamal-ResumeRizwanJamal-Resume
RizwanJamal-ResumeRizwan Jamal
 
A Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionA Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionPriyanka Aash
 
Keynote - AWS Summit Milano 2018
Keynote - AWS Summit Milano 2018Keynote - AWS Summit Milano 2018
Keynote - AWS Summit Milano 2018Amazon Web Services
 
FIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Office 365 Message Encryption
Office 365 Message EncryptionOffice 365 Message Encryption
Office 365 Message EncryptionJoel Brda
 
Network Architecture for Containers
Network Architecture for ContainersNetwork Architecture for Containers
Network Architecture for ContainersCumulus Networks
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentPerficient, Inc.
 

Semelhante a talk (20)

SAI - Serverless Integration Architectures - 09/2019
SAI - Serverless Integration Architectures - 09/2019SAI - Serverless Integration Architectures - 09/2019
SAI - Serverless Integration Architectures - 09/2019
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and Tricks
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA Suite
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Cisco Connect Ottawa 2018 secure on prem
Cisco Connect Ottawa 2018 secure on premCisco Connect Ottawa 2018 secure on prem
Cisco Connect Ottawa 2018 secure on prem
 
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...
 
Service mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communicationsService mesh in Microservice World to Manage end to end service communications
Service mesh in Microservice World to Manage end to end service communications
 
Mohamed_Omar_Cv
Mohamed_Omar_CvMohamed_Omar_Cv
Mohamed_Omar_Cv
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017
 
RizwanJamal-Resume
RizwanJamal-ResumeRizwanJamal-Resume
RizwanJamal-Resume
 
A Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or FictionA Fully Automated SOC: Fact or Fiction
A Fully Automated SOC: Fact or Fiction
 
Keynote - AWS Summit Milano 2018
Keynote - AWS Summit Milano 2018Keynote - AWS Summit Milano 2018
Keynote - AWS Summit Milano 2018
 
FIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting Microservices
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Office 365 Message Encryption
Office 365 Message EncryptionOffice 365 Message Encryption
Office 365 Message Encryption
 
Network Architecture for Containers
Network Architecture for ContainersNetwork Architecture for Containers
Network Architecture for Containers
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
 

talk

  • 1. 2 Netscape Certificate Management System 4.0 1999 RSA Data Security Conference John Hines Engineering Manager jhines@netscape.com
  • 2. Agenda • Netscape Commerce-Ready Infrastructure • Certificate Management System 4.0 • Architecture & Interoperability • Partners & Services
  • 3. 1998 was the year of Internet e-commerce early adopters... • Scales to millions • Available 24 x 7 x 365 • Integrated across applications • Extranet security • Scales to millions • Available 24 x 7 x 365 • Integrated across applications • Extranet security • Scales to 10’s of thousands • Incompatible infrastructure across applications • Scales to 10’s of thousands • Incompatible infrastructure across applications Internal Focus External Focus
  • 4. … and Netscape’s customers and partners deployed real solutions
  • 5. • Internet infrastructure for reliable, scalable, secure E-commerce applications • Secure management and authentication of millions of users & hundreds of applications E-Commerce Ready Infrastructure Broad Foundation for Internet Commerce Quality of Service Application Services Content Delivery Services Integration Services Directory & Security Services Professional Services
  • 6. Netscape Directory for Secure E-Commerce 4.0 • Broad foundation for Internet commerce • Complete solution for the mainstream that provides a flexible range of security options – Username and password authentication – Certificate (PKI) based authentication – SSL for secure communication • Significantly simplifies administration and deployment of secure e-commerce applications – Enables customer self service – Deployable PKI Netscape Directory for Secure E-Commerce 4.0 • Certificate Management System 4.0 • Directory Server 4.0 • Delegated Administrator 4.0
  • 7. Certificate Management System 4.0 New Features and Functionality • Deployment flexibility and scalability – RA, CA & KRA easily distributed across systems – Scales to millions of users – Enhanced directory integration • Broad support for client, server, CA, and VPN certificates • Hardware signing and acceleration through PKCS#11 CSPs • Simplified end user experience • Corporate key recovery Data Recovery Manager Certificate Manager Registratio n Manager
  • 8. Certificate Management System 4.0 Additional Cryptographic Features • Dual key & expanded algorithm support • FIPS 140-1 – Level 1 & 2 CSPs – Interoperability with FIPS 140-1 Level 3 validated hardware CSPs • Secret splitting for signing and key recovery keys • Integration with Litronic Profile Manager for bulk issuance of smart cards • Supports CRS and can issue IPSEC certificates for Cisco Routers
  • 9. Architecture Overview R e g is t r a t i o n M a n a g e r D a t a R e c o v e r y M a n a g e r C e r t i f i c a t e M a n a g e r H T T P S H T T P S C R S E E in t e r n a l L D A P in t e r n a l L D A P in t e r n a l L D A P E x t e r n a l P u b lic D r e c t o r y C o m m u n i c a t o r 5 . 0 C R S /R S A o n ly L D A P c e r t / p u b l i s h in g L D A P c e r t /C R L p u b l i s h in g C R M F /C M M F d u a l k e y R S A /D S A /m ix e d K E Y G E N E E P K C S # 1 0 E E R S A /D S A K E Y G E N P K C S # 1 0 R S A o r D S A H T T P H T T P S E E s H T T P H T T P S H T T P H T T P S E x t e r n a l P u b lic D r e c t o r y E E s CMMF/HTTPS
  • 10. Internal Architecture M id d l e w a r e C A R A K R A J a v a S e c u r i t y S e r v ic e s ( J S S ) ( J a v a - J N I la y e r ) N e t s c a p e S e c u r it y S e r v i c e s ( N S S ) P K C S # 1 1 la y e r S S L L D A P J D K 1 .1 . 6 a n d 1 . 2 I n t e r n a l C S P ( L e v e l 1 ) F I P S L e v e l 2 C S P T h i r d p a r t y v e n d o r s IN C L U D E D C S P s S O F T W A R E o r H A R D W A R E C S P s E x p o s e d D e v e l o p e r A P Is C u s t o m A u t h e n t ic a t i o n / P o li c y m o d u l e s T h i r d p a r t y v e n d o r s FIPS 140-1 Validated layer Pure Java layer
  • 11. Certificate Management System 4.0 Flexibility and Extensibility • Java Plug-in interfaces -- write once, run everywhere – Out of the box authentication modules – Ability to add groups of extensions – Customizable policy constraints for different types of keys/certificates • Published APIs and tools enable integration – Kerberos and SecurID authentication modules – RDBMSs and ERP systems • Flexible LDAP publishing • Internationalized end user and admin GUIs
  • 12. Certificate Management System 4.0 Flexibility and Extensibility
  • 13. Certificate Management System 4.0 Flexibility and Extensibility
  • 14. Certificate Management System 4.0 Standards Compliance • IETF PKIX Certificate Management Standards – CRMF: Certificate Request Message Format – CMMF: Certificate Management Message Format • CRS: Certificate Request Syntax [Cisco IPSec] • FIPS 140-1: NIST Security Requirements for Cryptographic Modules • PKCS #11 2.01 • X.509 v3: formats for digital certificates (v1, v3) • LDAP v2, v3: Lightweight Directory Access Protocol • SSL 2.0, 3.0: Secure Socket Layer
  • 15. Extending Security Solutions Through Partnerships & Services • Cross-company trust • Hardware tokens & cryptographic accelerators • Secure networking & VPNs • Systems integration & consulting • Training
  • 16. Netscape Delivers Robust Security Solutions Today • Certificate Server 1.0 deployed today • Robust infrastructure grows as fast and as large as required • Directory Server provides foundation for Internet security • Certificate Management System delivers strong authentication for extranet and e-commerce services • Netscape extends solutions through partners, tools, and services

Notas do Editor

  1. Good Afternoon. Thanks for joining us here today. We’ve got a lot of new information to share with you and because of this we have an updated copy of the presentation. If you didn’t get one on the way in, we have them available for you. One change in the presentation is that we have removed the demos in favor of more time for Q&A since we’ve been demonstrating the products for the last three days in the Exhibit Hall. If you didn’t see the demos and are interested, please talk with us after the session.
  2. Key points: Focus of applications that do go on the Net is very different from what it used to be (these are the standard points made in the slide that we have been making for the past year about scalability, reliability , availability, and integration across applications) E-Commerce, although a rapidly growing marketplace, is still very young and is dominated by early adopters. The mainstream of corporate America still has not made it onto the web. The reason they have not made it onto the Net is that in 1998, it was not an easy thing to do. You had to be willing to absorb some pain, that is what early adopters do, they pave the way for others. (next slide)
  3. However, Netscape has spent the last year working with these early adopters, helping them get their E-commerce solutions deployed Unlike many vendors who put up a list like this, every one of these vendors is deployed with the Netscape Directory. Most people can just talk about customers who haven’t deployed their Ecommerce application yet, we have worked with the pioneers to get their solutions out the door and onto the Internet. Ford is using the Netscape Directory as part of their supplier network with over 110 applications and 250,000 users as part of the Ford Supplier Network. They have an Ecommerce system that let them lower their vehicle deliver time from 50 to 15 days. BC Tel is using the Netscape Directory and Security Servers to offer their customers a choice of security levels for online bill presentment. Customers can either present a username/password or they can present a digital certificate as the authentication mechanism to access their online bill MCI WorldCom is using the Netscape Directory as a meta directory to synchronize their NOS, email and PeopleSoft directories. AIG wanted to create an extranet application that enabled Brokers and Agents to make insurance sales through the internet. This new application, called Access AIG, serves as a centralized repository for their twenty thousand insurance brokers and agents in the US and Canada. These insurance agents and brokers are able to access real time, up-to-date information by authenticating to the Netscape Directory Server through User ID and Password protection. The agents and brokers can access product info, client services, pre-submissions and other information instantly. Before it took several phone calls, time consuming navigation through different web sites, and extensive paper forms. The benefit of the new Access AIG application for the agents and brokers is customization and time savings. They will be evaluating CMS 4.0 to add digital certificates as an additional layer of security to their application. Netscape has worked with these early adopters to understand the difficult issues in deploying real Ecommerce applications to make our products more deployable for the mainstream.
  4. Quality of Service: Ability to incrementally scale & guarantee performance and availability Application Services: An environment to build & host transactional applications Content Delivery Services: Services for content publishing & management Integration Services: Capabilities to integrate with existing enterprise systems & applications Portal Services: Support for custom portals & wiring to mass market portals One point our customers have made to us is that they don’t just want point solutions. They want a complete infrastructure for developing and deploying Ecommerce applications. Talk about the requirements for an E-Commerce application. The slide is self explanatory here. For integration Services, note that these applications can’t exist in a vacuum. they have to be able to tie into the existing infrastructure. for this reason, all aspects of an E-Commerce Ready Infrastructure need to be able to integrate with legacy systems. For this announcement, we will be talking about our Directory and Security integration with existing directory and security infrastructure. We will also be announcing enhancements to our Directory and Security
  5. Directory provides user management (incl. personalization) and foundation for security Delegated Administrator provides restricted access for customer self-service.
  6. Broad end entity (EE) support for browser and VPN clients (IE 3.X,4.X, Navigator 3.X,4.X,5.X, RedCreek, etc.), servers (Netscape SuiteSpot 2.X, 3.X, 4.X, Apache, Lotus Domino, Oracle, IIS, etc.), CA’s (Entrust, Microsoft, etc.) Highly scaleable architecture Can distribute certification authority (CA), registration authority (RA) and Key Recovery Authority (KRA) across systems Support for multiple RA’s, CA’s and KRA’s Directory Server 4.0 for local data storage.
  7. Java Plug-in interfaces for certificate processing policies, authentication modules, servlet and PKCS#11 modules -- write once, run everywhere. Out of the box Java authentication modules for LDAP based authentication, one time password authentication with pin generator, and certificate processing policies for most PKIX extensions in compiled and source form
  8. Netscape continues to expand their security solution by partnering with key security vendors. Public CA’s are referenced from our web site at: https://certs.netscape.com Security Dynamics has signed a bundling agreement with Netscape to embed our Directory. Litronic and Datakey provide smart card solutions. Chrysalis-ITS, Ncipher and Rainbow provide hardware acceleration cards to increase the speed of cryptographic operations. Cisco and other VPNs will interoperate with Certificate Management System 4.0
  9. Shared, centralized directory & security infrastructure supports multiple applications Professional Services programs and tools enable legacy integration in 2-4 weeks Strong security provided out-of-the-box Directory Scales to 20+ million entries/server 24x7 availability Blazingly high performance (hundreds to thousands of queries/second) Directory as foundation of security Web-based single sign-on, access control, delegated administration Scalability and security for millions of extranet users VeriSign service integration makes Netscape the most deployable CA for Extranets Certificate Management System will increase user transparency, flexibility, and scalability