This is an early draft - please provide corrections and feedback to
USHER, the US Higher Education Root, will provide a basis for campuses to deploy signed documents, secure email, and other applications. Serving as both an infrastructure and an initiative, it will include a root (AKA trust anchor or certification authority) to identify campus roots [CA's], and recommended applications, tools and metadata. It will coordinate with the InCommon federation.
USHER recognizes that a PKI needs to focus on applications. Initial applications to explore, work on and spec out include:
USHER itself will operate very securely. The root's private keys will be protected with hardware and software certified at FIPS-140 level 2 or higher. The USHER policies will ensure that institutional CAs are controlled by authorized organizations at each campus.
But USHER will not impose expensive requirements on campus policies. It will start off with a "Level 1" root based on the "HEPKI-Lite" policy model. As experience and momentum build, and as demand materializes, additional CAs will be added corresponding to progressively higher levels of assurance such as a HIPAA level or a Federal "Basic" or "Medium" Level of Assurance using the full HEBCA-compliant HECP. These higher levels could have stricter requirements on the CPs of subordinate CAs, requirements on the FIPS 140 level of subscribers, extensive auditing and physical security guarantees, etc.
Campuses will be able to deploy locally trusted applications based on their own institutional CA and local policies. One example would be a document signing application, deployed on a small scale at first, then exteded to more desktops and workflows over time.
Campuses can also use the USHER Level 1 root for low-risk inter-institutional applications in which they deem the HEPKI-Lite policy to be adequate, e.g. signed and/or encrypted email. And they can implement their own vetting of other campus policies and out-of-band authorization mechanisms to accomodate applications with higher levels of risk.
If we can get USHER root(s) distributed with the major browsers, campuses could issue their own SSL certs and have them trusted by default, resulting eventually in a great combination of cost savings and convenience.
USHER incorporates the expertise, lessons and experience gained from the operation of the CREN root, the HEPKI Technical Activities Group, the PKILabs, and three years of PKI R&D workshops sponsored with NIST and NIH. But the world of public keys, authentication and authorization is complex and controversial. By starting simple and pooling our insights and experiences as we go along, participants will be well positioned to evolve a set of applications and an infrastructure suited to the needs of academia.