IAM in Service Catalog
A Certificate Authority (CA) is maintained by the University of Washington (UW) to facilitate secure communication between clients and services at the University of Washington by issuing IETF X.509 client and server certificates to authorized applications.
These certificates allow the applications to positively identify themselves and to authenticate their peers in a communications network.
This Certificate Practices Statement (CPS) describes the policies in place for the CA identified by the following certificates:
UW Services CA
It is expected that a majority of the University community will install the UW Services CA root certificate into their browsers or email clients as a trusted certificate authority, thereby allowing UW issued certificates to seamlessly and securely authenticate UW web and email applications.
Certificates issued by the CA may be used only by authorized administrators of services provided by the University of Washington. They may be used to identify web servers and IMAP servers to their clients. They may also be used to identify each peer of an application to application communication.
The CA maintains one or more secure root certificates along with: tools to securely sign, renew, and revoke certificate requests; a database of issued certificates; a list of revoked certificates; and a log of activity.
The "UW Services CA" certificate is available for installation into any browser or application.
The root certificate key is maintained on a secure system housed in a locked area of the University of Washington's computing facility and is accessible only through remote procedures by CA administrators and other authorized personnel for issuance and revocation of certificates and creation of Certificate Revocation Lists (CRL).
Certificates issued by the CA contain:
Standard clients and servers:
Not Before: The date of issuance
X.509 v3 Certificate Extensions
Basic Constraints: CA:FALSE
Certification revocation is also by authenticated web transaction, and may be instigated only by the certificate holder. The CA maintains a publicly available Certificate Revocation List (CRL) for each root certificate.
The CA maintains logs of all transactions.
Certificates are available only for authorized services of the University. Application administrators requesting one or more certificates are expected to:
UW reserves the right to modify the services of this CA, including, but not limited to:
Additions to service will be accompanied by corresponding documentation in this CPS. Current certificate holders will be notified by email to the certificate owner prior to any modifications which may adversely affect their applications.
Send inquiries to email@example.com.
THE UNIVERSITY OF WASHINGTON MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THESE SERVICES, INCLUDING ANY WARRANTIES OF TITLE, NONINFRINGEMENT OF COPYRIGHT OR PATENT RIGHTS OF OTHERS, MERCHANTABILITY, OR FITNESS OR SUITABILITY FOR ANY PURPOSE.