If we separate trainees into groups based on some criteria like technical know-how then:

• How many groups?
• What is the separation criteria? (e.g., job function, title, self-evaluation)
• What are the groups called? (e.g., non-technical, technically savvy, technical)
• What training material is included/excluded for each group?

Preparation

• Schedule training facilities
• Assure audio-visual and/or student computers are available & functional
• If hands-on training need:
  • Training eTokens
  • Training personal certificates
  • Training leave reports (i.e., no Banner update?)
  • Training computer for each student with USB port
  • Instructors

Basic material

• What is PKI?
• Why are we doing this?
  • Thoughts: design, implement and tweak the infrastructure.  IT testing functionality. Slowly roll-out university wide for wide scale testing and acceptance. Uncover weaknesses. Refine & improve.
• What is the goal?
• Who is included? (who can get a cert?)
• Why eTokens?
• What about smartcards?  Hokie Passport?

Getting started

• Note: If possible a hands-on exercise of obtaining an eToken and personal certificate would be good and an effective training tool
• Obtaining an eToken
• Normally Student Telecommunications office in Student Services building.  For IT Pilot in the AISB atrium.
• Need 2 forms of "acceptable" identification credentials
  • Hokie Passport
  • Virginia drivers license
  • DMV photo id
• Need to set a PIN for the eToken.  This is a complex password similar to that required for Hokies ID.  This should be different from all your other passwords.
• Are we using a challenge/response question(s) (hint?) for forgotten passwords?

How To Use

• Note: If possible a hands-on exercise of using an eToken to sign a test leave report would be used.
• Use "Quick Start" guide to walk through process of signing a leave report
• Review signed but not yet approved leave report
• Have student use whomever is sitting next-to/close-to them as "supervisor" for approval process.
• Review signed and approved leave report
• Revoke a certificate (do we want to demonstrate this or have students actually do it?)

Security Issues

• Lost or stolen eToken
  • Needs PIN not just token
  • Certificate can be revoked
• Some software automatically uses the personal certificate if the token is left in USB drive.
• No encryption initially (key escrow issue)
• No caching of cert or PIN
• Use complex passwords when changing PIN

Supported vs Unsupported

• Only leave reports initially.
• Initially no support for digitally signed e-mail but has been tested on ... e-mail clients.
• Executive Vice President, Mr. Jim Hyatt's goal is one step closer to paperless office.