Home · About · A-Z Index · Search · Contacts · Press · Register · Login

Security Forum


Return to Security home page
Current work:

- Managers Guides

- MGIS

- Data Privacy

- PKI

- Guide to PKI

- Identity Mgt

- Access Control

- Security Patterns

- Secure Messaging

Strategy/Roadmap

Useful links:

Security topics

Info sources

Liaisons

How we work

Open Group Security Standards/Guides

PKI

Public Key Infrastructure (PKI) and the components needed to create a PKI are the subject of intense debate.

Is a PKI a prerequisite for eCommerce?
Is a global PKI achievable?

The Security Forum regularly examines the legal and regulatory issues, especially in an international context, and for those who need to focus on the changing fortunes of PKI, the group is an ideal forum in which to keep abreast of new developments. The Open Group has an established position, formed by consensus and stated in the Architecture for Public Key Infrastructure (APKI), and PKI issues regularly appear on the Security Forum's agenda.

The latest review by The Open Group was a BoF (Birds of a Feather) session held during its Quarterly Conference in April 2001

CDSA (Common Data Security Architecture) can be used to support a PKI. It provides a set of security services that address communications and data security requirements, including in the emerging Internet and Intranet application space. It comprises 3 basic layers: a set of system security services; a Common Security Services Manager (CSSM); and add-in security modules for security services (including Cryptographic, Trust Policy, Certificate Library, Data Storage Library, Authentication Computation, Key Recovery).

The Open Group supported the PKI Forum through its first year of operation. The PKI Forum is an international, not-for-profit, multi-vendor alliance whose purpose is to accelerate the adoption and use of Public-Key Infrastructure (PKI) and PKI-based products and services. The PKI Forum advocates industry cooperation and market awareness to enable organizations to understand and exploit the value of PKI in their e-business applications.

Other relevant work on PKI interoperability and the PKI challenge is underway in the EEMA, and in 2 European Commission projects: TIE, and TESI.

The IETF established a PKIX Working Group in the Fall of 1995, with the intent of developing Internet standards needed to support an X.509-based PKI. Several informational and standards track documents in support of the original goals of the WG have been approved by the IESG, and they are now on X509 version 3. Development continues based on RFC 2459.

The American Bar Association has a Science & Technology Division, which in turn operates an Information Security Committee (ISC), which has been the focal point of diverse secure electronic commerce law initiatives since the Division's formation in 1992. The Committee explores current information security issues including those related to public key infrastructure, cryptology, risk analysis, standards, "commercial reasonableness" and the legal efficacy of secure digital commerce. The ISC recently made their Public Key Infrastructure Assessment Guidelines (PAG) document publicly available for formal public review. The PAG offers practical guidance for the evaluation, assessment and licensing of PKIs, including their compliance with stated policies. It will also give particularly useful duidance to the audit community.

Relevant documents include:

Send email to the PKI discussion list.


Home · Contacts · Legal · Copyright · Members · News
© The Open Group 1995-2020