Public Key Infrastructure (PKI) and the components needed to create a PKI are the subject of intense debate.
The Security Program Group regularly examines the legal and regulatory issues, especially in an international context, and for those who need to focus on the changing fortunes of PKI, the group is an ideal forum in which to keep abreast of new developments. The Open Group has an established position, formed by consensus and stated in the Architecture for Public Key Infrastructure (APKI), and PKI issues regularly appear on the Security Program Group's agenda.
The Open Group hosts the Web site for the PKI Forum,
which is an international, not-for-profit,
The IETF has an active PKIX Working Group was established in the Fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. Several informational and standards track documents in support of the original goals of the WG have been approved by the IESG. Development continues centered around RFC 2459.
The American Bar Association has a Science & Technology Division, which in turn operates an Information Security Committee (ISC), which has been the focal point of diverse secure electronic commerce law initiatives since the Division's formation in 1992. The Committee explores current information security issues including those related to public key infrastructure, cryptology, risk analysis, standards, "commercial reasonableness" and the legal efficacy of secure digital commerce. Currently, the ISC is preparing the Public Key Infrastructure Assessment Guidelines (PAG). The PAG will offer a practical guide for the evaluation, assessment, determining compliance with stated policies, and licensing of PKIs. It will also be particularly useful to the audit community. Current work is expected to lead to completion of a public exposure draft in early 2000.
Relevant documents include:
Return to Security Introductory page