PKI

Public Key Infrastructure (PKI) and the components needed to create a PKI are the subject of intense debate.

Is a PKI a prerequisite for eCommerce?
Is a global PKI achievable?

The Security Program Group regularly examines the legal and regulatory issues, especially in an international context, and for those who need to focus on the changing fortunes of PKI, the group is an ideal forum in which to keep abreast of new developments. The Open Group has an established position, formed by consensus and stated in the Architecture for Public Key Infrastructure (APKI), and PKI issues regularly appear on the Security Program Group's agenda.

The Open Group hosts the Web site for the PKI Forum, which is an international, not-for-profit,
multi-vendor alliance whose purpose is to accelerate the adoption and use of Public-Key Infrastructure (PKI) and PKI-based products and services. The PKI Forum advocates industry cooperation and market awareness to enable organizations to understand and exploit the value of PKI in their e-business applications.

The IETF has an active PKIX Working Group was established in the Fall of 1995 with the intent of developing Internet standards needed to support an X.509-based PKI. Several informational and standards track documents in support of the original goals of the WG have been approved by the IESG. Development continues centered around RFC 2459.

The American Bar Association has a Science & Technology Division, which in turn operates an Information Security Committee (ISC), which has been the focal point of diverse secure electronic commerce law initiatives since the Division's formation in 1992. The Committee explores current information security issues including those related to public key infrastructure, cryptology, risk analysis, standards, "commercial reasonableness" and the legal efficacy of secure digital commerce. Currently, the ISC is preparing the Public Key Infrastructure Assessment Guidelines (PAG). The PAG will offer a practical guide for the evaluation, assessment, determining compliance with stated policies, and licensing of PKIs. It will also be particularly useful to the audit community. Current work is expected to lead to completion of a public exposure draft in early 2000.

Relevant documents include:

  • Architecture for a PKI (APKI) - Open Group publication.
  • Proposal for a Co-operative Initiative in Europe (PDF, Postscript) on the implementation of security standards - submitted by the chair of ICE (Europe)
  • The Common Data Security Architecture Version 2, which includes specifications for cryptographic, certificate management, trust policy management and key-recovery services.
  • The market requirements statement (PDF), generated by The Open Group Customer Council
  • Business Requirements for Key Recovery, - draft 2.1 (PDF, Postscript)
    submitted by the Key Recovery Alliance for industry review and comment.
  • Proposals for an HMG PKI, A set of documents (in both Postscript and Acrobat PDF), - submitted by the Communications Electronic Security Group (CESG) for review and comment.

Return to Security Introductory page

    
© 1995-2018
     Sales Enquiries      Site Index