Interoperability

 

Interoperability in general

"Interoperability" in authentication has come to be understood in terms of "tiers" variously described as ranging from low level "technical" interoperability to high level "business" or "application" interoperability. The idea of tiers and of an interoperability stack appeals to the very mature and almost universally adopted 7 level communications model of OSI.

While seamless interoperability may be a long way off, much good preparatory work has been done in the form of surveys and analyses of legal and other impediments.  See: 

 

OECD Authentication Survey - OECD "Summary of Responses to the Survey of Legal and Policy Frameworks for Electronic Authentication Services and E-Signatures in OECD Member Countries" Organisation for Economic Cooperation and Development 3 August 2004

 

PKI interoperability

Most activity so far has expended in PKI circles.

See International Harmonization of Policy Requirements for CAs issuing Certificates of the European standards body ETSI.

A simple discussion of interoperability layers acan be found at PKI Interoperability.

The Australian Payments Clearing Association has published its experience in Internet Based Payments Application - Trust and Digital Certificates which includes this gem:

“[PKI] interoperability is something of a will-o’-the-wisp. You think you understand what people mean by it, and then quickly realise that you don’t. In my experience, it’s possible when discussing interoperability to be at cross-purposes for all of the time. Interoperability between members of the same PKI is axiomatic. Certificates issued by one bank should be recognisable by another. Interoperability becomes an issue when it is between different PKIs … But this still leaves the basic question of interoperable in respect of what?

 

The Asia PKI Forum and the APEC eSecurity Task Group have investigated interperability extensively. Several publications are available: