Cross recognition arrangements
Attempts to create cross border trust within PKI frameworks has historically been attempted through "Cross Certification" which aims to demonstrate that two different CAs are producing certificates unde comparable conditions so that their certificates may be regarded as equivalent.
The major challenge in cross certification is that the policy mapping involved is labor intensive and time consuming.
More recently, Bridge CA initiatives have catalysed the standardisation of key aspects of Certificate Policies, such as identification benchmarks. This has faciliated policy mapping to some extent, and now there are increasing numbers of PKI domains that have achieved cross certification.
INSERT MORE ABOUT BRIDGE CAS
See e.g. www.fbca.gov
Link to aerospace Bridge?
Cross-certification establishes the equivalence of certificates from
different PKIs, yet two users on either end of a transaction often
assert different types of credentials (one might be a lawyer while the
other is a doctor) in which case equivalence is moot. Moreover, one
of the parties -- the receiver -- might not even have their own
certificate and yet will still need to be able to ascertain the fitness
for purpose of the sender's certificate.
Insert APEC definitions AUTHENTICATION, CROSS RECOGNITION
Novel approcahes to cross border recognition