Cross recognition arrangements

Cross certification

Attempts to create cross border trust within PKI frameworks has historically been attempted through "Cross Certification" which aims to demonstrate that two different CAs are producing certificates unde comparable conditions so that their certificates may be regarded as equivalent.  

The major challenge in cross certification is that the policy mapping involved is labor intensive and time consuming.  

Bridge CAs 

More recently, Bridge CA initiatives have catalysed  the standardisation of key aspects of Certificate Policies, such as identification benchmarks.  This has faciliated policy mapping to some extent, and now there are increasing numbers of PKI domains that have achieved cross certification. 


See e.g.

Link to aerospace Bridge?

Cross Recognition

Cross-certification establishes the equivalence of certificates from different PKIs, yet two users on either end of a transaction often assert different types of credentials (one might be a lawyer while the other is  a doctor) in which case equivalence is moot.  Moreover, one of the parties -- the receiver -- might not even have their own certificate and yet will still need to be able to ascertain the fitness for purpose of the sender's certificate.




Novel approcahes to cross border recognition

See Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I