Diff for Cross recognition arrangements
| Tue, 09/11/2007 - 18:59 by Stephen.Wilson | Tue, 09/11/2007 - 19:32 by Stephen.Wilson | ||
|---|---|---|---|
| Changes to Body | |||
| Line 1 | Line 1 | ||
<p>
| <p>
| ||
| - |
| + | <strong>Cross certification</strong>
|
</p>
| </p>
| ||
<p>
| <p>
| ||
| - | <strong>P</strong><strong>apers</strong><br />
| + | Attempts to create cross border trust within PKI frameworks has historically been attempted through "Cross Certification" which aims to demonstrate that two different CAs are producing certificates unde comparable conditions so that their certificates may be regarded as equivalent.
|
</p>
| </p>
| ||
<p>
| <p>
| ||
| - | <strong>
| + | The major challenge in cross certification is that the policy mapping involved is labor intensive and time consuming.
|
| - | Demystifying international cross-recognition of PKI</strong>
| + | |
</p>
| </p>
| ||
<p>
| <p>
| ||
| - | Abstract
| + | <strong>Bridge CAs</strong>
|
| + | </p>
| ||
| + | <p>
| ||
| + | More recently, Bridge CA initiatives have catalysed the standardisation of key aspects of Certificate Policies, such as identification benchmarks. This has faciliated policy mapping to some extent, and now there are increasing numbers of PKI domains that have achieved cross certification.
| ||
| + | </p>
| ||
| + | <p>
| ||
| + | <em>INSERT MORE ABOUT BRIDGE CAS </em>
| ||
| + | </p>
| ||
| + | <p>
| ||
| + | See e.g. www.fbca.gov
| ||
| + | </p>
| ||
| + | <p>
| ||
| + | <em>Link to aerospace Bridge? <br />
| ||
| + | </em>
| ||
| + | </p>
| ||
| + | <p>
| ||
| + | <strong>Cross Recognition</strong>
| ||
</p>
| </p>
| ||
<p>
| <p>
| ||
| - | Cross-certification and cross-recognition continue to be stumbling
| ||
| - | blocks in PKI. Cross-certification has been a lofty goal for many years
| ||
| - | but has proven to be expensive and impractical. And when we look at it
| ||
| - | closely, we find that it wouldn't give users much benefit in any event.
| ||
Cross-certification establishes the equivalence of certificates from
| Cross-certification establishes the equivalence of certificates from
| ||
| - | different PKIs, yet two users on either end of a transaction are
| + | different PKIs, yet two users on either end of a transaction often
|
| - | usually asserting different types of credentials which will never be
| + | assert different types of credentials (one might be a lawyer while the
|
| - | equivalent. The fundamental issue for users is not equivalence; it is
| + | other is a doctor) in which case equivalence is moot. Moreover, one
|
| - | fitness for purpose.
| + | of the parties -- the receiver -- might not even have their own
|
| + | certificate and yet will still need to be able to ascertain the fitness
| ||
| + | for purpose of the sender's certificate.<br />
| ||
| + | </p>
| ||
| + | <p>
| ||
| + | <em>Insert APEC definitions AUTHENTICATION, CROSS RECOGNITION </em>
| ||
| + | </p>
| ||
| + | <p>
| ||
| + |
| ||
| + | </p>
| ||
| + | <p>
| ||
| + |
| ||
</p>
| </p>
| ||
<p>
| <p>
| ||
| - | We're accustomed to the role of independent audit reports helping us
| + | <strong>Novel approcahes to cross border recognition</strong>
|
| - | to decide if a CA can be relied upon, but the decision is traditionally
| + | |
| - | made out-of-band. This paper will present a new way of making a CA's
| + | |
| - | audit report machine-readable, as a standard X.509 certificate. The
| + | |
| - | approach is based on existing international audit standards and mature
| + | |
| - | accreditation systems. It thereby demystifies PKI, clarifies liability,
| + | |
| - | cuts compliance costs, and preserves sovereignty in communities of
| + | |
| - | interest and national schemes.
| + | |
</p>
| </p>
| ||
<p>
| <p>
| ||
Cross recognition arrangements
Cross certification
Attempts to create cross border trust within PKI frameworks has historically been attempted through "Cross Certification" which aims to demonstrate that two different CAs are producing certificates unde comparable conditions so that their certificates may be regarded as equivalent.
The major challenge in cross certification is that the policy mapping involved is labor intensive and time consuming.
Bridge CAs
More recently, Bridge CA initiatives have catalysed the standardisation of key aspects of Certificate Policies, such as identification benchmarks. This has faciliated policy mapping to some extent, and now there are increasing numbers of PKI domains that have achieved cross certification.
INSERT MORE ABOUT BRIDGE CAS
See e.g. www.fbca.gov
Link to aerospace Bridge?
Cross Recognition
Cross-certification establishes the equivalence of certificates from
different PKIs, yet two users on either end of a transaction often
assert different types of credentials (one might be a lawyer while the
other is a doctor) in which case equivalence is moot. Moreover, one
of the parties -- the receiver -- might not even have their own
certificate and yet will still need to be able to ascertain the fitness
for purpose of the sender's certificate.
Insert APEC definitions AUTHENTICATION, CROSS RECOGNITION
Novel approcahes to cross border recognition
Search
Subscribe
Recent Content
- IDtrust Wiki Knowledge base
9 years ago - Authentication frameworks
10 years ago - PKI and Privacy
10 years ago - Nominations open for OASIS IDtrust Steering Committee
10 years ago - UK government adopts IT open standards policy
11 years ago - Trust will make or break cloud ID management services
11 years ago
