[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [pki-tc] Trivial PKI Question
A "Trivial" PKI
Question Assume that you have a business message like a purchase order <Order> <From name="Big Buyer Corp."> <OurRef name="John Doe"/> </From> <To name="MegaCar International"/> <Item>10 Medium-sized SUVs</Item> <Comment>Make it quick please!</Comment> </Order> Now assume that "Big Buyer Corp." is an advanced organization using digital signatures. Question: How should the identity as expressed in a business
document relate to the identity as expressed by the signer's certificate?
Among the complications we find
One can note that the only PKIs working on a global scale, are
building on a one-to-one identity mapping between the entity's perceived
identity and the identity as expressed in the certificate. Yes, I of
course refer to e-mail and web-server certificates.
Other aspiring users of PKI, like e-commerce, have not even begun
to look into this issue as apparently nobody feels that it is
"their business". Who are we wainting for? The IETF?, OASIS?, W3C?,
EU?, UN? Or are we maybe waiting for Microsoft?.
A LONG-TERM REMEDY To create a foundation for a more robust and "frictionless" PKI-secured e-business, I strongly believe that there long-term should be a one-to-one mapping between [basic] business message identities and certificate identities. As the business community is never going to adopt X.500 naming, as well as having their own naming problems, this will likely require changes on both sides. A possible scheme using the currently only globally functioning naming system (DNS/URIs), is that entities are uniquely defined by two elements: - A naming domain (name space) based on a URI like: "http://www.visa.com/cc" - A local identifier in that domain like: 4555-5555-2244-8888 Although the example identified a credit-card, the scheme works for just about any kind of object or entity. An advantage of using HTTP URIs is that you usually can get further information "by clicking on the link". Anders Rundgren |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]