[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Update on the CDC gateway PKI
List, I hope that you studied the following, which is the to date only published example on how the US public sector actually use PKI for sophisticated applications (not e-mail): http://middleware.internet2.edu/pki05/proceedings/kailar-phinms.ppt What is particularly interesting, is that pages 11-13 show that CDC use a "gateway" PKI approach rather than the end-to-end security approach implied by the current Federal PKI architecture. A valid question arises: Is the CDC scheme unique? This answer is somewhat funny. CDC's solution is unique from a technical point of view. However, there are probably HUNDREDS of unique gateway solutions within the federal/state sphere. The CDC scheme is though likely to be way ahead of most other schemes. That all gateway schemes "invent" their own credential scheme and security measures is because there are no gateway standards[1], recommended credentials, or guidelines to cling to. Putting RFC 3280 in the hands of information system developers and claiming "this is what you need", is a very unrealistic way to get PKI support on a wider scale. But this is where we are today. How can the PKI TC address this? In my opinion by acknowledging: 1. Gateways is a de-facto standard way of achieving security and interoperability 2. End-to-end security has huge limitations in many important scenarios which means that if such scenarios are to use PKI, some kind of "cookbook" is needed Anders Rundgren 1] The huge pile of WS-* standards do not require/suggest any particular credential scheme, they are just frameworks.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]