OASIS Mobilizes to Overcome Challenges to PKI Adoption.Business Editors/High-Tech Writers SAN FRANCISCO--(BUSINESS WIRE)--Feb. 23, 2004 Members of the OASIS international standards consortium have published an Action Plan aimed at breaking down barriers to widespread adoption of Public Key Infrastructure (PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of ) technology. Considered a foundational Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. technology, PKI is used to authenticate people, secure commercial transactions, and protect the privacy of emails and telephone conversations. "The industry's understanding of how digital certificates can be effectively used in e-business and e-government systems has greatly evolved from the early days of PKI," explained John Sabo of Computer Associates, co-chair of the OASIS PKI Technical Committee. "The Committee believes that the security benefits provided by PKI can become more widely available with our proposed plan for addressing the current obstacles to deployment. We believe that following through on this action plan, which incorporates input from PKI experts and adopters, can greatly benefit those implementing emerging Web and e-business standards." The OASIS PKI Action Plan builds on the results of a series of surveys conducted by the OASIS PKI Technical Committee with IT staff who have deployed or attempted to deploy PKI. The surveys identified five primary obstacles to adoption: 1) poor or missing support in software applications, 2) high costs, 3) poor understanding of PKI among senior managers and end users, 4) interoperability problems, and 5) lack of focus on business needs. The OASIS PKI Action Plan directly addresses these obstacles, calling for clear and specific guidelines for using PKI in the most relevant application types--document signing, secure email, and electronic commerce. The Plan also defines the need for interoperability testing, improved educational materials, best practices and other measures to reduce cost, and outreach to software application vendors. "We're issuing an industry-wide Call-to-Action to increase use of a technology that is essential to achieve the level of security needed in today's world," said Steve Hanna of Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. , co-chair of the OASIS PKI Technical Committee. "The tactics spelled out in the OASIS PKI Action Plan are not difficult, but they do require the cooperative efforts of the entire community. That's why members of OASIS are calling on all PKI stakeholders--customers, vendors, standards groups, researchers and government--to join us in executing this Plan." The OASIS PKI Action Plan is a work product of the OASIS PKI Technical Committee, whose members include Booz Allen Hamilton Booz Allen Hamilton, Inc., referred to as Booz Allen is one of the oldest strategy consulting firms in the world.[1] The firm formerly had two consulting divisions: WCB (Worldwide Commercial Business, also known as “The Commercial Side”) and WTB , Computer Associates, Entrust, FundSERV, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm) KPMG Kaiser Permanente Medical Group KPMG Keiner Prüft Mehr Genau (German) KPMG Kommen Prüfen Meckern Gehen LLP LLP - Lower Layer Protocol , RSA Security RSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, and maintains offices in Ireland, the United Kingdom, Singapore, India, and Japan. RSA organizes the annual RSA conference. , Sun Microsystems, VISA International, Wells Fargo Wells Fargo armored carriers of bullion. [Am. Hist.: Brewer Dictionary, 1147] See : Protectiveness Wells Fargo company that handled express service to western states; often robbed. [Am. Hist. , and others. By working together to implement the Plan, the group believes that barriers to deployment can be measurably reduced and PKI usage increased. Support for OASIS PKI Action Plan "As a public-key infrastructure pioneer, we have actively participated in the development of the OASIS PKI Technical Committee's Action Plan," said Sharon Boeyen, Principal Consultant with Entrust, Inc. "We fully support the goal of OASIS to increase awareness of PKI and foster the growth of Internet-scale federated identity In information technology, federated identity has two general meanings:
"Having been in the PKI arena for the past four years, FundSERV has experienced many of the obstacles identified by the survey. A clear and universal action plan like the one that has been defined by OASIS will be of immense benefit to the PKI community and help overcome barriers to adoption," said Amir Jafri, Vice President of Technology, FundSERV Inc. "Building public key infrastructure that realizes the promise of public key cryptography An encryption method that uses a two-part key: a public key and a private key. To send an encrypted message to someone, you use the recipient's public key, which can be sent to you via regular e-mail or made available on any public Web site or venue. has proved more difficult than anyone imagined when Marty Hellman and I came up with the idea of public key systems in the 1970s," said Dr. Whitfield Diffie Bailey Whitfield 'Whit' Diffie (born June 5 1944) is a US cryptographer and one of the pioneers of public-key cryptography. He received a Bachelor of Science degree in mathematics from the Massachusetts Institute of Technology in 1965. , Sun Fellow and Chief Security Officer of Sun Microsystems, Inc. "The OASIS PKI Action plan is an important step toward the eventual interoperability of all public key implementations. I am very pleased with Sun's contribution to OASIS and delighted with our endorsement of the Plan." About OASIS OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. , conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,500 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org Additional information: OASIS PKI Technical Committee http://www.oasis-open.org/committees/pki OASIS PKI Action Plan: http://www.oasis-open.org/committees/pki/pkiactionplan.pdf |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion