IfG.CC - The Potsdam eGovernment Competence Center

Members of the OASIS international standards consortium have published an Action Plan aimed at breaking down barriers to widespread adoption of Public Key Infrastructure (PKI) technology. Considered a foundational Internet security technology, PKI is used to authenticate people, secure commercial transactions, and protect the privacy of emails and telephone conversations, OASIS explains. "The industry's understanding of how digital certificates can be effectively used in e-business and e-government systems has greatly evolved from the early days of PKI," explained John Sabo of Computer Associates, co-chair of the OASIS PKI Technical Committee. "The Committee believes that the security benefits provided by PKI can become more widely available with our proposed plan for addressing the current obstacles to deployment. We believe that following through on this action plan, which incorporates input from PKI experts and adopters, can greatly benefit those implementing emerging Web and e-business standards."

OASIS says its PKI Action Plan builds on the results of a series of surveys conducted by the OASIS PKI Technical Committee with IT staff who have deployed or attempted to deploy PKI. The surveys identified five primary obstacles to adoption: poor or missing support in software applications, high costs, poor understanding of PKI among senior managers and end users, interoperability problems, and lack of focus on business needs.

"The OASIS PKI Action Plan directly addresses these obstacles, calling for clear and specific guidelines for using PKI in the most relevant application types--document signing, secure email, and electronic commerce," OASIS notes. "The Plan also defines the need for interoperability testing, improved educational materials, best practices and other measures to reduce cost, and outreach to software application vendors."

"We're issuing an industry-wide Call-to-Action to increase use of a technology that is essential to achieve the level of security needed in today's world," said Steve Hanna of Sun Microsystems, co-chair of the OASIS PKI Technical Committee. "The tactics spelled out in the OASIS PKI Action Plan are not difficult, but they do require the cooperative efforts of the entire community. That's why members of OASIS are calling on all PKI stakeholders--customers, vendors, standards groups, researchers and government--to join us in executing this Plan."

The OASIS PKI Action Plan is a work product of the OASIS PKI Technical Committee, whose members include Booz Allen Hamilton, Computer Associates, Entrust, FundSERV, IBM, KPMG LLP, RSA Security, Sun Microsystems, VISA International, Wells Fargo, and others. By working together to implement the Plan, the group believes that barriers to deployment can be measurably reduced and PKI usage increased.

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,500 participants representing over 600 organizations and individual members in 100 countries.

Quelle: ebizQ, 23.02.2004