OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

egov message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: US e-Gov dep. turns to gateway PKI

US e-Gov dep. turns to gateway PKI
 
Page 11-13 of the following document which was presented at PKI Workshop 2005, shows that the gateway security model is alive and well also in the US (in the northern Europe it is already a de-facto standard):
http://middleware.internet2.edu/pki05/proceedings/10-kailar-phinms.ppt
 
 
Why the DOH have come to the conclusion to use this model rather than end-to-end security model supported by the US Federal PKI, I don’t know as I did not attend the workshop. However, recent studies in this space point to numerous reasons for taking this route, including cost and migration issues. But probably the major reason for abandoning the end-to-end security model is due to its inability to support collaborative inter-organizational business processes and information systems as the following papers outline:
http://w1.181.telia.com/~u18116613/A.R.AppliedPKI-Lesson-1.pdf
http://w1.181.telia.com/~u18116613/A.R.AppliedPKI-Lesson-2.pdf
 
Long (winding) paper describing more of the rationale behind the gateway/domain PKI model:
http://web.telia.com/~u18116613/pki4org.pdf
 
An extensible sustainable solution
 
Although not entirely obvious unless you dig deep, the gateway security architecture is not an “interim” solution waiting for the real thing (client-side PKI), but rather a very flexible scheme that can “host” arbitrary other PKI trough “PKI tunneling”.
 
Smart cards – A fading proposition
 
Furthermore, this scheme will long-term also likely affect client-side security by utilizing smart devices rather than smart cards in order to make full use of the power of server-level (“virtual”) resources like VISA’s 3D Secure. This will enable the public sector to replace their current quite expensive and hard-to-administer purchasing cards, with in-house server-based administration facilities not requiring any kind of end-user distribution as well as offering much better control of purchases.
 
Anders Rundgren
Located in the EU, working for a US company, but here expressing my personal opinion 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]