OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pki-tc] Question on PKI for financial institutions


These consortiums are all driven by bank and they offer TTP-based
identity services.  Initially most of them targeted B2B but today it is
almost 100% about e-governments.

They all use what I call a "pay-per-view" PKI which is a model where
a relying party must have a contract with the trust network and
pay for each verification.  This is very similar to credit card networks.

Due to the fact that all parties have a contract, liability is limited
by the contract.  That is, this is about the opposite to the s.c. qualified
certificates where an unknown relying party could raise huge
claims on a misbehaving CA.

Anders Rundgren
PKI technologist etc.

----- Original Message ----- 
From: "Steve Hanna" <shanna@funk.com>
To: "PKI TC" <pki-tc@lists.oasis-open.org>
Sent: Wednesday, October 27, 2004 18:31
Subject: [pki-tc] Question on PKI for financial institutions

PKI TC members,

I have received the following question:

 > How can financial institutions, like banks,
 > "sell" PKI technology to customers, from a
 > business point of view and not a security/risk
 > mitigation point of view?

I don't have much expertise in this area so
I thought I'd pass the question on to this
august body. Any ideas?

If you want to contact the questioner directly,
please let me know and I'll put you in touch.
He's not a PKI TC member so he can't send to
this list.



To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]