Bridge CA update?

[Stephen Wilson <swilson@lockstep.com.au>]

Dear All

Does any one have an independent and up-to-date view of how the US Federal 
Bridge CA is travelling?  I have been told that some agencies are choosing 
to not be involved with the FBCA, for reasons I think to do with 
complexity (although I may be wrong about that).  

Is the take-up rate of the Bridge meeting expectations?  Or is there 
perhaps some caution still (as there is with PKI in general)? 

And is there a view of what the appearance of other sector-specific 
Bridges means, in pharma, aerospace etc?  Personally, I interpret sector 
specific Bridges as a sign that PKI itself is naturally sector specific. 

I am drafting a paper, separate from Oasis activities at this stage, on 
PKI interoperability models, and am trying to reach a critical, 
constructive view of the Bridge.  

I note that a newer European Bridge CA Model appears to be less 
prescriptive with regards to CP/CPS than the US FBCA.  I don't know a lot 
about the European model yet, but I might hazard a guess that the US FBCA 
in effect implements cross-certification (with precise policy mapping of 
all member CAs) whereas the European Bridge might be attempting "cross 
recognition" where the certificates of members are not taken as mutually 
equivalent, but rather are recognised for more particular purposes. 

All feedback most welcome!

Cheers, 

Stephen.



Stephen Wilson
Lockstep Consulting Pty Ltd
ABN 59 593 754 482

11 Minnesota Ave
Five Dock NSW 2046
Australia

P +61 (0)414 488 851

--------------------

About Lockstep 
Lockstep was established in early 2004 by noted authentication expert 
Stephen Wilson, to provide independent advice and analysis on cyber 
security policy, strategy, risk management, and identity management.  
Lockstep is also developing unique new smartcard solutions to address 
privacy and identity theft. 
Contact swilson@lockstep.com.au.