OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Nice positive PKI news story

See http://www.news.com/8301-10784_3-9816996-7.html?tag=head

I really like the point that smartcards are the vehicle for simplifying 
PKI ("a perfect complement to PKI") and that products like Microsoft 
Identity Lifecycle Manager and Certificate Lifecycle Manager are important.


November 14, 2007 10:18 AM PST
Expect more PKI in 2008
Posted by Jon Oltsik

Wasn't 1999 supposed to be "the year of Public Key Infrastructure 
(PKI)?" Yes, I know, another analyst prediction that didn't come to 
fruition. It's fair to chastise the analysts for another missed call, 
but PKI certainly shares some of the blame.

It really is difficult to imagine a "year of PKI" because PKI isn't your 
typical technology trend. PKI isn't a standalone security widget, it is 
a complex infrastructure that must be integrated into existing 
applications and business processes. Once implemented however, PKI can 
really improve security, protect data integrity, and bolster identity 

PKI never took off because of demand- and supply-side issues. Customers 
eschewed PKI because it was expensive, difficult to implement, and 
lacked support of many applications. Vendor solutions really didn't 
address these issues very well. PKI products have always been rather 
clunky or academic. IT people love technology but not science projects.

This situation is finally changing. On the demand side, PKI is riding on 
the back of regulatory compliance, security, and business-to-business 
requirements. More companies and government agencies are adopting smart 
cards for physical and IT security, a perfect complement to PKI. 
Application support is more ubiquitous and integration is easier than it 
was in the past. Companies also need to secure data exchange and develop 
trust relationships with external constituencies. PKI to the rescue!

So what about product complexity? The supply-side gang is dealing with 
this as well. Microsoft gets it--its Microsoft Identity Lifecycle 
Manager and Certificate Lifecycle Manager products marry PKI 
functionality with Windows ease of use. Don't get me wrong, PKI is no 
"day at the beach," but Microsoft will continue to tame PKI complexity 
over time. This combined with Windows 2008 server and Vista desktops 
will pave the road from broad PKI adoption.

Organizations who remain averse to managing a PKI infrastructure have 
other attractive options. How about PKI in the clouds? PKI services 
experts like Chosen Security, RSA Security, and Verisign can handle the 
whole enchilada without fussing with server implementation. One phone 
call and PKI becomes an operating expense.

I'm too old to stick out my neck and say that 2008 will be "the year of 
PKI," but in my view, PKI is inevitable. Heck, if you consider secure 
Internet traffic using SSL, it already is. In this era of data breaches 
and identity theft, PKI is rapidly becoming a requirement. Shrewd 
vendors like Chosen Security and Microsoft are meeting this demand with 
robust simplified product offerings. Supply and demand lines are likely 
to cross soon.


Stephen Wilson
Managing Director

Phone +61 (0)414 488 851

Lockstep Consulting provides independent specialist advice and analysis
on identity management, PKI and smartcards.  Lockstep Technologies
develops unique new smartcard technologies to address transaction
privacy and web fraud.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]