Lockstep

[Skip Navigation]
  • Home
  • About Us
  • News
  • Services
  • Partners
  • Library
  • Contact Us
  • Babysteps
  • PKI
    • "Public Key Superstructure"
    • The importance of PKI today
    • Relationship Certificates
    • The "Security Printer" model for CA operations
    • Position Paper on PKI Governance in Australia
    • Position Statement on PKI of the Australian Security Industry
    • Audit based public key infrastructure
    • Privacy positive aspects of public key infrastructures
    • PKI Without Tears
    • Rethinking PKI - the electronic business card
    • Leveraging external accreditation to achieve PKI cross-recognition
    • Demystifying international cross-recognition of PKI
    • Will Biometrics Obsolete PKI?
    • Attribute Certificates and their Limitations
    • Problems in Mandating Strong Personal EOI in PKI
    • A vulnerability analysis of roaming soft certificate solutions
  • Privacy
  • Smartcards
  • eHealth
  • Identity & Authentication
  • Lockstep Technologies
  • Clients & Case Studies
  • Government submissions
  • Online Banking Review
  • Conference presentations
  • Selected Media Interviews
  • Return on Investment
  • Quotes
  • Links
  • Science generally
  • Downloads

"Public Key Superstructure"

A paper accepted for presentation to the NIST's 7th Symposium on Identity and Trust on the Internet, March 2008.

See http://middleware.internet2.edu/idtrust/2008.

This paper introduces the term “Public Key Superstructure” to describe a new way to knit together existing mature PKI components to improve the flexibility, accessibility and cost of digital certificates.

Abstract

While PKI has had its difficulties (like most new technologies) the unique value of public key authentication in paperless transactions is now widely acknowledged. The naïve early vision of a single all-purpose identity system has given way to a more sophisticated landscape of multiple PKIs, used not for managing identity per se, but rather more subtle memberships, credentials and so on. It is well known that PKI’s successes have mostly been in closed schemes. Until now, this fact was often regarded as a compromise; many held out hope that a bigger general purpose PKI would still eventuate. But I argue that the dominance of closed PKI over open is better understood as reflecting the reality of identity plurality, which independently is becoming the norm through the Laws of Identity and related frameworks.

This paper introduces the term “Public Key Superstructure” to describe a new approach to knitting together existing mature PKI components to improve the utility and strategic appeal of digital certificates. The “superstructure” draws on useful precedents in the security printing industry for manufacturing specialised security goods without complicated or un-natural liabilities, and international accreditation arrangements for achieving cross-border recognition of certificates. The model rests on a crucial re-imagining of certificates as standing for relationships rather than identities. This elegant re-interpretation of otherwise standard elements could truly be a paradigm shift for PKI, for it normalises digital certificates, grounding them in familiar, even mundane management processes. It will bring profound yet easily realised benefits for liability, cost, interoperability, scalability, accreditation, and governance.

IDtrust2008 Lockstep PKI Superstructure (1 0 2) PREPRINT[download, 251Kb]
© 2008 Lockstep Consulting ABN 59 593 754 482
11 Minnesota Avenue Five Dock NSW 2046
Mobile: +61 (0) 414 488 851 Email Us
Terms and Conditions