Galexia

PKI Interoperability Models (February 2005)

3.2. OASIS PKI Forum

The Organization for the Advancement of Structured Information Standards[9] (OASIS) is a body that authors standards for a wide range of e-commerce applications, including PKI. The PKI Forum, originally set up by a group of private vendors, was taken over by OASIS in 1999, and has done important work in the development of PKI over the past five years.

OASIS recognises seven models for PKI Interoperability:

  • Cross-certification ;
  • Cross-recognition;
  • Bridge CA;
  • Certificate Trust Lists;
  • Accreditation Certificate;
  • Strict hierarchy; and
  • Delegated path discovery and validation.

However, they note that “some of these options are not necessarily mutually exclusive, and a single solution may not be appropriate for all conceivable environments”.[10]

The OASIS Public Key Infrastructure Technical Committee has begun implementation of its PKI Action Plan[11], which attempts to address the primary obstacles to PKI deployment and usage. One small part of the action plan is to improve interoperability through further testing. OASIS plans to:

Provide conformance test suites, interoperability tests, and testing events for the three most popular applications (Document Signing, Secure Email, and Electronic Commerce) to improve interoperability. Certificate management protocols and smart card compatibility are also a concern... The PKI TC will work with organisations that have demonstrated involvement in or conduct of PKI interoperability testing or conformance testing to identify and encourage existing or new efforts in this area.[12]

[9] <http://www.oasis-open.org>

[10] Oasis PKI, CA-CA Interoperability Whitepaper, March 2001
<http://www.pkiforum.org/pdfs/ca-ca_interop.pdf>.

[11] Oasis PKI Technical Committee, PKI Action Plan, 22 February 2004
<http://www.oasis-open.org/committees/pki/pkiactionplan.pdf>.

[12] See footnote 11.