Sponsoring Forum(s)

Messaging

Security

Bridging the Bridges

Objective of Meeting

This meeting set out to examine activities in the US and Europe to establish Bridge-CAs for the purpose of cross- recognition of security certificates and to identify what is needed to enable cross-Atlantic cross-certification of certificates.

Summary

1. Introduction

Mike Lambert, Director of the Messaging Forum, introduced the meeting with a brief introduction to The Open Group, the Messaging Forum and the objectives of the meeting (which arose out of a meeting in April 2004 in Brussels, Belgium, to consider activities in Europe).

2. The European Bridge-CA Project

Charles Blauner, from  Deutsche Bank, gave an overview of the business objectives and overall architecture of the European Bridge-CA.

The European Bridge-CA is a private partnership between a number of European companies, mostly in Germany, to address the problems associated with interoperability among PKIs and applications, without a hierarchical structure and without n:n cross-certification.

Stephan Wappler, from Noventum Consulting, went into a little more technical detail about the way that the service operates and the current capabilities. He explained how the European Bridge-CA addressed the four major requirements of a bridge infrastructure:

1. Generation of trust relationships (trustworthy exchange of certificates)
2. Access to participants and/or user certificates (directory service)
3. Validation of certificates (validation service)
4. Generation of a contractual framework

3. The US Federal Bridge-CA

Judith Spencer from GSA, and chair of the Federal Industry Credentialing Committee, presented the current state-of-play with the US Federal Bridge-CA. This covered the background to the Federal Bridge-CA, the architecture, and a growing list of cross-certified organizations. The presentation introduced a group that is already working on transatlantic issues, the Transatlantic Secure Collaboration Program (TSCP) (see link below), and included a list of issues that need to be addressed:

1. Compound mapping variance - different degrees of compatibility
2. Undocumented practices - accepted or de facto standards within specific communities
3. Compatibility of relying parties - technical incompatibility
4. Use of constraints - limiting name form or path length
5. Liability
6. Incompatible governance structures 

Finally, Bill Burr, from NIST, presented his view of Bridge-to-Bridge International Cross-Certification issues. He talked about the future of the Federal PKI, and some FIPS that define a common policy framework, plus the transition to stronger encryption. His list of cross-certification issues includes:

1. Legal and general certificate framework
2. How many certificates? Can we include digital signature and non-repudiation in the same certificate?
3. Strategy for 2048-bit keys and 256-bit hashes
4. Naming and name constraints
5. Directories
6. Path discovery
7. Scalable validation and status

Outputs

1. This meeting report.
2. A list of potential barriers to International Cross-Recognition.

Next Steps

Between July 2004 and the meeting in New Orleans in October 2004, research will be carried out to determine:

1. Whether the list of issues from this meeting is complete
2. The extent to which other groups are already working on the issues identified

There will be a follow-up session during the October 2004 meeting to review the results of this research and plan future activities within the Forum.

Links

• US Federal Bridge Certification Authority
• US Federal PKI Policy Authority
• US Government E-Authentication Initiative
• Transatlantic Secure Collaboration Program (TSCP)  How-to Guide

Home · Contacts · Legal · Copyright · Members · News

© The Open Group 1995-2012  Updated on Tuesday, 3 August 2004