Title: Content: PKIForum Strategy Communication Best Practice International and standardisation Law Interop
1Content PKI-Forum - Strategy -
Communication - Best Practice
-International and standardisation -Law
-Interoperability TTP providers Projects
- BY Kjell Thorvaldsen, ZebSign AS
- emailkjell.thorvaldsen_at_zebsign.no
2Groups in PKI-forum
Develop strategy and plans of action for PKI
based solutions which support several services
for the end users in the Norwegian marked
3Groups in PKI-forum
Make PKI solutions known and create trust to PKI
solutions towards different user community in
collaboration with the Goverment and TTP providers
4Groups in PKI-forum
Initiate, support and evaluate PKI projects to
show the benefits and reduce of cost with PKI.
Dissiminate best practice of the different PKI
implementations.
5Groups in PKI-forum
- International and standardisation
- Mandate
Explore national and international
implementations of PKI
6Groups in PKI-forum
- Mantain an overview according to needs for action
taken to achive secure and stabil PKI solutions.
7Groups in PKI-forum
Promote collaboration between national
and international PKI solutions that resonable
and good cross certification will bee achevied.
8- Find a solutions that ensure the end user
services and the different interests to the
certificate providers go side by side - Promote relations to international PKI providers
to create common society benefits according to
competitive position in the industry
9Interoperability HOW?
- Create a framework for dialog about
interoperability and Cross sertification - Reveal common interests and needs, and identify
differenses in interests and needs among PKI
providers - Identifying practical solutions, testing and
pilot projects - Dialog betwen end users, Public sector and the
industry in according to achive open PKI
solutions - Monitor and inform about internatioonal
cordinated traffic activities within PKI - Work out a precise definition of different trust
levels (level 1, level2..) to enable risk
management - Identifying common requirements to different
rolles within PKI
10Deliveries
- Describe trust levels to different certificates
- How to approve certificates issued by other PKI
service providers (e.g security level of policy ) - Framework with rolles, secure- transactions and
certificate services as base for signature policy
- Definitions . A list of how the Norwegian PKI
industry interpret the PKI word and phrases - The documents will be published at
www.pki-forum.no by the 1st of may..(?)
11TTP providers
- ZebSign AS
- Joint venture -TelenorNorwegian post
- BBS AS -Banks
- Nordea?
- Verisign?
- .
12Problem with interoperability
Domain 2
Domain 1
CA1
CA2
X.500
X.500
Client1
Client2
13Projects -ZebSign AS
- Oppdal County -Soft Certificate
(oppdalkommune.no) - Smartpay -Certificate on
SIM card (smartpay.no) - BuyPass -Certificate
on (buypass.no, norsktipping.no Norwegian
lottery)Strategy Push out certs, we need to
see how PKI works in daily life
14Other projects
State Bank - Certs used for signing application
for student loan Q3 2003Norsk Hydro -Certs
used for identification and signing against
a web-bank within the company OperableParl
ament -Telenor - SC used for identification and
authentication to access til network
from the home officeStorebrand Certs used
for auttentication and signing insurance
claims
15Questions?
Thank you for the attention!