Content: PKIForum Strategy Communication Best Practice International and standardisation Law Interop

1
Content PKI-Forum - Strategy -
Communication - Best Practice
-International and standardisation -Law
-Interoperability TTP providers Projects

• BY Kjell Thorvaldsen, ZebSign AS
• emailkjell.thorvaldsen_at_zebsign.no

2
Groups in PKI-forum

• Strategy
• Mandate

Develop strategy and plans of action for PKI
based solutions which support several services
for the end users in the Norwegian marked
3
Groups in PKI-forum

• Communication
• Mandate

Make PKI solutions known and create trust to PKI
solutions towards different user community in
collaboration with the Goverment and TTP providers
4
Groups in PKI-forum

• Best Practice
• Mandate

Initiate, support and evaluate PKI projects to
show the benefits and reduce of cost with PKI.
Dissiminate best practice of the different PKI
implementations.
5
Groups in PKI-forum

• International and standardisation
• Mandate

Explore national and international
implementations of PKI
6
Groups in PKI-forum

• Law
• Mandate

• Mantain an overview according to needs for action
  taken to achive secure and stabil PKI solutions.

7
Groups in PKI-forum

• Interoperability
• Mandate

Promote collaboration between national
and international PKI solutions that resonable
and good cross certification will bee achevied.
8

• Interoperability
• Mandate

• Find a solutions that ensure the end user
  services and the different interests to the
  certificate providers go side by side
• Promote relations to international PKI providers
  to create common society benefits according to
  competitive position in the industry

9
Interoperability HOW?

• Create a framework for dialog about
  interoperability and Cross sertification
• Reveal common interests and needs, and identify
  differenses in interests and needs among PKI
  providers
• Identifying practical solutions, testing and
  pilot projects
• Dialog betwen end users, Public sector and the
  industry in according to achive open PKI
  solutions
• Monitor and inform about internatioonal
  cordinated traffic activities within PKI
• Work out a precise definition of different trust
  levels (level 1, level2..) to enable risk
  management
• Identifying common requirements to different
  rolles within PKI

10
Deliveries

• Describe trust levels to different certificates
• How to approve certificates issued by other PKI
  service providers (e.g security level of policy )
• Framework with rolles, secure- transactions and
  certificate services as base for signature policy
  
• Definitions . A list of how the Norwegian PKI
  industry interpret the PKI word and phrases
• The documents will be published at
  www.pki-forum.no by the 1st of may..(?)

11
TTP providers

• ZebSign AS
• Joint venture -TelenorNorwegian post
• BBS AS -Banks
• Nordea?
• Verisign?
• .

12
Problem with interoperability
Domain 2
Domain 1
CA1
CA2
X.500
X.500
Client1
Client2
13
Projects -ZebSign AS
- Oppdal County -Soft Certificate
(oppdalkommune.no) - Smartpay -Certificate on
SIM card (smartpay.no) - BuyPass -Certificate
on (buypass.no, norsktipping.no Norwegian
lottery)Strategy Push out certs, we need to
see how PKI works in daily life
14
Other projects
State Bank - Certs used for signing application
for student loan Q3 2003Norsk Hydro -Certs
used for identification and signing against
a web-bank within the company OperableParl
ament -Telenor - SC used for identification and
authentication to access til network
from the home officeStorebrand Certs used
for auttentication and signing insurance
claims
15
Questions?
Thank you for the attention!