The OASIS PKI Adoption TC Objectives and Work Program Burton Group Catalyst Workshop June Leung on behalf of Stephen Wilson Chair, OASIS PKI Adoption TC

1
The OASIS PKI Adoption TC Objectives and Work
ProgramBurton Group Catalyst Workshop June
Leung on behalf of Stephen Wilson Chair, OASIS
PKI Adoption TC
www.oasis-open.org
2
The PKI environment c. 2006

• PKI is resurgent
• Embedded PKI is commonplace
• Were all in the midst of a paradigm shift to
  identity plurality
• Digital Certificates can be about relationships
  as well as (or instead of) personal identity
• Successful PKI has always been application
  specific, not general purpose

3
Resurgent, embedded PKI

• Closed (vertical) schemes
• US PIV, Identrus, ICAO e-passports, CableLabs,
  Skype, BankID (Sweden)
• Health smartcards
• France, Germany, Taiwan, Italy, Austria,
  Australia
• Digital Credentials
• US Patent Office, France, Taiwan, Australia

4
Identity plurality

• Identity 2.0 (archetype Cardspace)
• Too soon to tell precise outcomes
• But its a progressive re-think of identity,
  context, privacy, control etc.
• Fundamental concept is plurality of identities.
• Stephen Kents critique
• For big CAs, there is an implicit assumption
  that a single certificate is all that a user
  should need. This assumes that one identity is
  sufficient for all applications, which
  contradicts experience

5
The top five obstacles

• According to OASIS Surveys 1 2
• 1. Software applications dont support PKI
• 2. Costs too high
• 3. PKI poorly understood
• 4. Too much focus on technology (not need)
• 5. Poor interoperability

6
PKIA TC Fresh objectives

• Continue to overcome obstacles with targeted
  practical initiatives that improve understanding
  of PKI
• Disseminate case studies
• Develop position papers
• Liaise more closely with other OASIS efforts,
  esp. under the umbrella of the new IDtrust Member
  Section

7
Embedded PKI application Device authentication

• Some of the oldest, most successful PKIs are for
  device authentication
• GSM SIM cards
• SSL server certificates
• IPsec VPN devices
• Cable Open TV set-top boxes

8
Embedded PKI application Skype

• Each Skype subscriber receives a digital
  certificate embedded in Skype install
• Zero User Interface (ZUI) principle i.e.
  Subscriber unaware of their certificate!
• http//share.skype.com/sites/security

9
Embedded PKI application Medicos smartcards

• France (500,000)
• Taiwan (300,000)
• Australia (10,000)
• wide range of PKI enabled lodgments
• electronic prescribing in development
• certificates represent doctors qualifications
• wholesale supply to hospitals etc.

10
Case Studies

• Digital Signatures deployed in US Notary
• Digital Signatures used in an international
  clinical company improve workflow and efficiency.
  
• Certificates provided to Health Care Providers in
  Australia for business to government
  transactions.
• More information? Please visit
• Idtrust.xml.org

11
www.oasis-open.org
OASIS PKI AdoptionTechnical Committeewww.oasis-o
pen.org/committees/pki Stephen Wilson
swilson_at_lockstep.com.au0414 488851