Bridging the PKI gap
Federal PKI bridge joins forum to promote use of digital certs between organizations
- By William Jackson
- Jan 16, 2009
The Federal Public Key Infrastructure Architecture, a bridge for authenticating digital certificates issued by federally recognized certificate authorities, has joined with three other bridges to promote the use of these interoperable public key infrastructures.
FPKIA, formerly the Federal Bridge Certification Authority, already has peered with the other forum members, agreeing to validate and accept digital certificates passed by those bridge organizations. Together through the Four Bridges Forum, they plan to increase business and government use of this existing infrastructure to enable trusted communications. Other members of the forum are the defense and aerospace industry bridge operated by CertiPath of Herndon, Va.; SAFE-BioPharma Association, serving the biopharmaceutical and health care industries; and Higher Education Bridge Certification Authority, serving the higher education community.
Digital certificates act as electronic IDs for online activities that can be verified through use of a public key. Validating a certificate is relatively simple if the organization accepting it also is the same organization that issued it. But limiting certificates to this use means that an organization must get into the business of issuing and managing certs for all users, and users must acquire certificates for different uses. PKI bridges simplify the situation by agreeing to accept certificates validated by other organizations that belong to the bridge.
When a foreign certificate is submitted to an application, it's passed along to the bridge, which verifies that it was issued by an organization whose policies have been previously accepted. The bridge also can check with the issuing authority to ensure the certificate is still valid. Members participating in a bridge must meet security, technical and procedural standards for issuing and managing certificates.
Bridges also can associate with each other extend this network of trust. FPKIA recognized its first private-sector peer, the CertiPath bridge, in 2006. CertiPath is a joint venture of Arinc of Annapolis, Md.; Exostar of Herndon, Va.; and Sita of Geneva, Switzerland. VeriSign of Mountain View, Calif., issues certificates to the CertiPath bridge for bridge-to-bridge trust. The higher education and pharmaceutical industries bridges have since joined the confederation. Individuals and groups within these organizations doing business with the government or each other can establish trusted communications through the bridges without issuing certificates of their own or knowing the identity of the parties beforehand.
The four bridges have entered a memorandum of agreement to raise awareness of certification bridges and promote their use. Initial activities will include developing informational and educational materials, establishing a Web site and an educational event to be held in Washington.
William Jackson is a Maryland-based freelance writer.