PKI Policy Bodies and Other Authentication Frameworks by tW51w6


									A review of the PKI Resources Web Page:

PKI Policy Bodies and Other Authentication Frameworks
Stephen Wilson, OASIS PKI Education SC

18 October 2005

For clarity, the bulk of this document is a rough screen shot of the Policy Bodies page (as
at 17 Oct 2005) with amendments shown as revision marks.

In addition, at the end of this paper is a further set of recourses that might be considered
for else where in the OASIS PKI pages.

PKI Policy Bodies and Other Authentication Frameworks
This section presents a number of large scale infrastructure initiatives, typically deployed by
government or by vertical industry groups for the benefit of defined user groups, in order to
provide technology and legal support for secure e-business programs.

 PKI Policy Bodies
 Authentication Frameworks (including PKI enabled National IDs)
 Related Security Policy Bodies, Interest Groups and Promotional Associations

PKI Policy Bodies

These are a mixture of "official" policy authorities, and industry development groups.

US Federal PKI Policy Authority [[]]
Policy for Public Key Infrastructure Management in the Government of Canada [[http://www.tbs-]]

European Electronic Signature Standardisation Initiative
European Technology and Standards Institute (ETSI) Electronic Signatures and Infrastructures
Technical Committee TC ESI [[]]
BACSTEL-IP - a major IP based re-engineering of the UK banking clearance system, involving
one or Europe's biggest PKIs to date.
Security pages - formerly the European CA Forum

Asia PKI Forum
China PKI Forum
Chinese Taipei PKI Forum
Hong Kong PKI Forum
Japan PKI Forum
Korea PKI Forum
Singapore PKI Forum
APEC eSecurity Task Group - the Telecommunications Working Group (TEL) of the Asian Pacific
Economic Cooperation (APEC) hosts an e-Security Task Group. The eSTG has been historically
focused on PKI and e-authentication. The group meets twice a year and all committee papers are
freely available on the web.
Australian Government Gatekeeper - the regulatory body for Australian B2G users of PKI
Australian IT Security Forum - an industry association covering all information security users and
providers, with a focus on PKI

Authentication Frameworks (including PKI enabled National IDs)

North America
US Federal Bridge CA [[]]
US Federal PKI Steering Committee
NIST Personal Identification Verification (PIV) homepage [[
Access Certificates for Electronic Service (ACES)
US Government Smartcards - Homepage for all US government smartcard activities, including a
database of rollout projects, and the Federal Smartcard Handbook (Feb 2004).
US Dept of Defence PKI Homepage

UK eEnvoy
Belgian national ID card and CA Certipost [[]]
Estonia National ID smartcard

Hong Kong Recognition of CAs
Hong Kong Smart ID Card
Taiwan IC National Health Insurance Card
Macao Post eSignTrust [[]] – the de facto national CA
of Macau.
New Zealand Authentication Framework – technology neutral but New Zealand has significant
government PKI systems too; see S.E.E
New Zealand Secure Electronic Environment (S.E.E.) – a pioneering government PKI
Australian Government Authentication Framework
New Queensland Driver License (Australia)
Medicare smartcard (Australia)

Private Sector
Identrus - the worldwide private PKI for the banking industry
Pan Asia Alliance - an association of commercial CAs in North Asia focused on PKI for securing
international trade documentation
EMV - The Europay-MasterCard-Visa consortium develops and administers technology standards
for credit cards worldwide, including the current initiative to transition from magnetic stripe to chip.
Chip & PIN - a nationwide rollout of smartcards for credit and debit in the UK, with over 100
million cards on issue as of early 2005
Global Platform
CableLabs [[]] - operate a closed PKI with embedded certificates for
set-top boxes.

Related Security Policy Bodies, Interest Groups and Promotional Associations

Identity Theft
Anti-Phishing Alliance
Privacy, Security & "Trust"
Liberty Alliance - developing federated identity standards
Trusted Computing Group
Shibboleth - single sign on software initiative
TeleTrusT - Non-profit organization for the promotion of trustworthiness of information and
communication technology
International Security Trust & Privacy Alliance

Wireless Security
Radicchio - "Global Initiative for Wireless eCommerce"
Open Mobile Alliance
Miscellaneous contributions to other Pages

A huge library of smartcard related materials:

NetCards [[]] “The NETC@RDS Project
aims to improve the access of mobile european citizens to the national health care
systems using advanced smart card technology”.

HIPAA Advisory on Smartcards

The Italian law firm Genghini & Associates has a strong collection of security related
links, many to do with PKI, at

Italian CAs: (copied from Genghini & Associates; not checked)

     COMANDO C4 - IEW:


To top