The European Forum for Electronic Business (EEMA) has announced details of its public key infrastructure (PKI) interoperability project, PKI Challenge. The project aims to secure global Internet commerce by encouraging vendors to make their security systems work together with rivals' technology.
One of the major obstacles to the uptake of PKI technology has been the fact that security technologies from different vendors often can't communicate with each other. This has slowed the launch for e-commerce projects among companies worried about the safety of the data on their computer systems. But customers are starting to put pressure on the big PKI vendors to shift their focus away from dominating their space to working with rivals to make products interoperable. In this sense, EEMA wants PKI to become a kind of operating system for public key-enabled applications.
EEMA, which has previously established secure email and directory standards, has been trying to set up a PKI interoperability project for the last four years. Most of the major PKI vendors are also part of the project, along with a host of telecom companies, software firms and government organizations. PKI Challenge officially started in January with funding from the European Commission.
The aim of PKI Challenge is to have a complete infrastructure for testing PKI interoperability by the end of 2002. Among other issues, EEMA will take an ad-hoc approach to encouraging application-to-application interoperability, managing digital certificates from different vendors, allowing communications between different certificate authorities (CAs) and standardizing directory usage.
Frank Jorissen, vice chairman of EEMA and coordinator of the PKI Challenge, is optimistic about the program, because e-business infrastructures are now in place, which means there is a real interest in PKI interoperability. Customers need to have freedom of choice about which vendor they and their partners use for their Internet security.
"If you can't provide [freedom of choice], the customer may not buy anything at all," said Jorissen, who is also deputy VP of Belgian security software company UTiMaco.
Most PKI interoperability initiatives currently underway work by adding a middleman to supply interoperability. For instance, the Federal Bridge project in the US inserts an extra certificate authority into the verification process so that all the government departments that have installed different PKIs can recognize digital signatures, no matter which vendor.
While the US initiative is a start, EEMA is seeking to build interoperability that covers many more forms of PKI technology and build EC standards into the process.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.