[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Secure Extranet Authentication the way it will done

To: <ietf-pkix@xxxxxxx>
Subject: Secure Extranet Authentication the way it will done
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Fri, 30 Mar 2001 17:24:06 +0200
References: <>

The answer to the question on how individuals should securely authenticate to business parties
have so far been: Use client-certificates and SSL-authentication.  Drawbacks:

- There is no global issuing of  "employment certificates"

- To become a CA or RA under somebody else's umbrella is not core business and does neither
  scale-up (large organizations want to do this themselves), nor scale-down (too complex and expensive)

- If every organization instead becomes a stand-alone CA the whole concept of trust disappears
  and business parties will have to constantly install new root certificates

- X509 certificates do not contain the information needed for many relations which leads
  to out-of-band maintenance of  user attributes which make certificates pretty useless

- IETF attribute certificates have currently almost no infrastructure support

- Bridge CAs address problems that are entirely imposed by poor use of PKI

On  http://buyer.x-obi.com  you can get a glimpse of the future of PKI for B2B.  
Enjoy a free PKI-secured B2B-ride!

Tech/marketing whitepaper:  http://www.x-obi.com/purple

A future standard based on the same basic concept is created in the OASIS security-service TC.

regards
Anders Rundgren
CEO X-OBI AB
+46 70 - 627 74 37

References:
- Re: UIDs popping up in new-part1
  - From: Bob Jueneman

Prev by Date: RE: OCSPv2: 02: certHash is not unique
Next by Date: Re: WG Last Call: Algorithms draft
Previous by thread: Re: UIDs popping up in new-part1
Next by thread: Re: UIDs popping up in new-part1
Index(es):
- Date
- Thread