Public key infrastructure (PKI) is poised for a resurgence, with associated identity technologies increasingly underpinning applications as organisations look to securely share information, according to vendors at a standards conference in London.
While it was a hot buzzword during the peak of the technology boom, PKI fell out of favour as IT projects were increasingly seen as bloated and without sufficient focus.
"PKI still has a lot of perception problems," senior vice-president of identity management for Cybertrust, Stijn Bijnens, said.
Bijnens was one of several participants in a conference by the Organisation for the Advancement of Structured Information Standards (Oasis), a consortium that developments standards for business applications.
PKI uses certificates that have been verified by a certification authority and allows other organisations or people to exchange trusted information. PKI simplifies e-government and e-commerce by letting a person identify themselves once to a certification authority that vouches for the person's identity when they interact with other organisations in the infrastructure.
Several changes in IT should spur growth of PKI. Microsoft's release of its next generation OS, Windows Vista, contained technology to help users manage identities, called CardSpace, Bijnens said. CardSpace wouldl allow users going to compatible websites to have greater control over how their personal information was released.
While it's unknown how CardSpace would work with other identity technologies, it should help grow the market for certificate accreditation and procedures around identity verification, Bijnens said.
"Microsoft just enables the market for everybody," Bijnens said.
Governments were undertaking electronic-identity projects that should also foster interest in PKI technology, Bijnens said.
But PKI technology faces hurdles, too. The technology was growing increasingly complex even for those familiar with it, StrongAuth's Arshad Noor said.
He was once involved with a PKI implementation at one of the largest pharmaceutical companies for its 120,000 employees worldwide. The CEO expected the rollout could be done in about five weeks. The rollout eventually finished, but not on the CEO's time scale, he said.
"It was absolutely crazy," Noor said. "I think management needs to understand they are implementing more and more complex technology."
Also key are the policies built around identity sharing. However, those policies often must rapidly be adjusted as businesses acquire other ones or business processes change, Noor said.
Another problem with exchanging identities using PKI is establishing one authority that can vouch for identities, something that so far hasn't happened. "The framework doesn't exist yet," Noor said.