Action plan developed for PKI adoption

An e-business standards watchdog last month unveiled a comprehensive action plan aimed at kickstarting the adoption of Public Key Infrastructure (PKI) technology.

The OASIS (Organization for the Advancement of Structured Information Standards) PKI Action Plan builds on the results of a series of surveys conducted by the OASIS PKI Technical Committee with IT staff who have deployed or attempted to deploy it.

Security vendors have long touted PKI technology (which uses digital certificates to authenticate e-mail, individual and enterprise transactions) as the answer to most network computer problems. But it has been hampered by cumbersome impleĀ­mentation, differing and incomĀ­patible standards along with issues of legacy system integration.

PKI has evolved and so too should the industry's understanding of the technology and its ability to drive Web services and e-business, according to John Sabo of Computer Associates and co-chair of the OASIS PKI Technical Committee.

PKI adoption is probably further along in Canada than in the U.S. In Canada, PKI has made some inroads, particularly in public sector and the financial services industry, said Steve Hanna of Sun Microsystems Inc. and committee co-chair.

The PKI Action Plan addresses some of the primary obstacles to widespread PKI adoption, Hanna said. These adoption barriers include: poor or missing support in software applications, high costs, poor understanding of PKI among senior managers and end users, interoperability problems and lack of focus on business needs.

The key to adoption is two-fold, Hanna said, adding the goal is to create a compelling reason for using the technology. This includes reducing the cost of PKI deployment and usage while increasing the benefit via better "out-of-the-box" PKI solutions, Hanna said.

There is a tentative two-year timeline for implementing this plan, in which time the technology "should be a lot more practical," Hanna said, adding that early adopters include the government, military and financial institutions.

Members of the group include Computer Associates International Inc., Entrust Inc., IBM Corp. and FundSERV Inc. OASIS is currently seeking new members, including vendors such as Microsoft Corp., to join the initiative.