PKI growth seen despite policy problems

Public key infrastructure is poised for a resurgence, with associated identity technologies increasingly underpinning applications as organizations look to securely share information, vendors said Tuesday at a standards conference in London.

While it was a hot buzzword during the peak of the technology boom, PKI fell out of favor as IT projects were increasingly seen as bloated and without sufficient focus.

“PKI still has a lot of perception problems,” said Stijn Bijnens, senior vice president of identity management for Cybertrust.

Bijnens was one of several participants in a conference by the Organization for the Advancement of Structured Information Standards (Oasis), a consortium that developments standards for business applications.

PKI uses certificates that have been verified by a certification authority and allows other organizations or people to exchange trusted information. PKI simplifies e-government and e-commerce by letting a person identify themselves once to a certification authority that vouches for the person’s identity when they interact with other organizations in the infrastructure.

Several changes in IT should spur growth of PKI. Microsoft Corp.’s release of its next generation OS, Windows Vista, contains technology to help users manage identities, called CardSpace, Bijnens said. CardSpace will allow users going to compatible Web sites to have greater control over how their personal information is released.

While it’s unknown how CardSpace will work with other identity technologies, it should help grow the market for certificate accreditation and procedures around identity verification, Bijnens said. “Microsoft just enables the market for everyone,” Bijnens said.

Governments are undertaking electronic-identity projects that should also foster interest in PKI technology, Bijnens said.

But PKI technology faces hurdles, too. The technology is growing increasingly complex even for those familiar with it, said Arshad Noor, of StrongAuth Inc.

Noor said he was once involved with a PKI implementation at one of the largest pharmaceutical companies for its 120,000 employees worldwide. The chief executive officer (CEO) expected the rollout could be done in about five weeks. The rollout eventually finished, but not on the CEO’s time scale, he said.

“It was absolutely crazy,” Noor said. “I think management needs to understand they are implementing more and more complex technology.”

Also key are the policies built around identity sharing. However, those policies often must rapidly be adjusted as businesses acquire other ones or business processes change, Noor said.

Another problem with exchanging identities using PKI is establishing one authority that can vouch for identities, something that so far hasn’t happened.

“The framework doesn’t exist yet,” Noor said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now