Oasis drives PKI for web services

Standards body the Organisation for the Advancement of Structured Information Standards (Oasis) has stepped up its efforts to advance the adoption of Public Key Infrastructure (PKI).

But analysts have warned that the group has much to do, as many stumbling blocks to PKI adoption, such as cost and interoperability, have still to be addressed.

Oasis, which includes members such as RSA Security, Verisign and Sun Microsystems, has set up a new technical committee to work on issues such as interoperability, deployment standards, implementation guidelines and conformance tests to improve PKI take up.

Terry Leahy, chairman of the new Oasis PKI Technical Committee, said: "We want to address the issues behind the successful deployment of digital certificates to meet business and security requirements.

"Our collaboration will focus on overcoming technical and integration challenges and promoting greater interoperability."

Sarah Kent, director of corporate and business development at RSA, explained that companies should begin to see the benefits of Oasis' work over the next six to 12 months.

"What is crucial now is that companies look at maybe getting involved in the standards process and getting educated in this area," she said.

Ovum analyst Graham Titterington believes that PKI is crucial for web services, but agreed that there are important issues that need to be looked at.

"PKI has been a disappointing market for the people in it up until the relatively recent past," he said.

"The biggest single problem is whom do you trust? It has had some success in closed communities such as within multi-national organisations and some trading communities.

"PKI is vital to web services as the identification of people is crucial. Cost is a problem and one of the biggest issues is administering the certificates. If web services catch on then the demand should bring this cost down."

Titterington acknowledged that the issue of interoperability is being tackled by such groups as Oasis.

"In the past there have been problems, but this was largely due to the old standards being incomplete," he said.

"The PKI industry has made progress on this, but it is something that Oasis will need to work on."