Issue No. 04 - July/August (2003 vol. 7)
William T. Polk , National Institute of Standards and Technology, US Department of Commerce
Nelson E. Hastings , National Institute of Standards and Technology, US Department of Commerce
Ambarish Malpani , Caymas Systems
<p>The architecture chosen for a public key infrastructure (PKI) determines the scalability and usability experienced by PKI users. Enterprise PKIs typically consist of a single certificate authority (CA) or small hierarchy of CAs along with a single directory system. These enterprise architectures have limited scalability, but simplify PKI client implementations. As enterprises seek to link their PKIs to support security services across organizational boundaries, networks of CAs and PKIs, based on the bridge CA concept, are emerging. A new PKI component, the validation authority, has been introduced to simplify the interface to today?s complex PKIs. This article provides a guide to PKI architecture that satisfies an organization?s security goals.</p>
W. T. Polk, A. Malpani and N. E. Hastings, "Public Key Infrastructures that Satisfy Security Goals," in IEEE Internet Computing, vol. 7, no. , pp. 60-67, 2003.