Information on this web site is preserved for legacy purposes only. The OASIS PKI Member Section transitioned to the OASIS IDtrust Member Section in 2007. OASIS Technical Committees affiliated with the Member Section remain active.
  About PKI Forum PKI Members Join PKI Forum PKI News PKI Events OASIS Members Only  


PKI Resources
 White Papers

Technical Process
 IPR Policy
 TC Process

Technical Committees
 Current TC List

OASIS Network
 CGM Open

OASIS Info Channels
 Cover Pages

PKI Forum News





NEW YORK, JULY 22, 2002 - The American Institute of Certified Public Accountants (AICPA), the Canadian Institute of Chartered Accountants (CICA) and the PKI Forum recently sponsored a summit meeting to discuss ways of improving trust on the Internet. The Internet's leading digital certification authorities (CAs), Web browser providers, digital certificate users, industry trade associations, regulators and CPA firms met to collaborate on enhancing the standards required for identifying, authenticating and authorizing subscriber requests for digital certificates to be used over the Internet.

"Security is the cornerstone of a trustworthy foundation for the Internet, and public key technology is one of the most important components of reliable Internet security," said Ryan Hurst, Program Manager, Microsoft, Inc. "Among prevailing Internet security protocols, public key technology is capable of providing the levels of encryption, authentication, identification and security to help maintain effective trust in electronic commerce. This summit is another step towards building a common framework for PKI security on which all providers can agree and all users can rely with confidence."

The participants agreed that several major issues affecting the acceptance, use and comparability of digital certificates must be resolved, including levels of assurance assigned to certificates; required identification, authentication and authorization procedures; consistent application of standards across the CA industry; and accreditation of root and subordinate CAs under the WebTrust for Certification Authorities Program. Solutions discussed at the summit included a multi-level classification system for digital certificates, each with increasing levels of reliability and associated registration procedure requirements.

"The WebTrust for Certification Authorities Program is becoming recognized as the de facto standard governing CA best practices for issuing digital certificates," said Ben Golub, Senior Vice President of Trust and Payments Services for VeriSign, Inc. "We believe authentication and identification practices are inextricably linked to technology infrastructure controls and establish the trustworthiness of public key-based systems. By providing assurance around information and independently examining systems against a set of measurable criteria and control frameworks, the accounting profession can contribute greatly to ensure that digital certificate users have a sound framework on which to base their trust in the technology."

"With PKI deployment taking place around the globe, it is wonderful to see so many diverse organizations working together to address certificate usage standards," said Lisa Pretty, President, PKI Forum. "PKI technology standards are well advanced and the time is right to enhance usage standards to give end users a higher level of confidence when using certificates across the Internet."

The evolving digital certificate landscape is undergoing change:

  • More and more CAs are offering subordinate CA services;
  • Increasing numbers of certificates are being offered by subordinate CAs;
  • Cross certification of CAs is more common as support for technical interoperability becomes more of a reality;
  • Automated verification and identification procedures are becoming more feasible; and
  • Use of digital certificates is increasing among users.

In order to address some of these issues on a going-forward basis, the AICPA/CICA, with the support of the PKI Forum, is establishing an industry resource panel for summit participants to provide input to the accounting profession on incorporating new and improved security and PKI standards into the WebTrust for Certification Authorities Program and developing viable solutions to accommodate the changes.

"The industry resource panel is being formed to enhance these standards, particularly in the areas of authentication and identification of certificate issuers, so that users can trust those with whom they do business over the Internet," said Anthony Pugliese, Vice President, Member Innovation, AICPA.

"The need to address these issues in a forum like this is essential to broader acceptance of public key technology in the marketplace," said Cairine Wilson, Vice President, Innovation, CICA. "Never before have these various stakeholders been brought together in one forum to resolve such fundamental Internet security issues."

Summit participants represented the following organizations: American Bankers Association, American Bar Association, American Institute of Certified Public Accountants (AICPA), American National Standards Institute (ANSI), AOL Netscape, Baltimore Technologies, Bank Information Technology Secretariat (BITS), BankOne, Canadian Institute of Chartered Accountants (CICA), Canadian Payments Association, Deloitte & Touche LLP, Entrust, Ernst & Young LLP, Federal Deposit Insurance Corporation (FDIC), Federal PKI Steering Committee, GeoTrust, Inovant, KPMG LLP, Microsoft, National Institute of Standards and Technology (NIST), Office of the Comptroller of the Currency (OCC), PKI Forum, PricewaterhouseCoopers LLP, RSA Security, Treasury Board of Canada, VeriSign and Visa International.

# # #

About the AICPA
The American Institute of Certified Public Accountants (AICPA) is the ISO 9001 certified national professional organization of CPAs in the United States with more than 340,000 members in public practice, business and industry, government and education. For more information about the AICPA, please visit For more information about WebTrust for Certification Authorities, please visit
About the CICA
The Canadian Institute of Chartered Accountants (CICA) together with the provincial and territorial institutes of chartered accountants represents a membership of approximately 68,000 CAs and 8,000 students in Canada and Bermuda. The CICA conducts research into current business issues and sets accounting and assurance standards for business, not-for-profit organizations and government. It issues guidance on control and governance, publishes professional literature, develops continuing education programs and represents the CA profession nationally and internationally.
About the PKI Forum, Inc.
The PKI Forum is an international, not-for-profit alliance comprised of technology and service providers, integrators and end-users whose purpose is to accelerate the adoption and use of PKI applications, digital certificates and other real world solutions, as well as to facilitate interoperability through multi-vendor testing of industry standards and educational outreach. The PKI Forum serves as a global information resource for PKI and advocates cooperation and market awareness enabling organizations to understand and exploit the value of PKI in applications relevant to their businesses. For more information about the PKI Forum, see the PKI Forum Web site at
Media Contacts:

Linda Dunbar
212 596 6236

Brad Monterio
colcomgroup (for AICPA)
212 973 9830

Alexander Wooley
416 204 3450

Judith Vanderkay
Virtual, Inc. (for PKI Forum)



Copyright © OASIS Open 2006. All rights reserved.