Certification Authorities

Certification Authority Functions

CAs (Certification Authorities) were developed to play the role of overseeing individual registration on the web. They access applications for certificates, verify the identity of the person or organization applying for the certificate, issue certificates, revoke or expire certificates and provide status information about the certificates that have been issued.

According to the speaker, one issue that must be addressed is – What do the certificates mean? Can we trust the organization that issues the certifications? Should there be one central organization (i.e., government issuing passports)? Should there be a hierarchy of organizations based on reputation or some other criteria?

Who Will Be the CA’s?

There are numerous Certification Authority organizations. They include:

	Private, specialty firms (VeriSign)
	Government agencies
	Corporations (for their own employees)
	Telecommunications companies
	Banks or phone companies
	Internet service providers (AOL, Earthlink)

There are business issues for the certification authorities to address including:

	Business models – What business model should they use?
	Risks – How much risk should be taken?
	Costs – This is an unknown and needs to be determined by each organization
	In-house or out-sourcing – What would be the most effective means of delivering CAs?
	Operational considerations – What is the most effective way to run this business?
	Liability – What is the liability and exposure an organization is faced with by providing CAs?