PKI Policy Determination Process

Input from PKI Decision Process

PKI Policy Determination Process

•Application(s)

•Workflows

•Players

Determine Business

Requirements and Constraints

Determine Policy and

Deployment Models Determine

Types of Policies

and Agreements

Needed

List of Potential

Policies and Agreements

PKI Policy Determination Process

Define Business

Applications and

Requirements

Determine Business Requirements and Constraints

Map Business Requirements to

PKI Services

DetermineTypes of Data

Determine Use

Determine Jurisdiction

•Workflows

•Players

Map Business Requirements to PKI Services

• PKI Services– Authenticity of Identity– Integrity of Data– Digital Signature– Non repudiation – Confidentiality

Determine Types of Data

• Financial• Medical• Personal• Commercial• Location• Governmental

Determine Use

• Motivation and Purpose• Process• Role• Community

Determine Use – Motivation and Purpose

• Institution and professional accreditation• Establishment of secure user accounts• Enable transactions

– Internally– B2B– B2G– B2C– C2C– C2G– G2G

Determine Use - Process•Application specific

-Financial management-Clinical information systems-Mortgages

•Communications-Email/Web-VOIP-Mobile/wireless-legacy

•Storage and retrieval-Physical-Electronic

•Workflow/process management

Determine Use - Role

• Issuer/CA (need business terms)• Holder• Relying Party

Determine Use - Community

• Enterprise• Trading partner• Community of Interest

– Closed – Extensible

• Government

Determine Jurisdiction• Jurisdictional level – international, national, state,

local• Laws• Regulations • Policies

• Business and intra-industry• Government

• Standards/codes of practice• Accredited• De-facto

• Industry-specific best practices

Determine Policy and Deployment Types

• Internal• External• Trust model

Define Business Application(s) and Requirements

Determine Types of Policies and Agreements Needed

• CP• CPS• Relying Party Agreement• Subscriber Agreement• RA Agreement• LRA Agreement• PKI Disclosure Statement

(PDS)• Privacy Policy Statement• Certificate Manufacturing

Agreement• Security Policy• Policy Management Authority

Charter (policy document)

• Service Level Agreement• Outsourcing Agreement• Internal Memoranda of

Agreement• Internal Conformance Audit

Agreement• External Conformance Audit

Agreement• Dispute Resolution

Procedures• Certification Authority

Agreement (contractual)• Warranty

List of Potential Policies and Agreements