Public Key Superstructure

Abstract

While Public Key Infrastructure has had its difficulties (like most new technologies) the unique value of public key authentication in paperless transactions is now widely acknowledged. The naive early vision of a single all-purpose identity system has given way to a more sophisticated landscape of multiple PKIs, used not for managing identity per se, but rather more subtle relationships, memberships, credentials and so on. It is well-known that PKI’s successes have mostly been in closed schemes. Until now, this fact was often regarded as a compromise; many held out hope that a bigger general purpose PKI would still eventuate. But I argue that the dominance of closed PKI over open is better understood as reflecting the reality of identity plurality, which independently is becoming the norm through the Laws of Identity and related frameworks. This paper introduces the term “Public Key Superstructure” to describe a new approach to knitting together existing mature PKI components to improve the utility and strategic appeal of digital certificates. The “superstructure” draws on useful precedents in the security printing industry for manufacturing specialised security goods without complicated or unnatural liabilities, and international accreditation arrangements for achieving cross-border recognition of certificates. The model rests on a crucial re-imagining of certificates as standing for relationships rather than identities. This elegant re-interpretation of otherwise standard elements could truly be a paradigm shift for PKI, for it normalises digital certificates, grounding them in familiar, even mundane management processes. It will bring profound yet easily realised benefits for liability, cost, interoperability, scalability, accreditation, and governance.