|
|
|
|
|
|
| Where is the business case? PKI projects without sound business drivers are likely to fail. | Business purposes of PKI deployment must be clearly defined. Cost displacement alone rarely is a sufficient reason for deploying PKI at this time. |
| What are the objectives of a planned trial? Ill conceived trails have the net effect of only delaying PKI deployment. | Full PKI deployments expose an enterprise’s information infrastructure in unfamiliar ways. While there may be a need to move forward with PKI, fear and uncertainty urge caution and "trial". However, the enterprise should critically challenged assumption underlying such "pilot" projects. PKI standards are mature, the technology well understood and documented. Many lessons that the enterprise would learn through a trial have been learned and are available elsewhere. Because PKI exposes liability, many organizations limit the scope of these trials to familiar and protected environments. Unfortunately, this so constrains the operating environment of the trial that critical issues are never addressed. In such circumstances then, the trial either gives a false sense of achievement or does not advance toward the goal of a PKI implementation. Absolutely critical are trading partner and liability agreements underlying the deployment. These can be addressed only in real world negotiation; energies consumed by trials are better directed toward building common understanding with trading partners. |
| Have specific applications and requirements been identified? | Identified applications are necessary to drive business case and support deployment to end users. End users will want to recognize value in these applications before bothering with certificate subscription. |
| Has a robust directory been developed and deployed?. Where and how will certificate data be maintained and how will relying parties find appropriate certificates? | Directory deployment is critical to obtaining clean user data and a well understood and stable namespace. Directory deployment will assist in determining which attributes should be included in certificates and which can be supported elsewhere.. Directory attributes will often be more robust and cheaper to maintain than extensions on certificates. |
| Have assumptions about control over end users and partners been tested? What is the liability model for key use? | PKI solutions explicitly require end user actions, for example: protection and "backup" of private keys. End users must understand implications of certificate agreements before they can reasonably accept responsibility for key use. End users may not be willing to accept certificate agreements as constructed. |
| What existing business relationships and contracts will be leveraged to support the PKI deployment? | Wherever possible, a PKI should extend existing business relationships. For example, it is much simpler to construct an end user agreement as an addendum to an existing trading partner agreement or contract. g partner accepatnce is critical to a successfule PKI. |
| Is there a strategy to migrate from simple applications to complex? | PKI has the potential to automate and dis-intermediate many distributed applications. However, a stable authentication infrastructure is should be created before the deployment of such applications.. Simple authentication and authorization models should proceed more complex application development. Trust is NOT transitive. |
| Has the data sensitivity of applications been calibrated? | Certificate policies generally indicate a class of applications for which the issuer intends the certificates to be used. These policies are intended to limit liability of the certificate issuer. Policies set different "proofing standards" as well as implementation requirements for key installation. Therefore, such policies will clearly impact the security of any system which relies upon certificates which are created under the policy. Decisions about required certificate policies should be made in light of the total security requirements of the application(s) being protected. |
| Have appropriate enrollment agents and practices been identified? Who will support certificate holders and how will that support be managed? What are the motivations of these enrollment agents. | Support for end user certificate holders is critical to the success of a PKI project. If issuing certificates to trading \ practice partner staff, the issuer must integrate its efforts with those of trading partners. Expectations with regard to training and support must be made explicit. End user support may be the largest cost component of a PKI deployment. With time this will become simpler as certificates become embedded in OS, phones and WebTV. |
| Has an intranet been deployed? What lessons about user authentication have been learned there? | Deployment and liability issues may be simpler in an intranet environment. However, the distinctions between intranet and extranet are increasing blurred. Contractors are often given more responsibility for enterprise resources than are many employees; some employees assume considerable responsibility for trading partner resources. When constructing certificate authentication for the intranet, consider implications for broader access. |