You are in: ECommerce-Guide > News > Trends

ECommerce-Guide Essentials eBiz FAQ Everything you need to know to start your own successful e-business. Selling on eBay How to make money in the online marketplace. PayPal Payments and More What's new in secure payments for your online store. Shopping Cart Software Solutions to close, process and track your online sales.

Growing a Tree Of Trust -- Part One
By Mark Merkow, CCP, CISSP
December 31, 1998

Certificate Practice Statements

Beyond the limits of physical and logical protection of keys used to sign certificates, CA policies and procedures are clearly spelled out in Certificate Practice Statements (CPS). These cover those human factors mentioned earlier in the series. CPSs consist of detailed descriptions of certificate policies are how they''re implemented by a particular CA.

The American Bar Association defines them this way:

"A CPS is a statement of the practices which a certification authority employs in issuing certificates."

When CAs negotiate cross certification services, they''ll examine and compare each other''s CPS. The liability that certificate issuers and end entities assume plays a role in the degrees of trust.

X.509 certificates contain certificate policies that allows certificate holders to decide how much trust to place in their certificates. According to X.509, Version 3, a CPS is:

"A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements."

A sample of a CPS from The University of Colorado may be found here. The Internet Engineering Task Force''s (IETF) "Certificate Policy and Certification Practice Statement Framework" working draft by the PKIX Working Group may be found here.

Tools:

Add ecommerce-guide.com to your favorites Add ecommerce-guide.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed