TACAR: a Simple and Fast Way for Building Trust among PKIs

摘要

The idea of setting up an on-line repository hosting the academic trust anchors arose within the TERENA Task Force for Authentication and Authorisation Coordiantion for Em-ope (TF-AACE) and gained immediately a great consensus within the academic community. Over the last months of the 2003 the TF-AACE group (promoted by TERENA) has formalized the policy, established a pilot site and exercised the procedures by incorporating several academic PKIs into the repository. The policy reflects the fact that the community of identity providers in the academic and research environment is a small one, and therefore personal trust relationships were already in place. The range of potential participants include National Research and Educational Networks (NRENs), National Academic PKIs in the TERENA member countries, and non-for-profit research projects directly involving the academic community. The first time an applying PKI asks to join the TACAR a face-to-face meeting between TERENA's representative and PKI's is required, in order to establish a sort of personal trustiness. Due to the fact that the certificates collected by the TACAR can be used for several purposes, the policy does not define minimum requirements for applying CAs and does not evaluate their CP/CPS against these requirements, but only establish which CAs can join the TACAR. Each organization using the TACAR is responsible for deciding which trust links it will establish. The TACAR is intended as a trusted source to obtain PKI root certificates enabling independent validation of trust links among different infrastructures.