|
For the Information Society to develop fully, it is essential to have mechanisms that allow us to trust the multiple entities that play a role in the Web. An example is the digital signature technologies and the public key infrastructure (PKI) used to make electronic operations secure. A growing number of service providers and users are using this technology to guarantee the electronic transactions they make on the Web. However, it is not enough just to base protection mechanisms in a cryptographic infrastructure: the actors also need to show they trust the authorities that certify the identity of the providers and users, the Certification Authorities.
The procedures and practices under which a certification authority operates are stated in a public document that serves as a user guarantee. These Certification Practice Statements use a very technical vocabulary and are written in natural language, normally only in one language. The technical terms mean it is difficult for non-specialized users to find out more about the technical guarantees and endorsements of the authorities so as to decide how much trust they can place in them.
Semantic technologies for evaluating Certification Authorities
The use of semantic standards makes it possible to express in a structured way the practices of the certification authorities that take part in the daily operations on the Web and certify natural and corporate persons. By using technologies that can represent knowledge in a more structured and processable manner, we can compile a catalogue that displays the most important technical characteristics of each authority, complementing this information with the opinions of users who give scores to certification authorities based on the amount of trust they have in them. Thanks to semantic tools, information on certification practices can be automatically processed to resolve the problem of the lack of confidence of users in authorities they are not familiar with that are ultimately responsible for certifying the identity of the sales people, buyers, patients, professionals, etc., with whom users come into contact on the Web.
The PKI Trust Center prototype provides a catalogue of recognized Certification Authorities and can learn from the valuation of the users, who—in the manner of social networks—access and label PKI information.
Read more on the PKI Trust Center. |
