Citizen PKI project under way
- By Brian Robinson
- Jun 19, 2000
A distant cousin to the Federal Bridge Certificate Authority (FBCA) is the
General Services Administration's Certificate Arbitrator Module (CAM), which
like the FBCA is intended to provide a level of interoperability among
public-key infrastructure systems.
But whereas the FBCA is aimed at enabling interoperability among government
agency PKIs, the CAM's goal is to allow an individual citizen to deal with
multiple agencies using the same digital certificate. The CAM is part of
the Access Certificates for Electronic Services program at GSA.
ACES provides digital certificates to citizens who want to conduct online
transactions with agencies. The individual connects via the Internet to
an ACES Registration Authority, which asks for certain details such as name,
address and phone number. After verifying the information, a one-time personal
identification number is mailed to the person, who uses it to generate a
public/private key pair with his or her computer's World Wide Web browser.
The person then supplies the personal identification number and public key
to the ACES certificate authority, which issues a certificate that is then
stored in the user's Web browser.
The CAM is a piece of software — provided for free by GSA — that is
inserted into an agency's regular security umbrella and allows it to automatically
check on whether a citizen's certificate is valid, in real time. It's basically
a router that automatically generates a request to the certificate's ACES-compliant
issuer to determine its status.
"CAM wouldn't be necessary if agencies could build that [validation]
functionality into each and every application," said Stanley Choffrey, GSA
program manager for ACES and the CAM, as well as the FBCA. "The CAM allows
agencies to build a simple application program interface for those applications,
and then every application is automatically PKI-enabled. It offloads a lot
of the PKI infrastructure work that would have to be embedded in each application."
Agencies still have to build trust lists and manually enter the trust
keys for each of the certificate authority domains it wants to maintain.
Other than that, the CAM automatically verifies all transactions.
The CAM is actually pretty flexible, according to Choffrey. It can filter
many types of information so that the use of certificates can be precisely
The CAM and the FBCA could be made to work together, Choffrey said,
but they operate on wholly different trust models. With the CAM, the party
that needs to accept the certificate has the burden of verifying the trust
level, whereas the FBCA handles that by maintaining copies of the trust
policies of participating agencies.
Eventually, Choffrey said, the goal is to open up the source code for
the CAM so that the world at large can have access to it and improve on
Brian Robinson is a freelance writer based in Portland, Ore.