See also:

Aligning with global standards — FundSERV completes WebTrust audit

All articles

By Dominic Ionadi

IDentity, FundSERV's public key infrastructure (PKI) initiative, was launched in May 2000. The purpose of this initiative was to enable members of the Canadian investment fund industry to carry out secure e-business using digital certificates as a means of authentication. PKI ensures strong authentication, data confidentiality and data integrity while enabling non-repudiation and centralized privilege management. These are considered to be the essential requirements for secure e-business.

As a member of OASIS (Organization for the Advancement of Structured Information Standards), FundSERV is actively involved with this technology on a global scale. By interacting with a wide range of participants from around the world, FundSERV has achieved a better understanding of the complexities and challenges of deploying an industry-wide PKI solution.

June Leung, manager of PKI support, Andrew Farmer, chief security analyst and Amir Jafri, vice president of technology, collaborated on a business issues document that was recently published by OASIS.
(http://www.pkiforum.org/pdfs/deployment_paper1.pdf)
It is a resource for organizations planning to adopt PKI. "The IDentity initiative now serves as a real-world case study for other organizations interested in similar initiatives," says Jafri.

Fundamental to a successful PKI implementation are effective policies and procedures. The paper stresses the importance of incorporating business processes with security and technical requirements before deciding to use PKI as a solution. Marketing, user education and customer support strategies are also discussed in the paper. It emphasizes that organizations considering PKI must be well equipped to plan for the challenges that may be faced when implementing a new security infrastructure.

PKI provides security solutions across the globe. Examples of how PKI can meet the security needs of an organization include a national identity program for Finland and Singapore, secure tax filing for Australia and Ireland, information security for the Canadian Department of Defense and the United States Department of Defense, as well as secure transaction processing for countless financial services firms world-wide.

*OASIS is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces.

OASIS has more than 600 corporate and individual members in 100 countries around the world.

For more information, see http://www.oasis-open.org/.

Table of Contents