As overhyped technologies go, PKI was among the all-time greats. Five years ago, it was being touted as the cure-all for enterprise security woes and an absolute necessity for organizations of any size. But after years of failed pilot projects, maddeningly complex implementation problems and vendor flameouts, customers abandoned public-key infrastructure, and advocates of the technology had few successful implementations to cite.
Since then, however, the technology has matured, and customers have realized that it can be effective in specific applications. A prime example of this is the Federal Bridge Certification Authority. The 2-year-old project has united the trust infrastructures of a handful of federal agencies, and officials are looking to extend the initiative to private industry groups and foreign governments.
The FBCA arose of necessity. When the interest in PKI implementations was at its peak three or four years ago, a number of government agencies began laying the groundwork for their own internal certification authorities. As sometimes happens in the federal government, most of these initiatives were ad hoc, with the principals having no idea that other agencies were working on similar projects.
This meant that each agency was developing its own policies and procedures for cross-certification, as well as selecting its own vendor. The agencies were looking to hook their infrastructures together, but there was no agreement on how to do it.
Enter the FBCA. The fact that the federal government, never known for its efficiency or innovation, is the driving force behind the initiative only adds to the wonder at its success.