INTRODUCTION TO FEDERATED TRUST
The CertiPath Public Key Infrastructure (PKI) Bridge enables cross organizational trust for its members, who operate high assurance identity credentialing systems known as Enterprise PKI, and several of whom are providers of Personal Identity Verification – Interoperable (PIV-I) credentials to other organizations. This Bridged trust is characterized by a hub-spoke peer-to-peer environment where all of the members retain control over their individual trust domain policies and technical solutions, but agree to a common set of overarching requirements embodied in Federated Trust. Each member establishes parity with the Federated Trust's requirements, which in turn enables the trust between them.
Federated Trust offers a secure and efficient means of exchanging information – eliminating the costly and complex process of individually mapping PKI/hardware tokens and issuing project-specific credentials for every new customer, supplier, or partner.
As an alternative, for those organizations not interested in maintaining a distinct trust domain, CertiPath affords the option of electing to adopt the CertiPath policy and subordinating under the CertiPath Root. In this scenario, the member organization must operate its identity credentialing system in accordance with CertiPath’s policies.
CertiPath’s trust community extends beyond its own enterprise members to the U.S. Federal government via a Bridge-to-Bridge trust relationship between CertiPath and the U.S. Federal Bridge, which operates its own hub-spoke peer-to-peer environment for the U.S. Federal agencies. This hub-to-hub relationship enables inter-organizational trust between the members of the two Bridges.
CertiPath extends the same trust fabric that Department of Defense and Federal Agencies rely on to Commercial Entities. CertiPath provides SHA1 and SHA2 support as well as CertiPath Best Practices, Medium Software, Medium Hardware, High Hardware and IceCAP levels of assurance through Federated Trust.
The following table provides a basic walkthrough of the expectations for an organization joining the CertiPath community as either a member of the CertiPath hierarchy subordinated to the CertiPath Root CA or as an Enterprise PKI in a peer-to-peer relationship with Federated Trust.