CSRC   nistlogo
Home Library Services Events Advisories Contact Site Map  
SEARCH

Text to search for:

advanced search

PKI Home

Application Programming Interface (API)

Computer Security Objects Register (CSOR)

Documents

Interoperability Testbed

MISPC

Modeling PKI Architectures

Program Overview

Security Requirements

Secure Mail

Testing PKI Components

TWG

NIST Cryptographic Standards

 
 
   
Federal Bridge Certification Authority

The Federal Bridge Certification Authority (FBCA) supports interoperability among Federal Agency PKI domains in a peer to peer fashion. The FBCA will issue a certificate only to those Agency CAs specified by the owning Agency (called "Principal CAs"). The FBCA, or a CA that interoperates with the FBCA, may also issue certificates to individuals who operate the FBCA. The FBCA certificates issued to Agency Principal CAs act as a conduit of trust. The FBCA does not add to and should not subtract from trust relationships existing between the transacting parties. The Federal PKI Policy Authority (FPKIPA) is the governing body over the FBCA that operates under the By-Laws and Operational Procedures/Practices for the FPKIPA (DRAFT).

At their discretion, agencies may elect to interoperate among themselves without using the FBCA. Those agencies that elect to do so may nonetheless employ levels of assurance that mimic those set forth in the FBCA CP. However, FBCA CP Object Identifiers (OIDs) may be used only by agencies that interoperate with the FBCA. Any use of or reference to the FBCA CP outside the purview of the FPKIPA is completely at the using party's risk. Further, unless specifically approved by the FPKIPA, an Agency shall not assert the FBCA CP OIDs in any certificates the Agency CA issues, except in the policyMappings extension establishing an equivalency between an FBCA OID and an OID in the Agency CA's CP. When used in the policyMappings extension, the Agency may employ the OIDs only after a policy mapping determination is made by the Federal PKI Policy Authority allowing their use.

The X.509 Certificate Policy for the FBCA defines five certificate policies for use by the FBCA to facilitate Agency CA interoperability with the FBCA and with other Agency PKI domains. The five policies represent four different assurance levels (Rudimentary, Basic, Medium, and High) for public key digital certificates, plus one assurance level used strictly for testing purposes (Test). The word "assurance" used in this CP means how well a Relying Party can be certain of the identity binding between the public key and the individual whose subject name is cited in the certificate. In addition, it also reflects how well the Relying Party can be certain that the individual whose subject name is cited in the certificate is controlling the use of the private key that corresponds to the public key in the certificate.

U.S. Government Public Key Infrastructure Cross-Certification Methodology and Criteria - This document briefly describes what an agency or external entity needs to do to apply for cross-certification and interoperate its PKI with the FBCA.

Please read our NIST disclaimer and privacy policy.
The Computer Security Resource Center is in the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology .
NIST is an agency of the U.S. Commerce Department's Technology Administration.
Please send comments or suggestions to kathy.lyons-burke@nist.gov
Last Modified: February 13, 2002.