Harvey, S. contributed to The GUIDES Consortium (2000). Guidelines, Methodologies and Standards to set up a CA for Digital Signatures. Version 1.0 (Draft). Available on the World Wide Web: (URL: http://www.regione.emilia-romagna.it/guides/)
Summary
These Guidelines are being developed in the framework of the project GUIDeS1. GUIDeS overall goals are:
- to improve emerging practices in the setting up of certification services,
particularly within the public sector, by providing Guidelines to set up a CA for digital signatures, based on state-of-the-art technical and legal standards and requirements, and on the direct experience of the project partners in this field; - to validate and demonstrate the Guidelines within the broader EU context;
- to disseminate improved practices, thus stimulating a wider diffusion of CA
services; - to provide feedback to the institutions which are defining, both at national and at
European level, the requirements and standards for the provision of digital
certification services.
This document provides a set of Guidelines for establishing a public key infrastructure (PKI). The guidelines follow a procurement model that involves issuing a Request for Information (RFI) to vendors followed by a Request for Proposal (RFP). The guidelines focus on the technical contents of these documents rather than the business and legal aspects of tendering. An organisation using these guidelines may decide that it is best to outsource the service to a trusted third party, or may decide to purchase hardware and software and establish its own certification service. Guidelines for both procurement models are provided, as well as a set of decision criteria that will be helpful in deciding whether to in- or out-source. The Guidelines cover the process up to the issuance of the first public key certificate, and do not provide guidance on the day-to-day operations and ongoing support of the certification service.