IGTF PKI Policy Repository

We provide a corpus of machine-actionable, human-readable PKI Certificate Policies for reference and retrieval by PKI services. Although this PKI service is currently a work-in-progress, we have already catalogued around 200 policies from the IGTF distribution. We use the CTS protocol to retrieve arbitrary sections of a policy using CTS-URNs. We have developed a mapping from CTS-URNs to OIDs and this sets the stage to reference relevant sections of a policy within a PKI certificate.

Browse policies

• Catalog of Policies

Applications

Although the repository features a simple interface for browsing the policies, it is primarily intended as a service to other computer programs and processes. Over time, we will expose some of the applications we have already developed.

• Policy Reader
• Policy Reporter
• Policy Searcher
• Policy Transformer

Publications

We have published two papers on the benefits and uses of machine-actionable, human-readable PKI policies.

• Computational Techniques for Increasing PKI Policy Comprehension by Human Analysts
• A Computational Framework for Certificate Policy Operations