Privacy positive aspects of public key infrastructures
Published in April 1999 in Privacy Law and Policy Reporter, this paper perhaps for the first time described how digital certificates could represent credentials, memberships and business relationships, instead of personal identity.
"A law society and a medical registration board might both establish CAs in order to issue digital certificates to their members. If the processes for issuing those certificates are integrated with present registration practices, then the certificates could represent electronic credentials. Thus, a title search digitally signed by a lawyer could be relied upon by a home buyer if the lawyer's certificate came from a recognised law society. And likewise, an electronic prescription digitally signed by a doctor could be trusted by a pharmacist if the doctor's certificate came from the recognised registration board. The relying parties in these respective transactions may care little for the actual identities of the signatories; rather, the relying parties need to trust the validity of the credentials."
"To date we have tended to think of digital certificates as being like electronic passports. Commercial CAs typically grade their certificate offerings according to the degree of identification required of the applicant, and the Commonwealth's Project Gatekeeper has almost enshrined the concept of '50 point', '100 point' and '150 point' certificates. But this is unfortunate because it is more accurate and far more powerful to think of certificates as electronic credentials, specific to the CA's community of interest.
In the real world, we don't characterise credentials according to personal identity levels. Rather, we allow different communities or bodies to set their own rules for admission. The legitimacy of those rules [is] the same thing as the authority to issue credentials to, say, lawyers and doctors ..."