|
Term
|
Abbreviation
|
Meaning
|
| Attribute
Authority |
AA
|
An entity trusted by one or more entities to create and
assign attribute certificates. Note that a CA may also
be an AA. |
| Attribute
Certificate |
|
A set of attributes which are bound to an entity by the
signature of a trusted entity. |
| Authorised
Relying Party |
ARP
|
A relying party that is internal to the GTA infrastructure
(i.e. it has a contractual relationship with an STA, covering
certificate validation services). The ARP may or may not
also hold a certificate (i.e. may or may not be a subscriber).
|
| Authority
Certificate |
|
A certificate whose subject is a CA and whose associated
private key is used to sign certificates. |
| Authority
Revocation List |
ARL
|
A CRL that only identifies revoked authority certificates
and no end entity certificates. The GTA issues an ARL
for the purpose of identifying revoked MTA certificates. |
| Certificate
Policy |
CP
|
A
named set of rules that indicates the applicability
of a certificate to a particular community and/or class
of applications with common security requirements.
The
document, managed by a CA, describes among other things
the manner in which Identity Certificates issued by
the CA may be used and the obligations of the CA and
the relevant End Entity in relation to such Identity
Certificates.
The
Certificate Policy (or policies) under which a certificate
is issued is indicated in the 'certificate policies'
extension of the certificate.
|
| Certificate
Revocation List |
CRL
|
A digitally signed list issued by an STA to identify end
entity certificates that have been revoked but have not
expired yet. |
| Certificate
Validation |
|
The process of checking the revocation status of the certificate
of a requesting party, either by comparing the certificate
with its possible occurrence on a CRL/ARL or by sending
an OCSP request. |
| Certification
Authority |
CA
|
An entity trusted by one or more entities to create, assign
and revoke or hold public key certificates. In the GTA
infrastructure all TAs are CAs. |
| Certification
Practice Statement |
CPS
|
A statement of the practices which a CA employs in issuing
certificates. The GTA CPS describes the practices employed
by the GTA to support its certification services to MTAs.
A separate CPS is provided by each MTA, which describes
the procedures, and practices carried out by that MTA
in issuing certificates to its STAs. Similarly, each STA
has a its own CPS which describes the procedures and practices
followed by that STA in issuing certificates to its end
entities. To ensure a consistent level of trust, security
and interoperability across the GTA hierarchy, the GTA
sets minimum requirements, which all Trust Authorities
(TAs) within the GTI must comply with. These are included
in the GTA Rule Book. |
| Cross
certification |
|
A process by which two CAs mutually certify each other's
public keys and a particular CP in the first domain is
considered by the authority of the first domain to be
equivalent to a particular CP in the first domain. |
| Cross
validation |
|
The situation where an Authorised Relying Party under
either an external PKI or the GTA structure is able to
transparently validate certificates issued to end users
under the auspices of both PKIs. Conversely, an end user
with and ID certificate issued under the auspices of on
external PKI or the GTA can be transparently accepted
by an Authorised Relying Party under both structures. |
End
entity
(End user) |
|
A certificate subject that uses its private key for purposes
other than signing certificates or an entity that is a
relying party. The term end-user has the same meaning.
|
| External
Relying Party |
|
A relying party that does not have a contractual relationship
with any STA covering services for the validation of certificates.
|
| Global
Trust Authority |
GTA
|
An organisation which provides a global PKI framework.
Global Trust Authority S.c.r.l. is a company incorporated
in Belgium with its principal place of business at rue
Marie Théreèse 11, 1000 Brussels. |
| Global
Trust Authority Infrastructure |
GTI
|
The public key infrastructure established and maintained
by GTA, consisting of at least the GTA, all MTAs and All
STAs. |
| GTA
Operational Authority |
GOA
|
A management group established by the GTA Board for authorising
the operations to be performed on the GTA Root. |
| GTA
Policy Authority |
GPA
|
The part of the GTA organisation that sets the policy
rules of how the GTI will operate. The GTA Board will
act as the policy authority for the GTA. |
| GTA
Root Processor |
|
The external entity that provides and manages the secure
operation of the GTA Root (i.e. the party that is providing
the outsource service for the GTA Root). |
| Identity
Certificate |
ID cert
|
A digital certificate that cryptographically binds a public
key to the identity of the owner of the public key. |
| Master
Trust Authority |
MTA
|
A Trust Authority which exists at level 2 of the GTA hierarchy.
MTAs are responsible for registering and certifying STAs. |
| OCSP
Responder |
|
An entity that provides OCSP responses. |
| Online
Certificate Status Protocol |
OCSP
|
A protocol useful in determining the current status of
a digital certificate, without requiring CRLs. OCSP provides
more timely revocation information and may be used to
obtain additional status information. An OCSP client issues
a status request to an OCSP responder and suspends acceptance
of the certificate in question until the responder provides
a response. |
| Policy
Approval Authority |
PAA
|
A management group that is responsible for authorising
the use of particular certificate policies and certification
practice statement(s) for a PKI. The overall PAA for the
GTA infrastructure is the GTA Board. Each MTA and STA
has its own PAA. |
| Public
Key Certificate |
|
The public key and identity of an entity together with
some other information, rendered unforgeable by signing
the certificate information with the private key of the
certifying authority that issued that public key certificate. |
| Public
Key Infrastructure |
PKI
|
An infrastructure (consisting of software, hardware, procedures,
personnel, documentation, etc.) that governs the use of
public key cryptography. |
| Registration
Authority |
RA
|
An entity who is responsible for identification and authentication
of subjects of certificates, but is not a CA or an AA
and hence does not sign or issue certificates. A RA may
assist in the certificate application process, revocation
process, or both. |
| Relying
Party |
RP
|
An entity which accepts and relies on a certificate. Within
the GTI, there are two types of relying parties: Authorised
Relying Parties and External Relying Parties. |
| Root
key |
|
The public key used to validate the first certificate
in the chain of certificates as a part of certification
path processing, in this case the public key of the GTA. |
| Rule
Book |
|
A set of documents which sets out the various rules and
requirements for parties participating in the GTA Infrastructure,
parts of which are to be made available by the GTA to
each MTA and parts of which are to be made available by
each MTA to each of its STAs. |
| Scheme |
|
A system that provides application services to its users
based on PKI services via one or more STAs. |
| Scheme
Trust Authority |
STA
|
A role offering TA services to a particular scheme. STAs
are responsible for issuing certificates to end-users.
|
| Subscriber |
|
An entity to which a certificate is issued (also known
as the certificate subject). |
| Trust
Authority |
TA
|
An entity that can be relied on to implement GTA Infrastructure
services and to uphold GTA Infrastructure requirements
for security and risk management. This primarily consists
of a certification authority but may include other roles
such as registration authority, key recovery agent, etc.
The GTA, MTA and STA are all TAs. |
| Validation
Authority |
VA
|
An independent role that keeps an on-line database for
the validation of STAs and MTAs. Also used to denote an
OCSP Responder. |
