Abstract
The present document compares the United States” The Federal Bridge Certification Authority (FBCA) Certificate
Policy [3], and the European Qualified Certificate Policy (QCP) as specified in TS 101 456 [2] in order to identify to
what extent which stipulations FBCA CP match those of QCP. This comparison concentrates on requirements at the
medium level of assurance as identified in the FBCA Certificate Policy [3] including the option for “medium hardware”
(equivalent to SSCD) and “medium – Commercial Best Practices”.
The present document gives the current results of the comparison following discussions with FPKI experts up to
November 2005. Further consideration on some areas is still ongoing and this mapping is subject to further revision.
The present document is an opposite of the earlier mapping specified by the US Federal PKI mapping from the QCP
into the requirements of the FBCA CP.
The purpose of the present document is to facilitate a CA abiding by the QCP to ascertain if QCP requirements, to
which it complies, are met by another CA abiding by FBCA CP and therefore to assess if a cross certification can be
enacted. It is to be kept in mind that this second CA has to be assessed as compliant by the Federal Bridge Certification
Authority.
The present document is structured as follows:
1) BRIEF ASSESSMENT, which provides for each clause of the QCP a one-word assessment of the similarity of
the applicable FBCA CP sections, using a set of well-defined evaluation terms, and identifies any points that
should specially noted when applying this map to specific CA policies;
2) DETAILED ASSESSMENT, which details the BRIEF ASSESSMENT by breaking down all the relevant
requirements in the QCP, grouped by clause, and by listing for each QCP clause the relevant FBCA CP
sections and requirements that match to some degree to the corresponding QCP requirements clause; the same
one-word assessment used in the BRIEF ASSESSMENT is complemented, where necessary, with explanatory
comments. As a result of this comparison, requirements are identified in the FBCA CP that are of particular
note and should be especially considered when applying this map to specific CA policies
|