Implementation issues and challenges with PKI infrastructure and its integration with in-house developed IT applications

Rapid deployment of e-governance applications emphasis on need for security and authentication. Many emerging technologies are being developed to fulfil security requirements. The major concern in e-governance transactions is the need for replacement of hand-written signature with an `online´ signature. Further, since web enabled applications are prone to various types of security breaches, the discussion on robust and authenticated e-governance transactions is incomplete without consideration of `security´ as a prominent aspect of `online signatures´. An e-signature may be considered as a type of electronic authentication which can be achieved by means of different types of technologies. Today there are wide range of technologies, products and solutions for securing the electronic infrastructure of any organization. The levels of security implemented should be commensurate with the level of complexity of the organizational data and applications in use. To operate critical web enabled applications, organizations need high-level, certificate-based security provided by a Public Key Infrastructure (PKI). PKI protects applications that demand the highest level of security, web services based business process automation, digital form signing and electronic commerce. PKI is a consistently evolving security process in government and ecommerce. It is the most appropriate security mechanism for securing data, identifying users, and establishing a chain of trust to secure electronic infrastructure. PKI integrates digital identities and signatures to present an end-to-end trust model. This paper discusses the issues and challenges associated with setting up in-house certifying authority and integrating PKI functionality into in-house developed IT applications in our organization.