Public key superstructure "it's PKI Jim, but not as we know it!"

While PKI has had its difficulties (like most new technologies) the unique value of public key authentication in paperless transactions is now widely acknowledged. The naïve early vision of a single all-purpose identity system has given way to a more sophisticated landscape of multiple PKIs, used not for managing identity per se, but rather more subtle memberships, credentials and so on. It is well known that PKI's successes have mostly been in closed schemes. Until now, this fact was often regarded as a compromise; many held out hope that a bigger general purpose PKI would still eventuate. But I argue that the dominance of closed PKI over open is better understood as reflecting the reality of identity plurality, which independently is becoming the norm through the Laws of Identity and related frameworks. This paper introduces the term "Public Key Superstructure" to describe a new way to knit together existing mature PKI components to improve the utility and practicality of digital certificates. The "superstructure" draws on useful precedents in the security printing industry for manufacturing specialized security goods without complicated or un-natural liabilities, and inter-national accreditation arrangements for achieving cross-border recognition of certificates. The model rests on a crucial re-imagining of certificates as standing for relationships rather than identities. This elegant re-interpretation of otherwise standard elements could truly be a paradigm shift for PKI, for it grounds certificates in familiar, even mundane management processes. It will bring profound yet easily realized benefits for liability, cost, interoperability, scalability, accreditation, and governance.