Why does the Gatekeeper PKI Framework specify different Categories of Digital Certificates?
The Framework acknowledges the different business and risk requirements of agencies utilising PKI as a means of authenticating their clients. It is structured in a manner that simplifies the process for agencies to determine, through appropriate risk assessment processes, which category of digital certificate is most appropriate. The Framework reinforces the concept of a digital certificate that is able to be used by an Individual or Organisation for a wide range of Transactions with agencies (the General Category). It also recognises that, for business or legal reasons, some agencies may require PKI deployments within a narrow and defined group of stakeholders (Special Category). The Framework also satisfies the requirements of those agencies that conduct high risk Transactions and require stronger assurance as to the identity of the Subscriber (High Assurance).
