The Development Committee, recognizing the importance of certification authority practices to online commerce, has commissioned a Working Group on Electronic Commerce which is executing, as a demonstration project, the following project.

1. Business Practices For Certificate Authority Services Terms Of Reference.

   (Note: Subject to review and further approval)

2. SCOPE.

   This project shall have three main components, it shall:

   1. identify issues relating to authenticating Internet electronic commerce transactions using certificate authority services;
   2. review and analyze certificate authorities services and policies;
   3. recommend threshold policies and business practices for electronic commerce certificate authority services.

3. WORK PRODUCTS.

   This working group shall produce the following:

   A report on the existing practices of certification authorities with respect to the following issues

   • subscriber authentication
   • certification authority duties to subscribers
   • certification authority duties to relying third parties
   • associated discussion of disclaimers of warranties and limitations of liabilities.

   The report will identify and survey additional issues affecting certification authorities, such as key management policies and obligations and jurisdiction/choice of law issues.

   The report will include:

   • A bibliography of resources and reference materials related to digital signatures and certification authorities.
   • A comparative analysis of selected, existing certification authorities and their practices, plus a list of known certification authorities (and related industry participants).
   • A consolidated, non-technical description of digital signatures and their functions, including alternative definitions.

   The report will be presented in hard copy, as well as be available electronically. The Working Group will utilize on-line methods for reviewing work product, and engaging in informed dialogues regarding the ongoing activities required to reach the intended work products.

   Other Considerations: The Forum must be sensitive to creating an actual or implied bias toward a particular technology (e.g., RSA, DSA, etc.) or certificate authority (e.g., VeriSign, Northern Telcom, etc.) in the staffing of this project as well as the drafting of any documents.

4. WORK PLAN.

   Certain elements of the work product will be presented to the Development Committee for approval on 16 January, 1997 in London.

   The work plan for the Development Period is in development and will be announced on or about 15 October, 1996 and posted to this location.