The Fiducia project approaches the problem of interdomain interoperation from the risk perspective. The project collected and coded key concepts in certificate policy and practice. The ensuing dataset schematised contractual roles and obligations enabling a risk model that elucidates the nature of commercial risk, possible semantic ambiguities, and legal uncertainty within PKI services. The result is a specification language that is protocol independent, but deployable in electronic commerce software. Rather than attempting to harmonise overarching practice statements and legal rules in a top-down approach to regulating certification services, the Fiducia project aims to provide a basis on which differing degrees of risk may be directly ascertained and accepted.

Management of Information Link Project – Economic and Social Research Council and Department of Trade and Industry (UK)
Final report submitted March 2003.