The OISTE Policy Approval Authority (PAA)


The OISTE Global Trust Model (referred as OGTM), including the set of policies and procedures, is administered by the Policy Approval Authority (referred from now as PAA). In consequence, the competent entity which determines the compliance and suitability of all CPS and the different supported CPs on behalf of the entire Trust Model is the OGTM PAA.

The PAA has a series of distinct functions but does not operate as a separate legal Entity. It is managed and organized in accordance with a process that draws on expertise within the OISTE Foundation. The PAA has been established to develop, review and/or approve the practices, policies and procedures for the entire Trust Model, subject to guidelines established by the members and advisors of the OISTE Foundation.

The members of the PAA are selected by the Foundation with an open criteria to bring knowledge and experience the PKI technical and compliance requirements for Certification Authorities, but also to bring expertise on the security needs of specific sectors, like the ones fighting against illicit trade or the ones promoting the security for the Internet of Things. The members of the PAA can be organization representatives or independent persons that can bring value to the Trust Model.

CP/CPS approval procedures

The OGTM PAA defines and executes the procedures related to the approval of the CPS and CP and its subsequent amendments. Amendments will produce a new version of the document that will be published in the OGTM Policy Repository (specified in section 2.1 of the OISTE CPS).

The approval of major changes of documents related to the PKI, and specially for the CPS and CP, require a meeting of the PAA and the issuance of an approval memo signed by at least two members of the PAA. Minor versions only require the participation of a single member of the PAA in order to approve the publication of a new version.

It’s required to issue new CP/CPS versions at least once a year. In the case of versioning conflict, the latest version that prevails is always the document published in the Policy Repository.

In the case of CPS published by CA adhered to the OGTM, the OGTM PAA will always validate and endorse the subordinate CPS, with the signature of at least one member of the OGTM PAA.

Once any document of the Trust Model (CPS or CP) is updated, the CAs must do a technical assessment to identify any possible impact and/or required configuration changes in the platforms.

PAA Contact Information

OISTE Foundation – OGTM Policy Approval Authority

Email address:

Address: 29, route de Pré-Bois – CP 853, CH-1215 Geneva 15, Switzerland