Simplified PKI model

A (simplified) description of the PKI model and where DSS is involved in that model is given in the figure below.

In this simplified model, a PKI is composed of:

• Certificates;

• Certification Authorities (CA) issuing the certificates;

• Certificate Revocation Lists (CRL) issued by CAs; and

• OCSP responders providing information on the status of certificates.

In turn, DSS within that model, can be used to implement Signature creation applications (SCA) and/or Signature Validation Applications (SVA)

Each of those concepts are further detailed in the next sections.