The OISTE Trust Model

OISTE GLOBAL TRUST MODEL

The OISTE Foundation owns and regulates the OISTE GLOBAL TRUST MODEL, which includes as “Root of Trust” a number of ROOT CERTIFICATION AUTHORITIES, globally recognized. OISTE delegates on the Swiss company WISeKey SA the operation of the systems and infrastructures supporting the Trust Model. OISTE doesn’t issue certificates to end subscribers, but grants to WISeKey a license as SUBORDINATE CERTIFICATION AUTHORITY, allowing the delivery of Trust Services for Persons, Applications and Objects.
Important Note for Relying Parties

PRIOR TO ACCESSING AND/OR RELYING UPON THE OISTE ROOT CA CERTIFICATES, YOU ARE REQUIRED TO CONSENT TO THE OISTE RELYING PARTY AGREEMENT. IN ALL CASES, UPON ACCESSING ANY SUCH INFORMATION AND DATA, YOU ARE INDICATING YOUR CONSENT TO THE TERMS AND CONDITIONS OF SUCH RELYING PARTY AGREEMENT.

PLEASE NOTE THAT RELIANCE ON A CERTIFICATE OR CERTIFICATE REVOCATION LISTS ISSUED BY OISTE REQUIRES ASSESSING WHETHER SUCH RELIANCE IS REASONABLE. IN ORDER TO DO SO, IT IS ESSENTIAL TO READ AND UNDERSTAND THE PROVISIONS OF THE FOLLOWING DOCUMENTS:

• OISTE CERTIFICATION PRACTICE STATEMENT
• OISTE CERTIFICATE POLICY, specific for the type of certificate used
• CERTIFICATION PRACTICE STATEMENT published by the Issuing CA, subordinated to the OISTE ROOT (e.g. WISeKey SA)

DOCUMENTATION FRAMEWORK OF THE OISTE GLOBAL TRUST MODEL – OGTM

• OGTM Certification Practice Statement Version 3.5 – 15 August 2023 [PDF][All versions]
• OGTM Certificate Policies (CP):
  • CP for Personal Certificates Version 1.4 – 15 August 2023 [PDF][All versions]
  • CP for SSL Certificates Version 1.5 – 24 January 2024 [PDF][All versions]
  • CP for Device Certificates Version 1.1 – 24 January 2024 [PDF][All versions]
• OISTE Root Certificates Embedding Agreement – 16 January 2019

OISTE ROOT CA Certificates

• Root Certificates [Link]
• CRLs (CDP Table) [Link]

Independent Audit Reports

• WebTrust audit for Certification Authorities (June 2020) [Link]
• WebTrust audit for SSL – Baseline Requirements and Network Security (June 2020) [Link]
• WebTrust audit for Extended Validation SSL [Link]

LICENSED SUBORDINATE CERTIFICATION AUTHORITIES

The following entities have been granted a license to operate as Subordinate CAs of the OISTE Roots:

• WISEKEY SA:
  • Allowed to run non-constrained CAs: YES
  • Allowed Certification Policies: ALL POLICIES
  • Independent Audit Required: YES [Link to Audit Reports]
  • Document Repository page: hhttps://www.wisekey.com/company/legal-information/pki-documentation/
• WISEKEY INDIA PRIVATE LIMITED:
  • Allowed to run non-constrained CAs: NO
  • Allowed Certification Policies: ONLY PERSONAL CERTIFICATES, NOT ALLOWED FOR SECURE EMAIL
  • Independent Audit Required: NO
  • Document Repository page: N/A

OTHER RELATED DOCUMENTS

• WISeKey Vulnerability Reporting Policy [HTML]
• WISeKey Privacy Notice [HTML]
• CertifyID Certificate Subscriber Agreement [PDF]
• CertifyID Relying Party Agreement [PDF]
• CertifyID Identity Validation Overview [PDF]
• CertifyID Classes and Requirements Overview [PDF]