Some problems about the traditional identity authentication model for PKI(Public Key Infrastructure) were analyzed. For example, because certificate status verification service and key verification service depend on different service providers who have not enough trust degree in open network environment, the trust degree of the traditional model decreases and its risk increases. Additionally, there are other problems about cross-CAs and incomplete authentication service in the traditional model. Thus a new open identity authentication model was put forward for PKI, which can solve the above problems. In this model, the above two verification services were both provided by CA, and the service result was applied by providing identity certification file instead of OCSP answer. The trust degree of the traditional model and our model by using the cloud trust model presented by other researchers was calculated. The result of the calculating test shows that our model can improve the trust degree obviously. Finally, the prototype system of our model was completed, and especially the performance of the model was optimized. The test shows that the model has good practical value.