[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pki-tc] A Call to Action!
I can probably did up some potential implementations of SAML on top of PKI. Is this of interest? I think the entire healthcare systems in Denmark and France are working on this now. Dee -----Original Message----- From: Stephen Wilson [mailto:swilson@lockstep.com.au] Sent: Thursday, November 01, 2007 1:38 PM To: pki-tc@lists.oasis-open.org Subject: [pki-tc] A Call to Action! Dear PKI-TC Members. We need your help! We've all 'signed up' to do something collectively to improve understanding of PKI, and develop fresh outreach materials. Yet progress remains too slow. Only four case studies have been finalised, and despite early indications that there was interest in new and innovative position papers, we still haven't got any real engagement or group discussion happening via the e-mail list. I have to say frankly that the turnout for yesterday's scheduled conference call was extremely disappointing, especially given the prompts I sent out the week prior (see below). Obviously everyone's busy, but we're all in this together, and we all agree that education remains a key factor to improving our industry. I'm appealing to you all to put in two or three hours a month, to make the PKIA TC really worthwhile. Let's try to have: (1) comments and discussion on the list about the references attached (or anything else you might have that could inform position papers) (2) more case studies (the template is available at the TC member site) (3) a good turnout for the next conference call, on the last Wednesday in November. Thanks everyone. Cheers, Stephen Wilson Chair, OASIS PKI Adoption TC Managing Director, Lockstep Group Phone +61 (0)414 488 851 www.lockstep.com.au ------------------- Lockstep Consulting provides independent specialist advice and analysis on identity management, PKI and smartcards. Lockstep Technologies develops unique new smartcard technologies to address transaction privacy and web fraud. -------- Original Message -------- Subject: [pki-tc] For discussion at next meeting Date: Tue, 23 Oct 2007 04:27:37 +1000 From: Stephen Wilson <swilson@lockstep.com.au> Organization: Lockstep To: pki-tc@lists.oasis-open.org Hello everyone. Thanks again for those who have produced case studies, we're building up a nice set! These will be posted soon on the totally new IDtrust Resources Page. Keep up the good work! Meanwhile I'd like to get some discussion happening at the next PKIA TC con call around a new whitepaper or two on strategic issues -- fresh thinking in PKI. To get things rolling, I attach two papers on new ways to apply PKI and govern it. These are meant only to seed discussion. I got some good feedback from Peter Alterman on the "Security Printer" concept. This is where a CA operates on a wholesale sort of basis, producing certificates on request from authorised RAs, targeting particular independent applications. A security printer can service multiple customers (e.g. different banks for cheques, different concert organisers for tickets, different doctors for prescription pads) and remain insulated from liabilities arising from misuse of those different paper products. The printer's liabilities concern quality of printing, protection of special equipment and paper stock, personnel security etc. All these attributes are strongly analagous to governance of CAs. So the "security printer model" suggests we can better define the demarcation of RA and CA in the CP/CPS, and generally de-mystify and simply the legal arrangements or CA, RA and Subject. The other paper is an earlier attempt to re-imagine certificates as representing relationships instead of personal identity per se. In the current climate, the idea of Relationship Certificates seems to me to resonate with "Identity 2.0". Perhaps a PKIA TC discussion paper that relates 'modern' PKI to Identity 2.0 at the policy and governance level would be useful and achievable? So ... please take an hour or so between now and next week to read and think about these issues, and we'll talk on the 31st. Reminder of the call schedule: Wed, 31 Oct, 03:00pm ET Wed, 28 Nov, 03:00pm ET Wed, 26 Dec, 03:00pm ET *** To be re-scheduled because of Boxing Day *** Cheers, Stephen Wilson Chair, OASIS PKI Adoption TC Managing Director, Lockstep Group Phone +61 (0)414 488 851 www.lockstep.com.au ------------------- Lockstep Consulting provides independent specialist advice and analysis on identity management, PKI and smartcards. Lockstep Technologies develops unique new smartcard technologies to address transaction privacy and web fraud.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]