[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] Gearing up for PKI Survey Promotion
Stephen/Ann, Some feedback on the survey I received and tried to fill out today: 1) I am not a Microsoft Office user, so the fact that the survey is distributed in Excel format is a problem for me, as OpenOffice 2.0 does not faithfully reproduce the format you carefully created. Additionally, while OpenOffice will save the document in Excel format, I'm not sure how it will look when you open it up in Excel again. And no, unfortunately, I don't have a copy of Excel even in my lab Windows machines. While I understand that most of the world uses MS-Office, OASIS has gotten behind the OpenDocument standard, and as a subcommitee, I think we should support it by providing the survey in an OpenDocument format document too. I would encourage you to download OpenOffice 2.0 and add the OpenDocument version too. 2) Steve Hanna's e-mail address has changed, as you might know; might be better to get OASIS to give him a generic chair-pkitc@oasis-open.org e-mail address. 3) The survey should recognize that consulting companies (like StrongAuth) build many PKIs, and even though they may be small (5 people in our case), they may have built PKIs for companies of much larger size (120,000 employees in the case of one of our customers). Currently, the survey does not explain how one should address this. 4) In the question "Obstacles to PKI" it is not clear whether I should allot 10 points per question, or across all the 16 questions. Is this meant to be a scale of 1 to 10, with 10 being "most important" or "least important" to me? Its not clear how I should be responding. 5) Same observation as (4) for questions on "Potential Improvements to Software", "Problematic Costs", "Understanding" and "Interoperability". 6) I'm not sure how valid my opinions would be on the "Quantitative and "Qualitative" questions. I am a supplier of PKI services, thus making me biased towards the technology, and I'm an active OASIS member, so I may be too close to the problem. I've left them blank for the time being; let me know how you'd like me to respond to these sections. 7) To make things worse, after spending 45 minutes on the survey, the application locked up as I got to the section on the projects. Not sure if it had to do with the Excel spreadsheet in OpenOffice or not, but I had to kill it and lost all the work I'd done so far. (I'll wait for your responses before trying again). 8) It might be useful to break down the question on "Costs too high" into Capital, Implementation and Operational costs and determine which costs people are worried about. 9) WRT "Enrollment too complicated", it might be useful to break this question into the Technical process and the Business process and determine which part do respondents believe is too complex. 10) WRT "Too much legal work required", it might be helpful to ask the question why respondents think there should be legalities involved with a PKI when there aren't any with User ID/Passwords; and US Federal law allows for people to assent to contracts with an "X" in a checkbox on electronic forms. My point is, shouldn't IT organizations be more worried about data-integrity and security rather than legal-enforcement of the digital signature? Is this one of the reasons PKI is too complex? 11) The "Implementation" and "Cost Detail" sheets are over-whelming, Stephen. I doubt that any IT organization has that level of detail - or would be willing to part with that much information even if they did. This may be the biggest barrier to getting quality responses to the survey. While I don't deny the usefulness of such information for an analysis, I doubt we'll get that level of clarity in the responses. Even though StrongAuth has implemented 4 PKI's in the last 4-5 years, even I don't have privy to all the information in that survey; and I can guarantee that the people I know in those companies will not have all the answers either. I hate to be doing this at the stage where you're getting ready to announce and release the survey, but is there any way you can cut this back to half its size? This survey will definitely take more than an hour to fill. Just collecting the information could take days, and then it might take a couple of hours at least to get all that information filled out. For most US-based ITSec folks, this will just sit on this list of "to-do" things and will likely not get done. Motivated people (as on the TC) will help to get this moving forward, but most other people are probably swamped with day-to-day things to provide this much information. I apologize for not having been involved earlier and this late feedback, but I think its more important to be honest with you and do the right thing than to "just try to do the survey" and ignore the fact that this survey will be daunting to most respondents. Arshad Noor StrongAuth, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]