[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: EKMI Implementation, Operations & Audit Guidelines (IOAG)
Now that we' have a CS behind us, we have a fair amount of information to start considering the TC Guidelines for how an EKMI will be built, operated and audited. (While vendor implementations of the protocol will certainly help in the creation of these guidelines, IMO, many of these guidelines are common-sense best-practices, and with a few details, I don't believe we need to wait until implementations are on the ground before we begin the IOAG work). We have two new Co-Chairs of the IOAG SubCommittee (Davi and Ken) who will help us drive the creation of the IOAG document, but I would encourage members of the TC who are interested in bringing their experiences of managing security infrastructures to bear on this document, to please join the discussion. In 2007, Tomas and I created an initial DRAFT of the Impl. & Ops. guidelines, but shelved it because we felt the SKSML protocol needed to be finalized before the IOAG documents could be created. You can read the initial DRAFT here: http://www.oasis-open.org/committees/documents.php?wg_abbrev=ekmi-implementation Please review and start throwing out ideas on how you think this document should be structured. Are there suggestions on other guideline documents that we could use as a model? Remember that the target audience consists of three groups of people: people who will build the EKMI, people who will operate it on a day-to-day basis, and finally, people who will audit it and look for compliance to policy/regulations. I envision that the document will have three major sections corresponding to these 3 groups of users, but that's open to debate. Thanks. Arshad
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]