Re: [egov] The Swedish e-Sign Signature Central

[Rex Brooks <rexb@starbourne.com>]

Good idea, Anders,

I am willing to bet that you will not see a single reply against it. 
But it won't happen any time soon, as long as there is any 
significant economic advantage in being the de facto standard in 
practice, as opposed to being simply one of many federated 
Certification Authorities for a globally-recognized standard for 
single sign on, as recognized by US Federal Policy. So until a 
Presidential Mandate or Congressional Act sets this policy in stone, 
the scramble between the Microsoft Passport community and the Sun 
Liberty Alliance community will continue with both saying that they 
applaud the principle of a federated certification for 
single-sign-on, while both communities quietly work to undermine the 
process by achieving that de facto status of installed base 
recognition. The US extolls the so-called"free" marketplace, but 
hasn't shown much backbone lately when it comes to standing up to 
monopolies. However, if the EU develops some larger markeplace 
muscle, that might sway some opinion. If Sony-Ericsson were behind 
it, with say France-telecom and Fujuitsu, onboard as well, with some 
of that marketplace muscle, THAT might make a difference, but with 
China, Central, Southern and Southeast Asia up for grabs, who has the 
time? And remember, after that market achieves a moderate amount of 
stablization in the next phase of economic-industrical development, 
there will then be Africa getting up to speed, with South America 
already showing signs of becoming a more lucrative marketplace.

I believe there's a word for this. Geopolitics. The truth is, money 
talks, quietly in the audible portion of the public spectrum, but 
very loudly behind the scenes. The last thing I want to do is to 
cause a ruckus, and this TC especially needs to be circumspect about 
what it says and what arenas it chooses to enter, but inevitably 
there will come a day when this aspect of our shared reality has to 
be faced. Unfortunately, while I would once have said that ISO was 
the more appropriate forum for taking up this work, but with their 
recent adoption of a policy to charge for their Country Codes, it 
appears that only OASIS and W3C stand a chance of putting a standard 
in place that can achieve the actual purpose of single-sign-on.

Now, having said all that, let me say that there is a back door that 
this TC might want to pursue, which would be to balkanize the process 
while maintaining a single schema standard for the actual information 
required. By that I mean, make a schema-based standard of the 
vocabulary required, then immediately start making as many separate, 
market/country/region/niche segment standards as there are 
constituencies. Start with web services security and incorporate SAML 
and XACML within these various standards, making them all virtually 
identical, but having so many of them that the major economic blocks 
fighting for market dominance will simply have too many separate 
little constituencies with which to cost-effectively accommodate or 
cope, and each of which can add their own little twists in their own 
little standards. the idea is to make it virtually impossible for the 
big boys to make any money out of trying to keep up while claiming 
that their market group represents the "best" combination of reliable 
services in the global marketplace.

In effect, what this does is to make a virtue of what is happening 
here in OASIS already, with so many small, focused constituencies 
staking out their own territory. At the same time, if this explosion 
of small standards is going to eventually lead to some genuine global 
consensi for broadly based, royalty free, encompassing standards, it 
can, then, actually come about sooner, with too many small targets 
for the major multinational corporations to pick off one at a time.

Fighting Darwinism is in itself, not a good strategy for long term 
survival and success. Better to use its own processes to thrive.

Ciao,
Rex
At 10:14 AM +0100 11/29/03, Anders Rundgren wrote:
>Ladies and & Gentlemen,
>Here is some information regarding e-sign and e-governments.
>
>Sweden's e-sign solutions for e-Governments
>---------------------------------------------------
>
>Due to the fact that current e-signature client SW is unique, the
>Swedish authorities' are planning to set up a "signature central"
>which effectively means that all e-sign operations will be
>performed in an external and very costly service, instead
>of being integrated in the e-government applications
>themselves.
>
>If there had been a working e-sign standard, the "signature central"
>would have been redundant.  My study indicates that there are no
>conflicts or technical problems having a single e-sign solution
>covering both the desktop (Windows, Mac, Linux, etc), as well as
>high-end mobile devices.
>
>I'm sure that we can find EU money for such a development as the
>situation is similar in the entire EU.
>
>So my question is really only: What are we waiting for?
>
>Anders Rundgren
>Consultant, PKI and e-Business
>+46 70 - 627 74 37 (on CET)
>
>Attachment converted: Enterprise:???#2A6A72.pdf (PDF /CARO) (002A6A72)
>To unsubscribe from this mailing list (and be removed from the 
>roster of the OASIS TC), go to 
>http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php.


-- 
Rex Brooks
GeoAddress: 1361-A Addison, Berkeley, CA, 94702 USA, Earth
W3Address: http://www.starbourne.com
Email: rexb@starbourne.com
Tel: 510-849-2309
Fax: By Request