[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [egov] Missing Securty: Update Working Draft for Workflow Standards
Joe, >Thanks for the additional information. I'm looking at p.2 of your >document now, and I believe that this can/should be handled through some >type of contract between the two organizations, with a certain level of >mutual trust specified. I see this as more of an operational issue. I remain puzzled. Do you mean that: 1. Purchasing systems do not need to be able to read purchase orders (Q2)? 2. Contracts can eliminate the laws of encryption? Hopefully not. >Please let me know if there are more specifics either within our outside >your document that may factor in, that I have not taken into account. You did not apply the described scheme that is the foundation of the Federal PKI saying that message security is a client-level-issue using employee encryption certificates published in directories. If you don't use this, most of the foundation and motivation is gone. >We can also keep in mind that end-to-end security is much more than PKI, >and in fact may not even involve PKI at all (as described in the WSS >specifications). I know this is something you definitely know - I'm just >choosing to point it out for purposes of the thread. That is correct, but then we are again not talking about the Federal PKI architecture which is the e-gov "gold standard" to date. Anders R
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]