Re: [egov] National Health Technology Standards Corporation

["David Webber \(XML\)" <david@drrw.info>]

Anders,

There are many roads all leading to Rome.  For example
the IHE XDS work is also creating a secure document
sharing infrastructure, and using common specifications.

I believe this shows the importance of the work OASIS is doing in
defining open public specifications that can provide the
glue that aligns these parts together.

The HSS department just received 500 responses to its RFI.

The bottom line is I expect several of these initiatives to
emerge and that each will vie for attention.  Those best able
to provide easy to adopt and low cost tools based on
open public specifications and open source I do believe
will prevail.

2005 is shaping up to be a very challenging year for
OASIS to meet the demands that the burgeoning US Healthcare
costs are driving.

I'm not sure the the healthcare system will be totally
one-size-fits-all - but certainly it has the potential to span
several industry sectors.

Ultimately that is a good thing.

DW

----- Original Message ----- 
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: "eGov OASIS" <egov@lists.oasis-open.org>
Sent: Sunday, January 30, 2005 3:14 AM
Subject: [egov] National Health Technology Standards Corporation


>
http://news.com.com/High-tech+alliance+for+digital+health+network/2100-1028_3-5550628.html?tag=nefd.top
>
> If this is for real, it could have a rather profound effect on (F)PKI, as
it
> seems that they are trying to create "a scalable and secure architecture
for
> information exchange and collaboration" (my wording)..
>
> If this consortium succeeds in creating a working architecture for
healthcare,
> they have "fixed the rest as well" as it seems that healthcare comprises
> practically all security, privacy and legal issues one could imagine.
>
> This is likely to be yet another blow at the already severely marginalized
> S/MIME scheme, as the network with a high certainty will be based on Web
> Services, and due to that also feature a "Gateway PKI".
>
> Gateways will be the norm for most org-to-org communication including
> cross-border dittos as can be seen by this document:
> http://europa.eu.int/idabc/en/document/3760
>
> Although gateways are well-known by security people, something went
terribly
> wrong when this extremely time-proven concept met with PKI. I guess this
must
> have had something to do with the idea that PKI's sole mission in life is
> providing legally binding signatures for individuals.  But this is
actually
> only one out of a myriad of PKI applications.
>
> Now to a yet not solved question: What exactly is a gateway certificate?
>
> Anders Rundgren
> Senior PKI Architect
> working for a major computer security company
>
> Disclaimer:
> This is my personal opinion, not to be associated with my employer
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php.
>
>
>