[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [egov] National Health Technology Standards Corporation
It sounds to me like machine representation of an entity as its signing agent is at least in part a legal question, which may require legislation, court decisions (in common law countries), regulations, international agreements or a combination of them to resolve. John Messing American Bar Association Representative to OASIS and LegalXML-OASIS > -------- Original Message -------- > Subject: Re: [egov] National Health Technology Standards Corporation > From: "Anders Rundgren" <anders.rundgren@telia.com> > Date: Tue, February 01, 2005 1:58 pm > To: "eGov OASIS" <egov@lists.oasis-open.org> > Cc: "David Webber (XML)" <david@drrw.info>, "Chiusano Joseph" > <chiusano_joseph@bah.com> > > Two answers in one letter to save list space :-) > > There are two dimensions, one is information and the other is trust & identity. > If the NHTSC will be able to set the standard for "information" is hard to tell. > > Regarding the trust & identity stuff, I believe (but cannot provide evidence) that > the consortium will fairly soon realize that there are TWO entities, in the > game: people and machines. Machines can in fact represent an organization. > This is something the US Federal PKI people have not yet realized, which have > caused the US a 5-year (and counting) lag compared to many other countries. > > That is, it is not enough that some standard provide an X.509 element > because that means nothing or at least creates a lot of guesswork as > there are currently four competing suggestions on how a machine should > identify itself when signing outbound orders, presciriptions etc. > - As an individual. The German solution > - As a server. The short-cut > - As as application. IBM is promoting this. > - As an organization. The Scandinavian way > > The net result is poor interoperability. > > My hope is that this consortium should not leave this question to app developers > just because it is "infected". > > thanx, > Anders Rundgren > > ----- Original Message ----- > From: "Chiusano Joseph" <chiusano_joseph@bah.com> > To: "Anders Rundgren" <anders.rundgren@telia.com>; "eGov OASIS" <egov@lists.oasis-open.org> > Sent: Sunday, January 30, 2005 18:59 > Subject: RE: [egov] National Health Technology Standards Corporation > > > I'm not certain how you arrived at all of the fine-grained technical > details you put forth below, as the URL you provided did not speak at > that level. Could you please provide an additional source to support the > information that you provide below? > > Kind Regards, > Joseph Chiusano > Booz Allen Hamilton > Strategy and Technology Consultants to the World > > > > -----Original Message----- > > From: Anders Rundgren [mailto:anders.rundgren@telia.com] > > Sent: Sunday, January 30, 2005 3:15 AM > > To: eGov OASIS > > Subject: [egov] National Health Technology Standards Corporation > > > > http://news.com.com/High-tech+alliance+for+digital+health+netw > > ork/2100-1028_3-5550628.html?tag=nefd.top > > > > If this is for real, it could have a rather profound effect > > on (F)PKI, as it seems that they are trying to create "a > > scalable and secure architecture for information exchange and > > collaboration" (my wording).. > > > > If this consortium succeeds in creating a working > > architecture for healthcare, they have "fixed the rest as > > well" as it seems that healthcare comprises practically all > > security, privacy and legal issues one could imagine. > > > > This is likely to be yet another blow at the already severely > > marginalized S/MIME scheme, as the network with a high > > certainty will be based on Web Services, and due to that also > > feature a "Gateway PKI". > > > > Gateways will be the norm for most org-to-org communication > > including cross-border dittos as can be seen by this document: > > http://europa.eu.int/idabc/en/document/3760 > > > > Although gateways are well-known by security people, > > something went terribly wrong when this extremely time-proven > > concept met with PKI. I guess this must have had something to > > do with the idea that PKI's sole mission in life is providing > > legally binding signatures for individuals. But this is > > actually only one out of a myriad of PKI applications. > > > > Now to a yet not solved question: What exactly is a gateway > > certificate? > > > > Anders Rundgren > > Senior PKI Architect > > working for a major computer security company > > > > Disclaimer: > > This is my personal opinion, not to be associated with my employer > > > > > > To unsubscribe from this mailing list (and be removed from > > the roster of the OASIS TC), go to > > http://www.oasis-open.org/apps/org/workgroup/egov/members/leav > > e_workgroup.php. > > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php. > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]