RE: [egov] National Health Technology Standards Corporation

[John Messing <jmessing@law-on-line.com>]

It sounds to me like machine representation of an entity as its signing
agent is at least in part a legal question, which may require 
legislation, court decisions (in common law countries), regulations,
international agreements or a combination of them to resolve.

John Messing
American Bar Association Representative to OASIS and LegalXML-OASIS

> -------- Original Message --------
> Subject: Re: [egov] National Health Technology Standards Corporation
> From: "Anders Rundgren" <anders.rundgren@telia.com>
> Date: Tue, February 01, 2005 1:58 pm
> To: "eGov OASIS" <egov@lists.oasis-open.org>
> Cc: "David Webber (XML)" <david@drrw.info>, "Chiusano Joseph"
> <chiusano_joseph@bah.com>
> 
> Two answers in one letter to save list space :-)
> 
> There are two dimensions, one is information and the other is trust & identity.
> If the NHTSC will be able to set the standard for "information" is hard to tell.
> 
> Regarding the trust & identity stuff, I believe (but cannot provide evidence) that
> the consortium will fairly soon realize that there are TWO entities, in the
> game: people and machines.  Machines can in fact represent an organization.
> This is something the US Federal PKI people have not yet realized, which have
> caused the US a 5-year (and counting) lag compared to many other countries.
> 
> That is, it is not enough that some standard provide an X.509 element
> because that means nothing or at least creates a lot of guesswork as
> there are currently four competing suggestions on how a machine should
> identify itself when signing outbound orders, presciriptions etc.
> - As an individual.  The German solution
> - As a server.   The short-cut
> - As as application.  IBM is promoting this.
> - As an organization.  The Scandinavian way
> 
> The net result is poor interoperability.
> 
> My hope is that this consortium should not leave this question to app developers
> just because it is "infected".
> 
> thanx,
> Anders Rundgren
> 
> ----- Original Message ----- 
> From: "Chiusano Joseph" <chiusano_joseph@bah.com>
> To: "Anders Rundgren" <anders.rundgren@telia.com>; "eGov OASIS" <egov@lists.oasis-open.org>
> Sent: Sunday, January 30, 2005 18:59
> Subject: RE: [egov] National Health Technology Standards Corporation
> 
> 
> I'm not certain how you arrived at all of the fine-grained technical
> details you put forth below, as the URL you provided did not speak at
> that level. Could you please provide an additional source to support the
> information that you provide below?
> 
> Kind Regards,
> Joseph Chiusano
> Booz Allen Hamilton
> Strategy and Technology Consultants to the World
> 
> 
> > -----Original Message-----
> > From: Anders Rundgren [mailto:anders.rundgren@telia.com]
> > Sent: Sunday, January 30, 2005 3:15 AM
> > To: eGov OASIS
> > Subject: [egov] National Health Technology Standards Corporation
> >
> > http://news.com.com/High-tech+alliance+for+digital+health+netw
> > ork/2100-1028_3-5550628.html?tag=nefd.top
> >
> > If this is for real, it could have a rather profound effect
> > on (F)PKI, as it seems that they are trying to create "a
> > scalable and secure architecture for information exchange and
> > collaboration" (my wording)..
> >
> > If this consortium succeeds in creating a working
> > architecture for healthcare, they have "fixed the rest as
> > well" as it seems that healthcare comprises practically all
> > security, privacy and legal issues one could imagine.
> >
> > This is likely to be yet another blow at the already severely
> > marginalized S/MIME scheme, as the network with a high
> > certainty will be based on Web Services, and due to that also
> > feature a "Gateway PKI".
> >
> > Gateways will be the norm for most org-to-org communication
> > including cross-border dittos as can be seen by this document:
> > http://europa.eu.int/idabc/en/document/3760
> >
> > Although gateways are well-known by security people,
> > something went terribly wrong when this extremely time-proven
> > concept met with PKI. I guess this must have had something to
> > do with the idea that PKI's sole mission in life is providing
> > legally binding signatures for individuals.  But this is
> > actually only one out of a myriad of PKI applications.
> >
> > Now to a yet not solved question: What exactly is a gateway
> > certificate?
> >
> > Anders Rundgren
> > Senior PKI Architect
> > working for a major computer security company
> >
> > Disclaimer:
> > This is my personal opinion, not to be associated with my employer
> >
> >
> > To unsubscribe from this mailing list (and be removed from
> > the roster of the OASIS TC), go to
> > http://www.oasis-open.org/apps/org/workgroup/egov/members/leav
> > e_workgroup.php.
> >
> >
> 
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php.
> 
> 
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php.