Arshad's comments on the draft Ask Vendors survey

[Steve Hanna <Steve.Hanna@Sun.COM>]

Thanks, Arshad, for your comments. My responses are below.

Note that I have moved this discussion to
the pki-askvendors mailing list because
we're getting into wordsmithing. Arshad,
your posts will probably bounce since you're
not a member of the SC. I'll resend them
to the list if you cc me.

Arshad Noor wrote:
> 1) While many of the vendors on this list probably understand the benefits
>    of PKI-enabling their applications, it would be useful to include a
>    paragraph - for Product Managers not too familiar with the benefits of
>    PKI - why PKI-enabling their applications is good for their customers
>    and their bottom-line.  It appears to me, we're assuming the vendors
>    already know these benefits and just need to tell us what's stopping
>    them from supporting PKI;

The following paragraph from the draft survey was
intended to demonstrate the benefits in terms
appropriate to the audience (potential revenues,
since the audience is product managers). Maybe
we should include more discussion of business
benefits: greater security, etc. We could add
some text in this paragraph pointing out that
the market is growing due to heightened concerns
about security.

Why is this worth your valuable time? The market for
PKI enabled applications is potentially quite large.
The U.S. Department of Defense is now deploying
PKI enabled smart cards to 4 million workers.
Deployment at the FBI is under way and discussions
have begun on extending the system throughout the
U.S. government. In Europe, Asia, and around the world,
PKI initiatives are under way and in some cases large
and well established. Corporate adoption of PKI enabled
smart cards is picking up with large companies
like Johnson and Johnson and Sun Microsystems
leading the way.

> 2) In question #1, we ask "what sort of PKI support do they include?";
>    might it not be useful to provide some examples, such as:
> 
>     a) Digital Signatures
>     b) Certificate-based authentication
>     c) Encryption
>     d) Other: (please explain) _______________________

Good idea. Will do.

> 3) In the E-Commerce vendors section, I propose we add the following
>    vendors to the list to be queried:
> 
>     a) Middleware vendors, such as IBM, Sun, Oracle, BEA, Tibco,
>        Microsoft, CA, etc.
>     b) Database vendors: IBM, Oracle, Microsoft, Sybase, MySQL, etc.
>     c) Application vendors: Oracle, PeopleSoft, Siebel, Lawson,
>        Microsoft, CA, etc.
>     d) Operating System vendors: Microsoft, Sun, Red Hat, Novell,
>        Apple, HP, IBM, etc.
>     e) E-Commerce operators: Amazon, E-bay, Priceline, Orbitz,
>        Salesforce, etc.

This survey is limited by design to the top three
applications identified in last summer's surveys.
Certainly, we could expand it beyond that. But I
think we have our hands full already.

>     I realize that I'm working on defining the E-Commerce section as part
>     of the Application Guidelines SC; however, since this SC is ready to go
>     out with a questionnaire, I thought it might be useful to add to this
>     list now, rather than wait for the E-commerce defintion before we get
>     any answers from them.

I'd be glad to send to e-commerce vendors, but I
think we need to agree on some sort of definition
first so we can choose the vendors. Maybe you can
put together a definition quickly. Once we reach
agreement on that, we can get the e-commerce vendor
list together and send out the survey. OK?

Thanks,

Steve

S/MIME Cryptographic Signature