OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-education message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: FW: Powerpoint presentation from Stephen Wilson


Title: FW: Powerpoint presentation from Stephen Wilson

>
> > -----Original Message-----
> > From: Stephen Wilson [mailto:swilson@lockstep.com.au]
> > Sent: Thursday, April 29, 2004 3:03 PM
> > To: June Leung
> > Cc: 'pki-education@lists.oasis-open.org'
> > Subject: re:Reminder - Conference call tomorrow - April 29/04 at 2pm
EST
> >
> >
> > Dear All
> >
> > Here's some links and materials.  I haven't found links as yet for
some
> of
> > the materials but I am sure I can exert some influence to get them
> online,
> > or otherwise released for re-distribution bu Oasis.
> >
> > A comment regarding the categories.  Some interesting material falls
> more
> > in the area of public policy and/or governance than any of the four
> > categories in the action plan.  I wonder if in future we should
> introduce
> > a governance category?  Or is it OK to view governance issues under
the
> > category of Benefits/Value?
> >
> > Also, someone on the call today mentioned Peter Gutman.  He is a
notable
> > New Zealand based academic who maintains a very good link farm.  But
> > please be aware that Dr Gutman is an energetic campaigner against
PKI. 
> In
> > my view, much of his analysis of PKI is dated, narrow and biased, and
> does
> > little to advance the PKI debate.
> >
> >
> >
> > Category Applicability:
> >
> > "Position Statement on PKI of the Australian Security Industry"
> > By the Australian IT Security Forum, white paper Nov 2003
> > See www.aitsf.aeema.asn.au/resources/doc/documents_10.pdf
> >
> > See extract below on characteristics of good PKI applications.  The
> paper
> > mentions the American Express Blue Card which I think hasn't actually
> > turned on all of its PKI functions as yet.  Some of you folks in the
US
> > might know more details, or could research them.  I believe the Amex
> Blue
> > offers wonderful insights into embedded PKI.
> >
> >
> >
> >
> > Category Benefits/Value:
> >
> > "PKI lessons from Australia"
> > By the Australian IT Security Forum
> > Slide presentation to the Global eBusiness Forum
> > Geneva Switzerland 9 December 2003
> > See attached file, not available online as yet. 
> >
> > The slides include brief case studies from Taxation and Health in
> > Australia and a few other projects around the region, in HK and New
> > Zealand.  I can get more expanded details and links in the next two
> weeks.
> >
> >
> >
> >
> > Category All:
> > Hong Kong PKI Forum International Conference 2003
> > The Usage of PKI in e-Business
> > 15 - 16 September 2003
> > Most papers available at http://www.hkpkiforum.org.hk/resources.htm
> >
> > Good international conference with lots of case studies.  In
> particular: 
> >
> > Bank of East Asia: PKI in net banking
> > www.hkpkiforum.org.hk/docs/Vincint_Hui_Cyberbank_Sept_16.PDF
> >
> > HK Post: the national smart ID card (though in my personal opinion the
> PKI
> > applications leveraging this smartcard to date have been over-hyped,
but
> I
> > think the platform is brilliant and will attract better applications
in
> > the near future)
> >
http://www.hkpkiforum.org.hk/docs/Michael_Chung_Digital_City_Sept_16.PDF
> >
> > Baltimore Technologies presented a lot of European case study material
> > www.hkpkiforum.org.hk/docs/Patrick_McLaughlin_PKI_at_Work_Sept_15.PDF
> >
> >
> >
> >
> > Cheers,
> >
> > Steve Wilson.
> >
> >
> > Stephen Wilson
> > Lockstep Consulting
> > ABN 59 593 754 482
> >
> > 11 Minnesota Ave
> > Five Dock NSW 2046
> > Australia
> >
> > P +61 (0)414 488 851
> >
> > ------------
> >
> > EXTRACT FROM AITSF POSITION STATEMENT re Applicability ...
> >
> > Good applications for PKI
> >
> > Reviewing the ... basic benefits of digital signatures helps us to
tell
> > which types of e-business applications should be implemented with PKI.
> > Good applications for PKI have the following features:
> >  • Relatively high transaction volume
> >  • Fully automatic processing (or “straight-through” processing)
> >  • Multiple receivers
> >  • Significant risk of dispute or need to “re-wind”
> >  • Requirement to retain quality electronic evidence over long periods
> of
> > time.
> >
> > A case study in application-specific digital certificates
> >
> > If digital certificates are constrained to specific applications, then
> > they are much simpler to implement than first generation general
purpose
> > PKI. Consider the American Express Blue credit card, a new PKI-enabled
> > smartcard. When you sign up for an American Express Blue card, you
agree
> > to regular credit card terms and conditions. That is, you agree to
keep
> > your PIN secret, not let anyone else use your card, report its loss,
and
> > so on. You are not required to read a CPS; you are not required to
> > undertake intensive technical training. The American Express Blue card
> PKI
> > is completely embedded, so card holders don’t even know it is there.
> >
> > We call this an example of “scheme based” PKI. It is much simpler than
> > first generation general purpose PKI, in terms of ease of use,
> > registration, regulation and legal liability. This simplification is
> > possible because the American Express Blue digital certificate is
> tightly
> > constrained. It cannot be used to sign or encrypt generic e-mails, nor
> to
> > authenticate ordinary SSL connections. In future, only software
> > applications approved by American Express will be able to access the
PKI
> > functions embedded in the Blue card. American Express will closely
> > regulate all applications which use its smartcard.
> >
> > A new interpretation of what digital certificates mean
> >
> > This experience lets us interpret the meaning of digital certificates
in
> a
> > powerful new way. First generation digital certificates represented
> > personal identity. Now, application-specific digital certificates can
> > represent membership of some defined community, for example a credit
> card
> > scheme, a professional association, an employer, a government agency,
a
> > board of directors, and so on. Each community will have an associated
> set
> > of e-business applications, with their own special terms & conditions.
> >
> >
>
> --
> <Put email footer here>

--
<Put email footer here>

 

AITSF Geneva 9Dec03 SGW (3.3).ppt



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]