OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-guidelines message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pki-tc] B2B & Transaction PKI


I'm happy to finally see some more concrete guideline-related work!

>B2B in my interpretation, is: non-GUI software products, transacting
>programmatically with each other, without human interaction.

This is indeed a variant of B2B.  The classical way of purchasing goods
is though still alive and kicking.  Enclosed is a minimalistic picture of
what I consider a highly valid "B2B" Transaction PKI usage.

TC mermbers:
Would this level in your opinion qualify as reasonable in a guideline?


>An employee of a bank, ordering office supplies from the corporate
>stationery supplier, using the web interface supplied by the supplier
>is not a B2B transaction in my interpretation.

Here we entered a confusing area.  From a business point of view this
is definitely B2B, but the technical solution is entirely different from the
"classic" B2B model.  In addition, there are quite a few organizations
who combine these methods by using schemes known as "PunchOut"
and "RoundTrip".  MIT's ECAT is an example of this.  These schemes
are BTW from a PKI and security point-of-view extremely interesting.

>So, to clarify, the Transaction PKI effort will specifically focus on
>Browser-to-Application security.

This is a very good definition.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]