[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments relating to Application Guidelines
I have reviewed all the comments sent by John Sabo and myself in the last few days, found those that pertain to Application Guidelines, and given them a tracking number and a recommendation or commentary. Please find all of that at the end of this message. Thanks, Steve ------------ Comments relating to Application Guidelines: steve.hanna@sun.com-20031014-Guidelines-1 Brief Quote: I think asking *user* communities what they need is really important. E.g. what do they want in terms of that nebulous "electronic commerce"? Does that really mean "I want to make money so I'll go where the money is - commerce?", or does it mean something else more helpful? Commentary/Recommendation: Repeat of steve.hanna@sun.com-20031024-Guidelines-3. See my commentary/recommendation there. steve.hanna@sun.com-20031014-Guidelines-2 Brief Quote: And on document signing, for me the biggest issue is document formats and providing some assurance that what you signed is what you saw. Both of these are hard in the current environment. The most popular "document" formats are proprietary, complex and very susceptible to making them look one way when signed and another way when validated. This makes interoperability pretty hard. An update on xml-signature would be nice. But I'm personally still a fan of plain text signed with S/MIME or PGP until something better comes along. Commentary/Recommendation: I recommend that this good advice be passed on to whoever gets tasked with developing application guidelines for document signing. anders.rundgren@telia.com-20031016-Guidelines-3 Brief Quote: AFAIK web-based signing in spite of being a much needed feature for on-line activties is not even a standards task. Every bank, e-government have therefore to deploy their own unique or purchased signature plugin. Commentary/Recommendation: Again, I recommend that this be passed on to whoever works on application guidelines for document signing. No change to the PKI Action Plan is needed. steve.hanna@sun.com-20031020-Guidelines-4 Brief Quote: Although controversial, we might learn a lot by critiqueing existing PKI-enabled applications and explaining the problems and/or how they could have made things simpler or more interoperable. Commentary/Recommendation: When developing application guidelines, reviewing existing PKI-enabled applications for lessons learned is a good idea. However, I'm not sure that this needs to be mentioned explicitly in the PKI Action Plan (especially since it may be controversial). Therefore, I recommend that it be omitted from the plan. It can be passed on as a recommendation to anyone who is developing application guidelines. jhilton@viviale.com-20031021-Guidelines-5 Brief Quote: I particularly support the concept of application guidelines/standards "cookbooks".. anything that OASIS can do to overcome the real/potential interoperability issues for vendors and user organisations should be welcomed. Providing some assurance that the products from vendor "x" will work with products from vendors "y" and "z" would be very very helpful in this increasingly "joined-up" world of ours. Commentary/Recommendation: Great! It's nice to have such support. No change needed. steve.hanna@sun.com-20031024-Guidelines-6 Brief Quote: What do the respondents mean by electronic commerce? I said we don't know. We may need to do some more work there. Commentary/Recommendation: Yes, I think we do need to work on this more. I suggest that one or two people go off and work on this, aiming to have a better analysis by January or February at the latest. Krishna Sankar volunteered to help. We could also go back to respondents who rated Electronic Commerce as very important and ask them what they meant.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]