RE: [pki-ms] ideas for OASIS PKI

pki-ms message

Subject: RE: [pki-ms] ideas for OASIS PKI

From: "Terwilliger, Ann" <aterwil@visa.com>

To: "Alterman, Peter \(NIH/CIT\) [E]" <altermap@mail.nih.gov>,"June Leung" <June.Leung@FundServ.com>,"Dee Schur" <dee.schur@oasis-open.org>

Date: Fri, 5 May 2006 13:58:07 -0700

It sounds good if we can get sufficient participation by the TC.

For the first one, we should get some good feedback from the PKI Usage in OASIS study that John commissioned--in fact, I think what you are suggesting in the likely next step.

For the next one, XKMS--I am not sure whether this is OASIS or W3C....Dee, can you tell us?

The last one is probably one of the most useful/visible projects--at one time we did talk about a 'security training day' in conjunction with some regional OASIS meeting so we have looked at doing something sort of 'hands-on' before. This kind of an interoperability workshop/demonstration/challenge would take a fair amount of resource and I think we would need to recruit a few more warm bodies before we take it on....

Just my thoughts.

From: Alterman, Peter (NIH/CIT) [E] [mailto:altermap@mail.nih.gov]
Sent: Friday, May 05, 2006 1:49 PM
To: June Leung; Dee Schur; patrick.gannon@oasis-open.org; Terwilliger, Ann
Cc: pki-ms@lists.oasis-open.org
Subject: [pki-ms] ideas for OASIS PKI

All,

My apologies for not getting this out earlier. We’ve been thinking more broadly about PKI efforts for OASIS and the following make a great deal of sense to us (not The Royal We; my colleague Chris Louden and me):

There are references to PKI in a number of other OASIS standards, such as SAML, but they are mostly generic and rudimentary at best. Therefore, I think it would be useful for us to raise PKI awareness in other OASIS areas and ask for greater specificity in their reports and recommendations. Engaging in dialogues with these other groups is the way to go.
Am I correct in believing that XKMS comes under the OASIS purview? If so, I’d like to see us get a work group on building a profile or profiles analogous to SAML profiles for implementation.
Finally, Chris and I think that if the PKI group could host an interoperability workshop, or conference, or challenge that puts SPML, SAML, PKI, etc. together to solve real business problems, it would be a very powerful way of having many OASIS initiatives integrate and bootstrap each other, providing tons of great visibility, too.

Comments?

Thanks,

Peter

----------------------------------------------

Peter Alterman, Ph.D.

Asst. CIO, EAuthentication, NIH and

Chair, Federal PKI Policy Authority

Cell: 301-252-8846