[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: re:[pki-ms] Re: Recruitment
Well said Arshad! I look forward to a robust discussion on the next call. Just a few ideas ... -- I think the PKI 'crisis' has much to do with poor articulation in the past of what PKI is really for. Its proponents still tend to talk in vague generalities about "non-repudiation" etc. PKI has no monopoly on non-repudiation! The real benefits are more subtle, and require proposnents to think clearly and differently about lasting transaction authentication (i.e. 'signatures') versus fleeting access control. With a poorly articulated value proposition, PKI remains vulnerable to *perceived* disruptive technologies like biometrics. Actually the technology is not vulnerable but its mind share is terribly fragile. I am sure we have all wasted countless hours answering management questions about whether the latest gizmo is going to supersede digital signatures. -- I think poor participation in the TC has a lot to do with IT companies being frighteningly busy, and employees being frightened. With so much FUD around PKI, there are not many people in companies who feel empowered to spend time promoting it. -- I think an expectation that businesses will start using PKI per se, is like asking a bank to "use" ferro-magnetics. Complex technologies often have to be deeply bundled, which is why I think it is useful to think in terms of a digital certificate supply chain. We might have to put more distance between the wholesale issuers of keys & certs ('raw materials' akin to ferrite powderd and tapes) and the deployment of apps that use those 'raw materials' in convenient value-added forms (like smartcards, cell phones, set-top boxes etc.) -- I think the PKI TC's historic role of implementing the PKI Action Plan is still a good way of focusing and avoinding overlap on technical standards development with PKIX etc. There is still much valuable work to do under Action Plan issues like engaging with vendors, education, application facilitation, show-casing and collaboration. Cheers, Stephen. Stephen Wilson Lockstep Consulting Pty Ltd www.lockstep.com.au ABN 59 593 754 482 11 Minnesota Ave Five Dock NSW 2046 Australia P +61 (0)414 488 851 -------------------- About Lockstep Lockstep was established in early 2004 by noted authentication expert Stephen Wilson, to provide independent specialist advice and analysis on identity management, PKI and smartcards. Lockstep is also developing unique new smartcard solutions to address privacy and identity theft. > Thank you for bringing this up, Ann. > > I still need to discuss protocol with John Sabo and OASIS, but one of > the most important things I wanted to do after becoming elected Chair > of the TC, was to do some soul-searching in the first meeting to figure > out the TC's direction and relevance. > > There are lots of questions on my mind now that I've been a member of > the TC for a little over a year, the the 2 most important ones are: > > 1) As a technical committee, what technology standards do we establish > given that PKIX establishes international technical standards for > PKI, and W3C has established XMLSignature, XMLEncryption and XKMS > as standards? If we cannot answer this question, then we need to > figure out what is our charter. > > 2) The TC conducted a survey 2-3 years ago that highlighted why people > were not using PKI. Yet, many countries around the world, the US > Federal Government, the cable/satellite industry, the DRM world all > use PKI in one form or another. What is the real reason that the > general business applications/IT developers shun PKI? (Being an > applications developer myself, I have some notions on this that I'd > like to discuss in the TC, but I want to hear from everybody else > first). > > After I've had a chance to talk to John, I intend to send an e-mail > to the TC to think about these questions and to join us in the > dicussion in this month's session. I know one hour is not going to > be sufficient for this topic, but I want to get the discussion going > over e-mail first and summarize in the call, if possible. > > I think the observers are not participating because of the relevance > issue (someone I know in the PKI industry confirmed that yesterday > in a lunch conversation); so if we address that, participation will > follow. > > Arshad Noor > StrongAuth, Inc. > > Terwilliger, Ann wrote: > > At our last meeting we talked about the importance of recruiting > > additional active participants. I was looking at our membership list > > and we have many observers but relatively few active participants > > (voting members) particularly from the PKI vendor community. In > > addition to recruiting new members we might consider some sort of > > communication out to our observers, particularly those in the vendor > > community or those who are the sole representative from a company, to > > encourage them to participate more actively as voting members. This > > would give us more varied points of view and potentially also increase > > our funding for projects (most of the funding available to us today is > > the carryover from the PKI Forum). This might be worth discussing at > > the TC meeting next week. > > > > I have contacted RSA to encourage them to actively participate again and > > am awaiting their feedback. > > > > *Ann Terwilliger | Director of Security Projects - PKI|* > > *Technology Management | Visa International | 650.432.3661* > > > > *NOTICE* > > *This email message and any attachments are intended only for the use of > > the addressee named above and may contain information that is privileged > > and confidential. If you are not the intended recipient, any > > dissemination, distribution, or copying is strictly prohibited. If you > > received this email message in error, please immediately notify the > > sender by replying to this email message or by telephone to the Visa > > switchboard at 1(650) 432-3200. Thank you.* > > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > -- <Put email footer here>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]