Re: [pki-survey] [Fwd: Re: PKI Survey Subcommittee]

[Steve Hanna <steve.hanna@sun.com>]

Peter,

Using an on-line survey is a great idea. That would eliminate
the cost and workload of doing a phone survey. I guess it
might be a little more likely that people would stuff the
ballot box, but we can control this by not publicizing the
survey *too* broadly (for instance, I hope it doesn't show
up in a slashdot article!). An additional benefit of using
an online survey is that it will be easier for busy people
(like CIOs) to respond at their convenience.

As for RSA, I'm afraid I won't be able to attend. Here in
Sun Labs, we have a tiny travel budget. I'd love to meet
the Baltimore folks, but I'll have to take a rain check.

I guess the next step is to write up the survey objectives
and sample, implementation plan, and rough schedule. Maybe
we should start with the survey objectives and sample. It
would be great if we could have the PKI TC discuss a draft
on the Wednesday concall. That may not be realistic, though.
Well, let me throw out a first draft to get things started.
Here goes:

The objective of the PKI TC's PKI Deployment Obstacles Survey
is to identify the most commonly cited obstacles to PKI
deployment and usage. We want to be able to identify which
obstacles are most commonly cited and correlate these obstacles
with information about the respondents, such as their occupation,
the industry in which they are employed, their years of experience
in the computer industry, in information security, or with PKI, etc.

Maybe we should also look at what benefits the respondents hoped
to receive from PKI and what benefits they actually saw.

I'm primarily interested in responses from people who have
significant experience with PKI deployment, although I'm also
interested in responses from other people as long as we can
separate these categories for analysis.

To be specific, I'd like to see responses from IT managers
and staff who have completed successful PKI deployments,
people who have attempted deployments but failed, and people
who have considered deployments but decided against them.
I'd also be glad to hear from employees of PKI vendors and
lawyers or IT consultants who have worked on or observed
PKI deployments. And I'd also be glad to hear from researchers
or analysts with PKI experience or insights.

Let me know what you think about this draft. If we can polish
it up quickly, maybe we can get it to the TC on Tuesday and
discuss it on Wednesday's call. If that doesn't work (times
are *very* tight), we can get something to the TC later and
get a sense of the TC by email.

Thanks,

Steve

Peter Doyle wrote:
> 
> Looks good Steve. I would strongly recommend that we go for an on-line
> survey (for example see http://www.surveywriter.com) to maximize our ability
> to cover as wide a sample population as possible. We could suggest this as a
> method to the TC and see if they agree.
> 
> On a separate note, are you attending the RSA Show next week? I won't be
> there myself, so am asking a couple of my colleagues to cover things for me
> like the proposed TC meeting. We have a side-meeting with a number of Sun
> folk as well re. EOL of Sun CMS and working with Baltimore for both
> migration of your installed base first and foremost and subsequently joint
> marketing/selling into new customers. Is this in your area of interest? If
> so, and if you're going to be at the show, it might be worthwhile you
> meeting the Baltimore folk there too.
> 
> Talk soon,
> Peter
> 
> -----Original Message-----
> From: Steve Hanna [mailto:steve.hanna@sun.com]
> Sent: 07 April 2003 20:40
> To: Peter Doyle
> Cc: PKI TC Survey SC
> Subject: Re: [pki-survey] [Fwd: Re: PKI Survey Subcommittee]
> 
> Good comments, Peter.
> 
> I completely agree that we should decide on the survey
> objectives and sample before we draft the survey. When
> you say survey objectives and sample, is that roughly
> the same as goals and target audience (which I listed in
> item 1) below)?
> 
> Also, I agree that we should decide on a timeline and
> that we should review the objectives, sample, and timeline
> with the PKI TC before proceeding. In preparing the
> timeline, we will probably need to have some plan for
> how the survey will be implemented (by web or telephone,
> who will make phone calls if by phone, who will perform
> analysis, etc.). So I have added that in.
> 
> It would be nice to also have a proposed budget before
> going to the PKI TC, but I don't think that's realistic
> if we are going to aim for TC review and approval at the
> April 16 PKI TC meeting. So I'm including that later,
> before we get PKI SC approval.
> 
> Here's what I have now:
> 
> 1) Agree on the survey objectives and sample (target
>    audience), implementation plan, and possible timeline.
> 
> 2) Verify with PKI TC.
> 
> 3) Decide on help needed for effort. Get several estimates,
>    draw up budget, and seek funding from PKI Steering Committee.
> 
> 4) Prepare rough draft for the survey and get feedback.
> 
> 5) Prepare final survey
> 
> 6) Administer survey to respondents
> 
> 7) Analyze results of survey
> 
> Please let me know if you have any comments on this.
> Otherwise, I'll proceed to draft the objectives and
> sample.
> 
> Thanks,
> 
> Steve
> 
> Peter Doyle wrote:
> >
> > Steve,
> > It looks right to me, except you should add in the requirement to agree
> > timelines for the survey.
> >
> > I don't think we should draft the survey instrument, until we draft the
> > survey objectives and sample.
> > The high-level aim is to determine the primary obstacles to PKI
> deployment,
> > but how do we want to reflect that by geography, industry, business
> > vs.technical, those who have PKI vs. those who don't, vendors vs. users
> vs.
> > analysts vs. integrators, etc.
> >
> > Should we put forward a proposal on this to the general TC for go-ahead?
> >
> > Regards,
> > Peter
> >
> > -----Original Message-----
> > From: Steve Hanna [mailto:steve.hanna@sun.com]
> > Sent: 31 March 2003 23:36
> > To: PKI TC Survey SC
> > Subject: [pki-survey] [Fwd: Re: PKI Survey Subcommittee]
> >
> > I sent this out a week ago and I haven't heard anything
> > back from either of you. I don't want to push, but I'd
> > like to get this survey task moving. Does the task list
> > below look OK to you?
> >
> > One reason why I want to get this moving is that I will
> > be speaking at the Internet 2 Members Meeting on April 9.
> > I'd like to mention this effort there and invite people
> > to contact me if they would like to participate. There
> > are lots of folks there who are using PKI, have tried to
> > use PKI, etc. But I won't mention the effort unless we
> > have *at least* agreed on what we're planning to do!
> >
> > If we can make more progress (like getting the survey
> > drafted), that would be great. I have a first draft that
> > I'd be glad to send around, but I won't move on this
> > until I get some positive responses from you two.
> >
> > Thanks,
> >
> > Steve
> >
> > -------- Original Message --------
> > Subject: Re: PKI Survey Subcommittee
> > Date: Tue, 25 Mar 2003 10:29:06 -0500
> > From: Steve Hanna <steve.hanna@sun.com>
> > To: pki-survey@lists.oasis-open.org
> > References:
> > <B15225F53DF1D411B80B0002A5097D9F8637CA@irlms02.ie.baltimore.com>
> >
> > OK. I have added the charter to our subcommittee's home
> > page (http://www.oasis-open.org/apps/org/workgroup/pki-survey).
> >
> > In order to complete our charter, I suggest that we undertake
> > the following work items:
> >
> > 1) Agree on the goals, target audience, and rough outline
> >    for this survey
> >
> > 2) Determine whether we will need help with later work items.
> >    If so, decide what help will be needed and determine whether
> >    we can get this help for free. If not, get several estimates
> >    and seek funding from PKI Steering Committee.
> >
> > 3) Prepare final survey
> >
> > 4) Administer survey to respondents
> >
> > 5) Analyze results of survey
> >
> > Does that look about right? Any suggestions? Changes?
> >
> > Thanks,
> >
> > Steve
> >
> > This footnote confirms that this email message has been swept by
> > MIMEsweeper for the presence of computer viruses.
> >
> >
> ----------------------------------------------------------------------------
> -
> > The information contained in this message is confidential and is intended
> > for the addressee(s) only.  If you have received this message in error or
> > there are any problems please notify the originator immediately.  The
> > unauthorised use, disclosure, copying or alteration of this message is
> > strictly forbidden. Baltimore Technologies plc will not be liable for
> > direct, special, indirect or consequential damages arising from alteration
> > of the contents of this message by a third party or as a result of any
> > virus being passed on.
> >
> > This footnote confirms that this email message has been swept for Content
> > Security threats, including computer viruses.
> > http://www.baltimore.com