OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-survey message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pki-survey] Next Survey SC meeting MONDAY noon EDT

Minutes from yesterday's call attached.

-----Original Message-----
From: Steve Hanna [mailto:Steve.Hanna@sun.com]
Sent: 19 July 2003 11:02
To: PKI TC Survey SC
Subject: [pki-survey] Next Survey SC meeting MONDAY noon EDT

Based on the responses I have received so far, let's
hold our next PKI TC Survey Subcommittee meeting at

Monday, July 21, 12:00 PM -  1:00 PM Eastern U.S. Time

That's only TWO days from now! See apologies below.

Our call-in information will be:

  U.S. Tollfree: +1.866.545.5220
  International: +1.865.673.3239 
  Access Code: 1305447 

Our draft agenda is:

12:00 Roll call
12:05 Approve minutes of June 27, 2003 meeting
12:10 Discuss follow-up survey and agree upon goals
      and overall outline
12:50 Any other business 
 1:00 Adjourn 

I apologize for this late notice. I was hoping to receive
more responses to my Wednesday email on this topic. I should
have made a decision on Friday, but I lost track of this
action item.

However, we really need to get moving on this. We're supposed
to complete this survey in August so we can have results early
in September. And I think we may want to have a 3 week response
period for this survey, if possible. Since people often take
vacations in August.

Let's meet on Monday with whoever can make it. All others can
participate by email. I'll send out a proposed set of goals
for the August survey and a proposed outline in a moment.



P.S. Everyone who responded to my email asking which dates
would work (Sharon and Peter) said that Monday was OK. So I
hope we should have at least three people on the call!

You may leave a Technical Committee at any time by visiting

The information contained in this message is confidential and is intended
for the addressee(s) only.  If you have received this message in error or
there are any problems please notify the originator immediately.  The 
unauthorised use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for
direct, special, indirect or consequential damages arising from alteration
of the contents of this message by a third party or as a result of any 
virus being passed on.

This footnote confirms that this email message has been swept for Content
Security threats, including computer viruses.

PKI Survey SC
Conf call
21 July 2003

Steve Hanna
Peter Doyle
Sharon Boyen

Paul Evans
Terry Leahy


Approval of minutes from previous Survey SC meeting was postponed till those minutes 
have been written up and circulated.

Congratulations were noted to the team that completed the first survey, which has 
received positive feedback from the the PKI TC.

It has been agreed to carry out a second follow-up survey in August to explore the 
results of the first survey in more detail and thereby ensure that the PKI TC has as 
complete an understanding of the obstacles to PKI deployment as possible. It is 
planned that the results of this second survey will be discussed at a face-to-face (F2F) 
meeting of the PKI TC in September 2003 and subsequent work items defined and agreed to 
address these obstacles.  At this point, a report will be published for general 
availability on the results of both surveys and the proposed work items of the PKI TC.

It was agreed that the second survey to be conducted in August 2003 should;
a) break down the obstacles identified in the first survey into sub-points in order to 
gain a more fine-grained understanding of the issues at hand;
b) ask respondents to rank obstacles in terms of prioritization on a 10-point scale, 
thereby getting further refinement on the relative importance of different issues.

There was a general discussion on the content and structure of the second survey;

 - it was agreed that it is important that the survey questions are designed to ensure 
that obstacles can defined in a very specific manner which can then allow them to be addressed 
by work items of the PKI TC, i.e. things that are important AND achievable

 - it was agreed that it should be made clear in the communications around the second survey 
that the additional detailed comments provided by certain respondents to the first survey were 
appreciated and have been taken on board to help structure the questions within the second survey

 - it was agreed that the application area of Document Signing should be broken down into 
three distinct categories, namely Origin/Integrity of Web Content; Origin/Integrity of 
Workflow Documents & Forms; Non-repudiation of legally-binding documents

 - it was agreed that other application areas do not need to, or cannot easily, be further 
broken down

 - it was agreed that respondents should be asked to identify which SW Applications they
believe are not supported by PKI and to specify the nature of the "lack of support"

 - it was agreed that the obstacle "Costs are Too High" should be broken down into component 
costs such as "Software Acquisition", "Integration", "Non-Technical Set-Up Costs e.g. Legal", 
"Support", "Training", "Secure Facilities", "Cross-Certification", etc. and that respondents 
should be separately asked to assess whether the cost issue is actually a result of a low user 
population for PKI-supported applications or whether the per-user cost is still too high even 
at very high user numbers; it was also discussed whether it should be separately asked whether 
respondents are referring to a Software or an Outsourced/Managed Service CA deployment

 - it was agreed that the obstacle "PKI is Poorly Understood" should be broken down to identify 
the "by whom" aspect of this issue, e.g. is it poorly understood by management making the 
purchasing decisions? by technical people deploying PKI? by end-users of PKI-supported applications?

 - it was agreed that a free-form suggestion box should be provided below each question to ask 
respondents to specifically recommend actions for the PKI TC to address the issue in question

 - it was agreed that the obstacle "Poor Interoperability" should be further broken down to determine 
whether it is at the application layer or the PKI layer; it was noted that the TC should try to 
leverage the good work on PKI interoperability issues being conducted by other bodies such as NIST and 
EEMA rather than try to drill too much into the detail of this issue

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]