OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-survey message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Draft follow-up survey (NEED RESPONSE)


Come on, folks! We need to get moving here. We're
supposed to have this survey COMPLETED by September 1
and we wanted to allow a three week response period.
We need these results for the F2F we just scheduled.

PLEASE read this over and send email to the mailing
list. You can't all be on vacation. I have exchanged
email with some of you recently. Even if you just
say "This is great! Let's tweak it and use it." that
would be helpful.

PLEASE respond ASAP. I have asked OASIS to start
reviewing this draft. If we can get them the final
version by next Wednesday or Thursday, we should
be OK.

Thanks,

Steve

-------- Original Message --------
Subject: Draft follow-up survey
Date: Thu, 24 Jul 2003 17:52:00 -0400
From: Steve Hanna <steve.hanna@sun.com>
To: PKI TC Survey SC <pki-survey@lists.oasis-open.org>

At the end of this message, I have included a first draft
of the August 2003 follow-up survey. Please review this
and send comments to this email list. Note that I have
marked a few questions and comments with ***.

Please remember to review the list of obstacles to see
if there are any more questions we should ask.

Thanks,

Steve

-------------

OASIS PKI TC Follow-up Survey on PKI Obstacles

In June 2003, the OASIS Public Key Infrastructure (PKI)
Technical Committee conducted a survey to identify the
biggest obstacles to PKI deployment and usage so that
they can be addressed. Results from this survey are
available at http://www.oasis-open.org/...

The PKI TC has prepared this follow-up survey, which
aims to clarify and better understand the obstacles
identified in the earlier survey. This survey will
only be active from August 11 through September 1.

In late September, the PKI TC will gather to review
the survey results and agree on steps to address the
obstacles identified. Anyone who completes this
survey will receive a copy of our report on this
survey and a copy of our action plan.

But first we need your help. Please complete this
survey. Together, we can help make PKI better.

*Privacy*

To respect your privacy, responses will be kept confidential and only
reported in aggregate form. However, your individual response will be
used by OASIS PKI TC members and OASIS staff members in tabulating our
results. If you choose to provide your email address, we will send you
a copy of the survey results and invitations to participate in future
surveys conducted by the OASIS PKI TC. Your email address will not be
used for any other purposes or disclosed to anyone outside of OASIS.
Please note that by submitting your answers to this survey, you
consent to the transfer of data outside of your home country to
members of the OASIS PKI TC and OASIS staff members.

1) Please enter your email address. This answer is required. It is
   necessary to correlate your answers to this survey with your
   answers to the last survey. However, it will only be used as
   described in the Privacy statement above.

   _______________________

*Applications*

2) Document Signing

    Document Signing had the highest ranking of all applications
    in our previous survey. But Document Signing is a broad term.
    Please indicate the importance to you of these three types
    of Document Signing:

                            Not Important     Important   Most Important
    Signing Electronic Forms     ()              ()            ()
     (generally not
      legally binding)

    Signing Contracts            ()              ()            ()
     (legally binding)

    Signing Documents before     ()              ()            ()
     Dissemination (so
     recipients can verify
     their source and integrity)

*Using Points to Indicate Relative Importance*

For many questions below, we will ask you to allocate 10 points
among a set of items. Why? We want you to indicate how important
the items are relative to each other, in your opinion.

If you prefer to use 100 points for one set of items (or some
other number of points), that's fine with us. We will normalize
your point totals.

3) Obstacles

Please use the point system described in the previous paragraph
to indicate which of these obstacles to PKI deployment and usage
are most important, in your view.

Note that this list includes several obstacles that were frequently
listed as an Other Obstacle by respondents to our previous survey.

Software Applications Don't Support It    ___
Costs Too High                            ___
PKI Poorly Understood                     ___
Poor Interoperability                     ___
Hard to Get Started - Too Complex         ___
Hard for End Users to Use                 ___
Lack of Management Support                ___
Too Much Legal Work Required              ___
Hard for IT to Maintain                   ___
Insufficient Need                         ___
Enrollment Too Complicated                ___
Smart Card Problems                       ___
Revocation Hard                           ___
Standards Problems                        ___
Too Much Focus on Technology, Not Enough on Need ___

*Detailed Analysis of Obstacles*

The last survey included several broad obstacles that we must
understand in more detail before we can address them. Here we
ask you to provide more detail about the four obstacles that
were most highly ranked in responses to the previous survey.

4) Software Applications Don't Support It

Many respondents to our previous survey indicated that
"Software Applications Don't Support It" is an obstacle
to PKI deployment and usage. If you believe that it is
not an obstacle, please skip to question 5.

a) Which of these software applications most critically needs
   improvements in PKI support?

   Please allocate 10 (or more) points.

   Document Signing        ___
   Web Server Security     ___
   Secure Email            ___
   Web Services Security   ___
   Virtual Private Network ___
   Single Sign On          ___
   Secure Wireless LAN     ___
   Electronic Commerce     ___
   Code Signing            ___
   Secure RPC              ___
   Other Application       ___

b) Please tell us whether the applications you indicated above
   typically are completely lacking in PKI support or have some
   PKI support, but that support is insufficient. If the support
   is insufficient, in what way?

   _______________________________________________________
   _______________________________________________________
   _______________________________________________________

***This seems like it might be a bit too much detail.
Couldn't we do this research ourselves? Maybe not.

c) Do you have any specific suggestions for things the PKI TC
   (or others) could do to help improve application support?

   _______________________________________________________
   _______________________________________________________
   _______________________________________________________

5) Costs Too High

Many respondents to our previous survey indicated that
"Costs Too High" is an obstacle to PKI deployment and usage.
If you believe that it is not an obstacle, please skip to
question 6.

a) Which of these costs are most problematic in PKI deployment and
usage?

   Please allocate 10 (or more) points among these items to indicate
which
   of these costs are most problematic in PKI deployment and usage.

    Cost of Initial System Design   ___
    Cost of Software Acquisition    ___
    Cost of Secure Facilities       ___
    Cost of Software Integration    ___
    Cost of Training                ___
    Cost of Cross-Certification     ___
    Non-technical Setup Costs (e.g. legal & CPS)   ___
    Cost of Smart Cards and Readers ___
    Cost of Initial Certificate Issuance ___
    Cost of Support Contracts       ___
    Cost of End-User Support        ___
    Cost of On-going Operations     ___
    Other Costs (describe below)    ___

    Other Costs: _________________________________________________

b) Would you say that these cost problems are largely eliminated
   if the number of users involved is large (amortizing large fixed
   costs)?

   () Yes
   () No

***Can't we conclude this ourselves? Is it important that we ask this?

c) Do your comments about costs pertain primarily to outsourced PKI
   services, in-house PKI, or both?

   () Outsourced PKI
   () In-house PKI
   () Both

d) Do you have any specific suggestions for things the PKI TC
   (or others) could do to help reduce costs?

   _______________________________________________________
   _______________________________________________________
   _______________________________________________________

6) PKI Poorly Understood

Many respondents to our previous survey indicated that
"PKI Poorly Understood" is an obstacle to PKI deployment
and usage. If you believe that it is not an obstacle, please
skip to question 7.

a) Here is a list of parties often involved in PKI deployment
   and usage. Please allocate 10 (or more) points among these
   items to indicate where greater PKI understanding is most
   needed.

    Senior Management   ___
    IT Management       ___
    IT Staff            ___
    Users               ___
    Vendors             ___

7) Poor Interoperability

Many respondents to our previous survey indicated that
"Poor Interoperability" is an obstacle to PKI deployment
and usage. If you believe that it is not an obstacle, please
skip to question 8.

a) Where do the most serious interoperability problems arise?

   Please allocate 10 (or more) points among these items.

   Certificate Issuance    ___
   Certificate Revocation  ___
   Smart Card              ___
   Operating System        ___
   Server Software         ___
   Application-Smart Card  ___
   Application-Certificate ___
   Cross-Certification     ___
   Other (describe below)  ___

   Other: _______________________

b) Interoperability is an especially complex area. Please
   describe any interoperability problems you want to
   highlight and offer any suggestions you may have for
   addressing them.

   _______________________________________________________
   _______________________________________________________
   _______________________________________________________

8) Other Comments or Suggestions

   If you have any other comments or suggestions to offer,
   please feel free to do so here. We are especially interested
   in hearing your thoughts on how to address the obstacles
   listed in this survey. We will consider your comments carefully.

   You may also email comments to the PKI TC co-chairs at
   pki-tc-chair@lists.oasis-open.org. These comments will be
   passed on to the rest of the TC after any identifying
   information has been removed.

   NOTE: We have saved any comments you supplied in response
   to the previous survey. Those comments will also be considered.

   _______________________________________________________
   _______________________________________________________
   _______________________________________________________

S/MIME Cryptographic Signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]