OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: PKI Credentials as a form of Government trusted identification


I'm wondering if any of the OASIS PKI TC members have been following the e-Authentication Gateway project (http://www.cio.gov/eauthentication/) that is a part of the 24 e-Government initiatives defined by the President's Management Council?

It seems the needs and goals of the project, as outlined in the "Interim e-Authentication Gateway Concept of Operations" document (http://www.cio.gov/eauthentication/documents/ea_conops_21403.doc), are very similar in nature to those defined in the OASIS PKI TC charter (http://www.oasis-open.org/committees/pki/charter.php). Additionally, the Interim e-Authentication Gateway Concept of Operations document specifically mentions leveraging "some of the existing electronic credentials and credentialing services already deployed by government and commercial organizations" and that it "will accept and validate multiple forms of electronic credentials, issued by multiple Electronic Credential Providers (ECPs), including but not limited to Public Key Infrastructure digital signature certificates...." (Page 6 & 7). The ECPs will "provide user identity management services, collect and verify identity information from the user, and issue and manage user credentials" (Page 12); thereby creating a form of digital identification potentially trusted to a much higher degree than today's driver's licenses.

With this in mind, it seems prudent to me that the OASIS PKI TC include in its charter, in the statement of purpose, wording to the effect of addressing the needs of governments for a form of digital identification as the US Government is doing with the e-Authentication Gateway project. While this purpose could be read into the existing charter, I believe it should be explicitly stated to ensure that it is addressed. Also, explicitly stating it may help convey the usefulness of digital certificates to people who may not otherwise see their value to society in general since the charter appears to be oriented towards corporate needs rather than governments and the all around benefits to end users. Therefore, I propose the first paragraph in the statement of purpose be changed to read:

Many organizations and governments worldwide are developing strategies to a) utilize digital certificates to provide higher levels of security, b) make applications certificate aware, and c) promote the deployment of digital certificates for many public and private sector purposes including digital signatures and identity authentication. The purpose of the PKI TC is to address issues related to the successful deployment of digital certificates to meet industry and governmental security requirements, as well as technical and integration/interoperability issues. Furthermore, the PKI TC will increase the awareness of digital certificates as an important component when managing access to network and Internet resources, delivering secure electronic communications, and conducting secure electronic transactions between and within businesses and governmental organizations. The PKI TC will also provide a forum for a broad community utilizing PKI and digital certificates in application-focused standards and projects, as well as a mechanism for the creation of documents related to the implementation of PKI internationally.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Todd Colvin
Computer Training Specialist
SEARCH Group, Inc.
7311 Greenhaven Dr., Suite 145
Sacramento, CA 95831
(916) 392-2550 Fax (916) 392-3271
http://www.search.org/



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]