OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [no subject]

> a. Application Guidelines (Arshad Noor)
> "In attempting to understand the lack of support for PKI in 
> applications - specifically related to e-commerce - I've been 
> doing some informal research ... 
> I've come to the realization that the single biggest difficulty 
> is the ability todigitally sign a transaction in a web-application 
> in a standardized way. If you talk to adeveloper long enough, 
> they will explain many different ways that one can solve this
> problem, but none that are standardized.
> 
> I'm contemplating doing a little more research on the subject 
> (mainly, I have to read some documents that I've found on the 
> Internet) and intend to formulate a position that I can bring 
> up to the SC/TC to discuss how we might want to go about 
> simplifying this."
> 2. There was some discussion of Arshad's report.  Paul felt the 
> Federal Government ismostly using S/MIME for digital signatures.  
> Bob described the NIH's digital signaturepilot which used a 
> signed XML form, provided web based submission and archiving 
> of received documents. John thought that archiving issues have 
> definitely been neglected in many projects.  Sharon felt that 
> there would be different applications for various uses. Steve 
> thought a non-proprietary document format was the important issue.
> Timestamping was also mentioned as an issue, an area it was noted 
> which is subject to some patent claims. Another common problem 
> noted was the need for signatures related to a role an individual
> was assuming.  Steve mentioned a New Zealand project that has 
> been working on end-to-end PKI, but reverted to authenticating 
> server access. 

I'm guessing many of these points sit squarely within Oasis's mandate. 

Cheers, 

Stephen.


Stephen Wilson
Lockstep Consulting Pty Ltd
ABN 59 593 754 482

11 Minnesota Ave
Five Dock NSW 2046
Australia

P +61 (0)414 488 851

--------------------

About Lockstep 
Lockstep was established in early 2004 by noted authentication expert 
Stephen Wilson, to provide independent advice and analysis on cyber 
security policy, strategy, risk management, and identity management.  
Lockstep is also developing unique new smartcard solutions to address 
privacy and identity theft. 
Contact swilson@lockstep.com.au.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]