OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [pki-tc] re:[pki-tc] Application SC report


The PAA sounds interesting, Stephen.  My interest for this goal
would be in the "Secure Cross-border Transaction Services" project;
it implies using PKCS to digitally sign (and/or encrypt) documents
between entities.

While I agree with you that something as focused as this must
have created a model and tools, is the PAA amenable to sharing
this for dissemination to the Internet?  One of my goals is to
have an open-source toolkit that can be integrated into other
open-source "products" such as MySQL, JBoss, Tomcat & Firefox
to ensure wide dissemination.

I will work on the paper and send it out to the TC in the next
week or two.  Thanks for the prompt response.

Arshad Noor
StrongAuth, Inc.

Stephen Wilson wrote:
> Arshad wrote: 
> 
> [snip]
> 
> 
>>I, thus, propose that the Application SC undertake the following for
>>2005  to start making PKI as ubiquitous in transactions as it is in
>>SSL/TLS:
>>
>>1) Identify models that can serve Transaction-PKI; examples are
>>    S/MIME, TLS, DSS, etc. (need to come up with models that are
>>    both XML and non-XML based);
>>2) Determine if the model(s) are capable of serving the needs of
>>    Transaction-PKI;
>>3) Determine gaps and what it takes to cover those gaps;
>>4) Get resources to cover those gaps;
>>5) Start promoting the model;
>>
>>Comments?  Suggestions?
>>
>>Arshad Noor
>>StrongAuth, Inc.
> 
> 
> 
> I believe that one of the strongest PKI applications has been the 
> Tradelink system in Hong Kong for electronic trade documentation.  Indeed, 
> it represents a whole PKI scheme.  It is at least 7 years old, with over 
> 100,000 certificates in active use.  
> 
> In recent years, the Tradelink experience has spawned the regional Pan 
> Asia Alliance (PAA) involving cross recognition of commercial CAs in 
> several countries.  See www.paa.net.  Their focus is still electornic 
> trade documentation, which has a strong buisness case, with demonstrated 
> benefits for large numbers of entities across the region. I would expect 
> that a suite of architectural resources/models and business analyses (and 
> support software) would have grown up around PAA.  
> 
> So ... may I suggest that we reach out to PAA via the Asia PKI Forum, to 
> swap notes on Transaction-PKI models as outlined by Arshad?  
> 
> SUGGESTION
> Arshad: if you could prepare a somewhat more detailed (one page) 
> expression of your interests in 'Transaction-PKI models' then I could 
> table it at the Asia PKI Forum in Japan next month, and also reach out to 
> my good friends in the PAA for further details. 
> 
> Cheers, 
> 
> Stephen.
> 
> 
> 
> Stephen Wilson
> Lockstep Consulting Pty Ltd
> ABN 59 593 754 482
> 
> 11 Minnesota Ave
> Five Dock NSW 2046
> Australia
> 
> P +61 (0)414 488 851
> 
> --------------------
> 
> About Lockstep 
> Lockstep was established in early 2004 by noted authentication expert 
> Stephen Wilson, to provide independent advice and analysis on cyber 
> security policy, strategy, risk management, and identity management.  
> Lockstep is also developing unique new smartcard solutions to address 
> privacy and identity theft. 
> Contact swilson@lockstep.com.au. 
> 
> 
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/leave_workgroup.php.
> 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]