OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: re:[pki-tc] PKI TC - Deliverables

Personally I think that login and e-mail are actually very awkward
applications of PKI and do not represent best practice.  

There are many many other live applications that do represent best practice: 

- Austria's system for lodging all company registrations online with
digital signatures (2.5M Secure Signature Creation Devices in regular use) 
- USPTO online patent lodgement (a few thousand I think) 
- Pan Asia Alliance cross border trade documentation (200,000 active certs) 
- Australian Tax Office business tax returns (100,000) 
- Australian Health eSignature Authority (soon to expand rapidly into
PKI-enabled smartcards for healthcare professionals) 
- Electronic Conveyancing Victoria (in advanced planning stage)
- Taiwanese Playsafe gaming card (10,000 pilot, planned to expand to 5M) 
- Visa/Mastercard 3D Secure (numbers?) 
- Open Cable embedded certs in set-top boxes (millions?) 
- Electronic Certificate of Origin (ECO) projects in Japan, Korea, Sing 
- US FIPS-201 PIV card (PKI applications yet to be announced as far as I
know BUT NIST has stated that PKI is essential to resist Man In The Middle
attack, so one presumes that a whole raft of applications will soon be
built around the powerful embedded multi-certificate capability of the

Whether or not these applications have been documented to Anders'
satisfaction is another question.  

A minimalist approach would be to write these up as case studies (and
indeed, the Asia PKI Forum has asked the PKI TC to contribute to its Case
Book, which has been posted to the Members Website already). 

A slightly greater effort could be put into abstracting what it is about
these applications that make them ammenable to PKI, and then we could write
up a guideline or a manual to guide application selection and certificate



Stephen Wilson
Lockstep Consulting Pty Ltd
ABN 59 593 754 482

11 Minnesota Ave
Five Dock NSW 2046

P +61 (0)414 488 851


About Lockstep 
Lockstep was established in early 2004 by noted authentication expert
Stephen Wilson, to provide independent advice and analysis on cyber
security policy, strategy, risk management, and identity management. 
Lockstep is also developing unique new smartcard solutions to address
privacy and identity theft. 

> Dear List,
> Here is an extract from the current charter
> http://www.oasis-open.org/committees/pki/charter.php
> List of Deliverables
> A very wide range of topics will be addressed by the TC, and it is
expected that severalsub-committees will be formed. TC deliverables will
>   a.. business implementation guideline white papers 
>   b.. technical implementation guideline white papers 
>   c.. best practice and sample implementations 
>   d.. applications white papers forums for networking, information
sharing andimplementation of PKI-related projects 
>   e.. solutions showcase
> However, to date, no authoritative party have described in clear and
implementable wayshow you could apply PKI to processes outside of e-mail
and login.
> If this still is a goal, I would like to know how the PKI-TC is supposed
to carry out amission, nobody else have managed to do.
> Anders Rundgren

<Put email footer here>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]