[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pki-tc] PKI Hurdles. Re: [pki-tc] Meeting tomorrow
Anders raises a good point for discussion, especially with respect to the U.S. Government personal identity verification initiative, which is essentially intended for authentication for physical and logical systems. The access control components and additional applications are not an emphasis of the NIST FIPS-201 guidance. Of course, the U.S. government is a huge collection of agencies with thousands of stove-pipe systems, and a mix of legacy and COTS applications. Some believe that the PIV infrastructure will provide a basis for moving into the application space (in a decade?), given this environment, since it establishes a cross-government and government-contractor authentication foundation. __________________________________ John T. Sabo, CISSP Director, Security and Privacy Initiatives CA Tel: +1 703-708-3037 Mobile: +1 443-629-6198 Fax: +1 703-709-4820 ------------------------------------ This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@telia.com] Sent: Tuesday, May 16, 2006 3:29 PM To: Arshad Noor; PKI TC Subject: [pki-tc] PKI Hurdles. Re: [pki-tc] Meeting tomorrow >Yet, many countries around the world, the US Federal Government, >the cable/satellite industry, the DRM world all use PKI in one form or another. >What is the real reason that the general business >applications/IT developers shun PKI? I think the industry handles PKI quite appropriately. The US government have indeed advanced plans to purchase 30 million+ PIV cards for billions of USDs, but have so far spent close to nothing on PKI application research, or showing how they anticipate that PKI is to be used in general business applications including e-government dittos. Without any tangible information, application building outside of login becomes a pure guesswork. Makers of business applications cannot really do this guessing on their own. I am afraid that we have to wait another decade for these PKI application guidelines to surface. In the mean-time PKI consultants over the world, enjoy a great time spending tax-payer money, solving the same problem over and over and each time with a new twist, turning this PKI application integration circus into a virtual Perpetum Mobile. regards Anders Rundgren --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]