OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [pki-tc] PKI Hurdles. Re: [pki-tc] Meeting tomorrow


Anders raises a good point for discussion, especially with respect to
the U.S. Government personal identity verification initiative, which is
essentially intended for authentication for physical and logical
systems.  The access control components and additional applications are
not an emphasis of the NIST FIPS-201 guidance.  Of course, the U.S.
government is a huge collection of agencies with thousands of stove-pipe
systems, and a mix of legacy and COTS applications.  Some believe that
the PIV infrastructure will provide a basis for moving into the
application space (in a decade?), given this environment, since it
establishes a cross-government and government-contractor authentication
foundation.  

__________________________________
John T. Sabo, CISSP 
Director, Security and Privacy Initiatives 
CA 
Tel: +1 703-708-3037 
Mobile: +1 443-629-6198 
Fax: +1 703-709-4820 
------------------------------------ 
This e-mail message is for the sole use of the intended recipient(s) and
may contain confidential and/or privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.

 

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren@telia.com] 
Sent: Tuesday, May 16, 2006 3:29 PM
To: Arshad Noor; PKI TC
Subject: [pki-tc] PKI Hurdles. Re: [pki-tc] Meeting tomorrow

>Yet, many countries around the world, the US Federal Government,
>the cable/satellite industry, the DRM world all use PKI in one form or
another.

>What is the real reason that the general business
 >applications/IT developers shun PKI?

I think the industry handles PKI quite appropriately.

The US government have indeed advanced plans to purchase 30 million+
PIV cards for billions of USDs, but have so far spent close to nothing
on PKI application research, or showing how they anticipate that PKI is
to be used in general business applications including e-government
dittos.

Without any tangible information, application building outside of login
becomes a pure guesswork.  Makers of business applications cannot
really do this guessing on their own.

I am afraid that we have to wait another decade for these PKI
application guidelines to surface.

In the mean-time PKI consultants over the world, enjoy a great time
spending tax-payer money, solving the same problem over and over
and each time with a new twist, turning this PKI application integration
circus into a virtual Perpetum Mobile.

regards
Anders Rundgren



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]