OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [pki-tc] Meeting tomorrow


Arshad,

I am at a meeting in Ottawa and may not be able to break for the
meeting, but I believe you are asking good questions about what
direction the PKI TC should move in.  The PKI TC is unusual for OASIS
because it is a continuation of the old PKI Forum, which, except for
some work on attempting to harmonize certificate management protocols,
essentially was a forum for vendors and users to come together and look
at PKI from a number of "business" perspectives - policies, business
process and value, general technical understanding, etc. There was a
technical committee which did a lot of cross vendor work, but it worked
with standards and certainly didn't write them.  The PKI TC charter
essentially reflects this business/usage focus and is very broad,
allowing a large variety of initiative depending on member interest.

Like other industry organizations, the work of the PKI TC is
member-driven. So you are right on target to start this discussion and
develop a new plan for the TC, especially at a time when security
vulnerabilities and threats continue to rise, and risks more complex to
manage.  

One general area of possible focus - addressing how PKI be of use in
better risk management given today's networking risks, especially
document spoofing (phishing), social engineering attacks, and
document/web authenticity requirements?  

John



__________________________________
John T. Sabo, CISSP 
Director, Security and Privacy Initiatives 
CA 
Tel: +1 703-708-3037 
Mobile: +1 443-629-6198 
Fax: +1 703-709-4820 
------------------------------------ 
This e-mail message is for the sole use of the intended recipient(s) and
may contain confidential and/or privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.

 

-----Original Message-----
From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
Sent: Tuesday, May 16, 2006 2:10 PM
To: PKI TC
Subject: [pki-tc] Meeting tomorrow

Friends,

Since tomorrow is the first meeting that I will be conducting
as the new chair, I wanted to take the opportunity for us to
have a discussion around the TC's future.  Since I'm not sure
everyone is on the Member Section alias (I'm not - and I'm not
sure why), I'm sending you a message that I sent there last
week to help spur some discussion tomorrow on this subject.

Whether you're a regular participant to the TC meetings or
not, I'd like to invite you to attend this session tomorrow
to provide some input on the two topics outlined below.

If you cannot join us due to other commitments, please send
us your feedback on this list, so we can incorporate it into
our discussion.

As the internet gets more dangerous and awareness increases
amongst software developers/architects, I strongly believe
that the use of public-key cryptograpy is on the threshold
of a new dawn.  I'm hoping that you can join us in taking
advantage of this new awareness, and in helping shape the
way the technology can help your company or you, personally.

The topics I'd like to discuss tomorrow are:

1) As a technical committee, what technology standards do we
    establish given that PKIX establishes international technical
    standards for PKI, and W3C has established XMLSignature,
    XMLEncryption and XKMS as standards?  What value do we
    add to the field of PKI to justify our existence?

2) The TC conducted a survey 2-3 years ago that highlighted
    why people were not using PKI.  Yet, many countries around
    the world, the US Federal Government, the cable/satellite
    industry, the DRM world all use PKI in one form or another.
    What is the real reason that the general business
    applications/IT developers shun PKI?  (Being an applications
    developer myself, I have some notions on this that I'd like
    to discuss in the TC, but I want to hear from everybody else
    first).

We may not have enough time to cover this discussion tomorrow,
but I hope to begin it over e-mail, and continue on the phone
and e-mail.  Ann Terwilliger has kindly arranged for a toll-free
number (in the US) for this meeting.  It is:

Date/Time: 	MAY, 17 2006 at 9:00 AM America/Los_Angeles
Length:		60
Meeting ID:	3661
Phone Number:	877-847-2001 (USA & Canada) or 650-432-0111

I hope to hear from you.  Thank you.

Arshad Noor
StrongAuth, Inc.

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]