Restarting PKI-TC. Was: Meeting tomorrow

["Anders Rundgren" <anders.rundgren@telia.com>]

If a restart is needed I think that the best is to do what John Sabo
indicated, see what the members want to deal with.  I have some
possible tasks here:
- Standards development and gap analysis
- PKI guidelines

So far I have not seen any interest in these areas.  Regarding gap
analysis here is an incomplete list of what is missing today:
#1 Web signing
#2 On-line key gen certification.  Although both IE and FF feature this
function, it works pretty bad and at least in the EU, many eID providers
have been forced to develop proprietary functions.
#3 Although SSL/HTTPS client-auth is a standard it is also rather
user-unfriendly and features a limited certificate selection scheme.
That hardly nobody use HTTP authentication but rather use forms,
is yet another indication that the principle behind the built-in web
authentication mechanisms is not good enough.

Anders Rundgren

----- Original Message ----- 
From: "Arshad Noor" <arshad.noor@strongauth.com>
To: "PKI TC" <pki-tc@lists.oasis-open.org>
Sent: Tuesday, May 16, 2006 20:09
Subject: [pki-tc] Meeting tomorrow


Friends,

Since tomorrow is the first meeting that I will be conducting
as the new chair, I wanted to take the opportunity for us to
have a discussion around the TC's future.  Since I'm not sure
everyone is on the Member Section alias (I'm not - and I'm not
sure why), I'm sending you a message that I sent there last
week to help spur some discussion tomorrow on this subject.

Whether you're a regular participant to the TC meetings or
not, I'd like to invite you to attend this session tomorrow
to provide some input on the two topics outlined below.

If you cannot join us due to other commitments, please send
us your feedback on this list, so we can incorporate it into
our discussion.

As the internet gets more dangerous and awareness increases
amongst software developers/architects, I strongly believe
that the use of public-key cryptograpy is on the threshold
of a new dawn.  I'm hoping that you can join us in taking
advantage of this new awareness, and in helping shape the
way the technology can help your company or you, personally.

The topics I'd like to discuss tomorrow are:

1) As a technical committee, what technology standards do we
    establish given that PKIX establishes international technical
    standards for PKI, and W3C has established XMLSignature,
    XMLEncryption and XKMS as standards?  What value do we
    add to the field of PKI to justify our existence?

2) The TC conducted a survey 2-3 years ago that highlighted
    why people were not using PKI.  Yet, many countries around
    the world, the US Federal Government, the cable/satellite
    industry, the DRM world all use PKI in one form or another.
    What is the real reason that the general business
    applications/IT developers shun PKI?  (Being an applications
    developer myself, I have some notions on this that I'd like
    to discuss in the TC, but I want to hear from everybody else
    first).

We may not have enough time to cover this discussion tomorrow,
but I hope to begin it over e-mail, and continue on the phone
and e-mail.  Ann Terwilliger has kindly arranged for a toll-free
number (in the US) for this meeting.  It is:

Date/Time: MAY, 17 2006 at 9:00 AM America/Los_Angeles
Length: 60
Meeting ID: 3661
Phone Number: 877-847-2001 (USA & Canada) or 650-432-0111

I hope to hear from you.  Thank you.

Arshad Noor
StrongAuth, Inc.

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php