Whither PKI-TC? (was Meeting tomorrow)

[Arshad Noor <arshad.noor@strongauth.com>]

I've heard some great feedback from the forum - over e-mail and
in the meeting - and I'm going to try to summarize what I heard.
Please correct me if I've misinterpreted/missed anything:

* Our charter is very broad and could encompass creating
   technical standards for the use of PKI, if appropriate;

* We ned to consider changing the rule that "punishes" voting
   members if they don't attend 2 consecutive meetings;

* We need to create a better perception of PKI, relative to
   other security technologies;

* We need to sharpen our message about PKI and the benefits it
   brings to business;

* We need to continue addressing the concerns raised in the PKI
   survey from 3 years ago - especially cost, user interfaces and
   technical understanding;

* Application guidelines are missing for integrating PKI, thus
   leading to non-standard implementations; the absence of
   "universal, open source, cross-platform API(s)" creates the
   biggest hurdles for use of PKI outside IA&A.

I may have missed some other messages, so please send them to
this list so we can add them to this summary.

I see these statements falling into 3 categories:

1) Administrative - (rule change about missing meetings), which
    we can change based on a vote, I imagine;

2) Communications - better articulation of our message towards
    creating a more favorable perception of PKI; and

3) Application guidelines - the lack thereof.

I'd like to get some feedback to this initial summarization.  If
the TC believes that this summary is on target, I'd like us to
think of project propsals to address these statements, as a next
step.

Thank you.

Arshad Noor
StrongAuth, Inc.


Arshad Noor wrote:
> Friends,
> 
> Since tomorrow is the first meeting that I will be conducting
> as the new chair, I wanted to take the opportunity for us to
> have a discussion around the TC's future.  Since I'm not sure
> everyone is on the Member Section alias (I'm not - and I'm not
> sure why), I'm sending you a message that I sent there last
> week to help spur some discussion tomorrow on this subject.
> 
> Whether you're a regular participant to the TC meetings or
> not, I'd like to invite you to attend this session tomorrow
> to provide some input on the two topics outlined below.
> 
> If you cannot join us due to other commitments, please send
> us your feedback on this list, so we can incorporate it into
> our discussion.
> 
> As the internet gets more dangerous and awareness increases
> amongst software developers/architects, I strongly believe
> that the use of public-key cryptograpy is on the threshold
> of a new dawn.  I'm hoping that you can join us in taking
> advantage of this new awareness, and in helping shape the
> way the technology can help your company or you, personally.
> 
> The topics I'd like to discuss tomorrow are:
> 
> 1) As a technical committee, what technology standards do we
>    establish given that PKIX establishes international technical
>    standards for PKI, and W3C has established XMLSignature,
>    XMLEncryption and XKMS as standards?  What value do we
>    add to the field of PKI to justify our existence?
> 
> 2) The TC conducted a survey 2-3 years ago that highlighted
>    why people were not using PKI.  Yet, many countries around
>    the world, the US Federal Government, the cable/satellite
>    industry, the DRM world all use PKI in one form or another.
>    What is the real reason that the general business
>    applications/IT developers shun PKI?  (Being an applications
>    developer myself, I have some notions on this that I'd like
>    to discuss in the TC, but I want to hear from everybody else
>    first).
> 
> We may not have enough time to cover this discussion tomorrow,
> but I hope to begin it over e-mail, and continue on the phone
> and e-mail.  Ann Terwilliger has kindly arranged for a toll-free
> number (in the US) for this meeting.  It is:
> 
> Date/Time:     MAY, 17 2006 at 9:00 AM America/Los_Angeles
> Length:        60
> Meeting ID:    3661
> Phone Number:    877-847-2001 (USA & Canada) or 650-432-0111
> 
> I hope to hear from you.  Thank you.
> 
> Arshad Noor
> StrongAuth, Inc.
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in 
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php