OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Getting ready for this week's con call

Hi everyone.

Getting ready for the next con call, I wanted to make a direct appeal to 
you all, so we can hit the ground running.

I reckon two of the most important (and most practicable) things we can 
do is (1) develop case studies, as discussed last meeting, and (2) draft 
  "position papers" on some of the contentious issues.  I'd like to 
think we can develop new ways around some of the classic problems in 
e.g. interoperability, and bring new approaches to the attention of 
regulators and policy makers.

So I'd like to call for volunteers later this week to make a start on 
case studies and policy papers.

The case study template will be posted shortly to the TC website.

Another matter is that we have yet to sign off on the draft Action Plan. 
  This too is available at the TC website.

The draft plan contained some scene-setting materials that may or may 
not have been seen as a little provocative.

Can I prepare you all for the next meeting by perhaps drawing attention 
to two aspects of the Action Plan, to see if we're all on the same page 
(if not, the debate will be good!).

[1] Situation analysis

The PKIA TC believes that the worldwide PKI situation is characterised:
— Digital Certificates are now more about a context-specific 
relationship between the issuer and the subject, rather than the pure 
personal identity of users.
— More broadly, we are in the midst of a paradigm shift towards identity 
plurality ... With specific regard to PKI, influential commentators such 
as Steve Kent have highlighted the error of orthodox “Big CAs” assuming 
“that one identity is sufficient for all applications, which contradicts 
— PKI is becoming more application specific (or vertically based), and 
not general purpose.

Until recently, the fact that PKI’s successes were mainly in closed or 
vertical schemes was seen as a sort of compromise, and many held out 
hope that in the longer term, bigger general purpose PKIs would still 
eventuate.  However, the preponderance of closed PKI can be better 
understood as simply reflecting the reality of multiple identities.   As 
identity plurality becomes the norm, we expect expectations of PKI to 
become more realistic and achievable.

[2, One of the proposed activities]

Develop and publish PKI position papers that de-mystify PKI and act as 
source material for implementers and regulators of PKI schemes.  Target:
(1) regulatory issues,
(2) legal issues,
(3) interoperability, and
(4) outsourcing.


So ... does the group indeed see things this way?  And would we be 
prepared to start to develop papers about these four issues?  Or are 
there others?

Talk to you soon.  Cheers,

Stephen Wilson.
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group

Phone +61 (0)414 488 851

Lockstep Consulting provides independent specialist advice and analysis 
on identity management, PKI and smartcards.  Lockstep Technologies 
develops unique new smartcard technologies to address transaction 
privacy and web fraud.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]