[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Getting ready for this week's con call
Hi everyone. Getting ready for the next con call, I wanted to make a direct appeal to you all, so we can hit the ground running. I reckon two of the most important (and most practicable) things we can do is (1) develop case studies, as discussed last meeting, and (2) draft "position papers" on some of the contentious issues. I'd like to think we can develop new ways around some of the classic problems in e.g. interoperability, and bring new approaches to the attention of regulators and policy makers. So I'd like to call for volunteers later this week to make a start on case studies and policy papers. The case study template will be posted shortly to the TC website. Another matter is that we have yet to sign off on the draft Action Plan. This too is available at the TC website. The draft plan contained some scene-setting materials that may or may not have been seen as a little provocative. Can I prepare you all for the next meeting by perhaps drawing attention to two aspects of the Action Plan, to see if we're all on the same page (if not, the debate will be good!). --------------------------------- [1] Situation analysis The PKIA TC believes that the worldwide PKI situation is characterised: — Digital Certificates are now more about a context-specific relationship between the issuer and the subject, rather than the pure personal identity of users. — More broadly, we are in the midst of a paradigm shift towards identity plurality ... With specific regard to PKI, influential commentators such as Steve Kent have highlighted the error of orthodox “Big CAs” assuming “that one identity is sufficient for all applications, which contradicts experience”. — PKI is becoming more application specific (or vertically based), and not general purpose. Until recently, the fact that PKI’s successes were mainly in closed or vertical schemes was seen as a sort of compromise, and many held out hope that in the longer term, bigger general purpose PKIs would still eventuate. However, the preponderance of closed PKI can be better understood as simply reflecting the reality of multiple identities. As identity plurality becomes the norm, we expect expectations of PKI to become more realistic and achievable. ------------------------- [2, One of the proposed activities] Develop and publish PKI position papers that de-mystify PKI and act as source material for implementers and regulators of PKI schemes. Target: (1) regulatory issues, (2) legal issues, (3) interoperability, and (4) outsourcing. ------------------------- So ... does the group indeed see things this way? And would we be prepared to start to develop papers about these four issues? Or are there others? Talk to you soon. Cheers, Stephen Wilson. Chair, OASIS PKI Adoption TC Managing Director, Lockstep Group Phone +61 (0)414 488 851 www.lockstep.com.au ------------------- Lockstep Consulting provides independent specialist advice and analysis on identity management, PKI and smartcards. Lockstep Technologies develops unique new smartcard technologies to address transaction privacy and web fraud. www.lockstep.com.au
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]