Today's PKIA TC con call

[Stephen Wilson <swilson@lockstep.com.au>]

Deal All

Dee has just reminded me of our con call later today.  Boy, the month 
flies past doesn't it?!  I haven't managed to write up the minutes form 
last time, for which I apologise.

My intention was to trigger more discussion over the mail list in 
between meetings, and again that hasn't happened.

Nevertheless, let's see if we can pick up the dialogue where we left 
off.  It was a good con call in July, we canvassed a lot of very 
interesting, high traction issues.

There appears to be strong support for:

(1) developing a few "position papers" that capture innovative, 
progressive thinking in PKI implementation, in order to help those 
interested in PKI come to terms with traditionally complex issues, and

(2) developing case studies, following a template posted to the TC site.

I wonder if anyone has managed to read the white papers I've previously 
posted, on "Relationship Certificates" or Bridge CAs?   I believe some 
useful experiences and simplifying assumptions include the following:

- CAs can be treated as "Security Printers", producing and signing 
certificates on demand from approved RAs, according to pre-agreed 
profiles ... such that the CA is quarantined from all responsibility for 
registration.  It's just like check printing or prescription pad printing.

- A digital certificate issued in order to express a certain 
relationship between RA and Subject is legally a simpler proposition 
than an assertion of "identity".  If the certificate is a digital 
representation of e.g. a doctor's medical registration, then the 
certificate means nothing more and nothing less than the fact that the 
Subject appears on a medical registry.  This is a very precise 
representation, that can be decoupled from the conduct of the Subject 
using the certificate.  This simplifies legal liability.

- To "pay for" this level of simplification, I think we need to 
anticipate having more certificates (as opposed to "one size fits all" 
identity certificate) and for each certificate to be restricted in its 
usage.

- This last point to me resonates with 'identity plurality' trends 
implicit in identity 2.0.


So ... can we continue the dialogue, exchange of ideas ... and see if 
we're getting closer to identifying topics and more importantly, 
volunteers to develop the first draft papers.  Amnd of course make a 
start on the case studies?

Many thanks.  Talk soon, at 3:00 PM Eastern US Time today.

Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group

Phone +61 (0)414 488 851

www.lockstep.com.au
-------------------
Lockstep Consulting provides independent specialist advice and analysis 
on identity management, PKI and smartcards.  Lockstep Technologies 
develops unique new smartcard technologies to address transaction 
privacy and web fraud.