OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [Fwd: [pki-tc] Today's PKIA TC con call]


-------- Original Message --------
Subject: [pki-tc] Today's PKIA TC con call
Date: Wed, 22 Aug 2007 22:35:05 +1000
From: Stephen Wilson <swilson@lockstep.com.au>
Organization: Lockstep
To: pki-tc@lists.oasis-open.org

Deal All

Dee has just reminded me of our con call later today.  Boy, the month
flies past doesn't it?!  I haven't managed to write up the minutes form
last time, for which I apologise.

My intention was to trigger more discussion over the mail list in
between meetings, and again that hasn't happened.

Nevertheless, let's see if we can pick up the dialogue where we left
off.  It was a good con call in July, we canvassed a lot of very
interesting, high traction issues.

There appears to be strong support for:

(1) developing a few "position papers" that capture innovative,
progressive thinking in PKI implementation, in order to help those
interested in PKI come to terms with traditionally complex issues, and

(2) developing case studies, following a template posted to the TC site.

I wonder if anyone has managed to read the white papers I've previously
posted, on "Relationship Certificates" or Bridge CAs?   I believe some
useful experiences and simplifying assumptions include the following:

- CAs can be treated as "Security Printers", producing and signing
certificates on demand from approved RAs, according to pre-agreed
profiles ... such that the CA is quarantined from all responsibility for
registration.  It's just like check printing or prescription pad printing.

- A digital certificate issued in order to express a certain
relationship between RA and Subject is legally a simpler proposition
than an assertion of "identity".  If the certificate is a digital
representation of e.g. a doctor's medical registration, then the
certificate means nothing more and nothing less than the fact that the
Subject appears on a medical registry.  This is a very precise
representation, that can be decoupled from the conduct of the Subject
using the certificate.  This simplifies legal liability.

- To "pay for" this level of simplification, I think we need to
anticipate having more certificates (as opposed to "one size fits all"
identity certificate) and for each certificate to be restricted in its

- This last point to me resonates with 'identity plurality' trends
implicit in identity 2.0.

So ... can we continue the dialogue, exchange of ideas ... and see if
we're getting closer to identifying topics and more importantly,
volunteers to develop the first draft papers.  Amnd of course make a
start on the case studies?

Many thanks.  Talk soon, at 3:00 PM Eastern US Time today.

Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group

Phone +61 (0)414 488 851

Lockstep Consulting provides independent specialist advice and analysis
on identity management, PKI and smartcards.  Lockstep Technologies
develops unique new smartcard technologies to address transaction
privacy and web fraud.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]