[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: [pki-tc] Today's PKIA TC con call]
[Re-send] -------- Original Message -------- Subject: [pki-tc] Today's PKIA TC con call Date: Wed, 22 Aug 2007 22:35:05 +1000 From: Stephen Wilson <swilson@lockstep.com.au> Organization: Lockstep To: pki-tc@lists.oasis-open.org Deal All Dee has just reminded me of our con call later today. Boy, the month flies past doesn't it?! I haven't managed to write up the minutes form last time, for which I apologise. My intention was to trigger more discussion over the mail list in between meetings, and again that hasn't happened. Nevertheless, let's see if we can pick up the dialogue where we left off. It was a good con call in July, we canvassed a lot of very interesting, high traction issues. There appears to be strong support for: (1) developing a few "position papers" that capture innovative, progressive thinking in PKI implementation, in order to help those interested in PKI come to terms with traditionally complex issues, and (2) developing case studies, following a template posted to the TC site. I wonder if anyone has managed to read the white papers I've previously posted, on "Relationship Certificates" or Bridge CAs? I believe some useful experiences and simplifying assumptions include the following: - CAs can be treated as "Security Printers", producing and signing certificates on demand from approved RAs, according to pre-agreed profiles ... such that the CA is quarantined from all responsibility for registration. It's just like check printing or prescription pad printing. - A digital certificate issued in order to express a certain relationship between RA and Subject is legally a simpler proposition than an assertion of "identity". If the certificate is a digital representation of e.g. a doctor's medical registration, then the certificate means nothing more and nothing less than the fact that the Subject appears on a medical registry. This is a very precise representation, that can be decoupled from the conduct of the Subject using the certificate. This simplifies legal liability. - To "pay for" this level of simplification, I think we need to anticipate having more certificates (as opposed to "one size fits all" identity certificate) and for each certificate to be restricted in its usage. - This last point to me resonates with 'identity plurality' trends implicit in identity 2.0. So ... can we continue the dialogue, exchange of ideas ... and see if we're getting closer to identifying topics and more importantly, volunteers to develop the first draft papers. Amnd of course make a start on the case studies? Many thanks. Talk soon, at 3:00 PM Eastern US Time today. Stephen Wilson Chair, OASIS PKI Adoption TC Managing Director, Lockstep Group Phone +61 (0)414 488 851 www.lockstep.com.au ------------------- Lockstep Consulting provides independent specialist advice and analysis on identity management, PKI and smartcards. Lockstep Technologies develops unique new smartcard technologies to address transaction privacy and web fraud.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]