OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: For discussion at next meeting

Hello everyone.

Thanks again for those who have produced case studies, we're building up 
a nice set!  These will be posted soon on the totally new IDtrust 
Resources Page.  Keep up the good work!

Meanwhile I'd like to get some discussion happening at the next PKIA TC 
con call around a new whitepaper or two on strategic issues -- fresh 
thinking in PKI.  To get things rolling, I attach two papers on new ways 
to apply PKI and govern it.  These are meant only to seed discussion.

I got some good feedback from Peter Alterman on the "Security Printer" 
concept.  This is where a CA operates on a wholesale sort of basis, 
producing certificates on request from authorised RAs, targeting 
particular independent applications.  A security printer can service 
multiple customers (e.g. different banks for cheques, different concert 
organisers for tickets, different doctors for prescription pads) and 
remain insulated from liabilities arising from misuse of those different 
paper products.  The printer's liabilities concern quality of printing, 
protection of special equipment and paper stock, personnel security etc. 
  All these attributes are strongly analagous to governance of CAs.  So 
the "security printer model" suggests we can better define the 
demarcation of RA and CA in the CP/CPS, and generally de-mystify and 
simply the legal arrangements or CA, RA and Subject.

The other paper is an earlier attempt to re-imagine certificates as 
representing relationships instead of personal identity per se.  In the 
current climate, the idea of Relationship Certificates seems to me to 
resonate with "Identity 2.0".

Perhaps a PKIA TC discussion paper that relates 'modern' PKI to Identity 
2.0 at the policy and governance level would be useful and achievable?

So ... please take an hour or so between now and next week to read and 
think about these issues, and we'll talk on the 31st.

Reminder of the call schedule:

Wed, 31 Oct, 03:00pm ET
Wed, 28 Nov, 03:00pm ET
Wed, 26 Dec, 03:00pm ET *** To be re-scheduled because of Boxing Day ***


Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group

Phone +61 (0)414 488 851

Lockstep Consulting provides independent specialist advice and analysis 
on identity management, PKI and smartcards.  Lockstep Technologies 
develops unique new smartcard technologies to address transaction 
privacy and web fraud.

Lockstep WP03 CA as Security Printer (1.1).pdf

Lockstep WP02 RelationCerts Model (1.4).pdf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]