[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pki-tc] A Call to Action!
I can probably did up some potential implementations of SAML on top of PKI.
Is this of interest? I think the entire healthcare systems in Denmark and
France are working on this now.
Dee
-----Original Message-----
From: Stephen Wilson [mailto:swilson@lockstep.com.au]
Sent: Thursday, November 01, 2007 1:38 PM
To: pki-tc@lists.oasis-open.org
Subject: [pki-tc] A Call to Action!
Dear PKI-TC Members.
We need your help!
We've all 'signed up' to do something collectively to improve
understanding of PKI, and develop fresh outreach materials. Yet
progress remains too slow. Only four case studies have been finalised,
and despite early indications that there was interest in new and
innovative position papers, we still haven't got any real engagement or
group discussion happening via the e-mail list.
I have to say frankly that the turnout for yesterday's scheduled
conference call was extremely disappointing, especially given the
prompts I sent out the week prior (see below).
Obviously everyone's busy, but we're all in this together, and we all
agree that education remains a key factor to improving our industry.
I'm appealing to you all to put in two or three hours a month, to make
the PKIA TC really worthwhile. Let's try to have:
(1) comments and discussion on the list about the references attached
(or anything else you might have that could inform position papers)
(2) more case studies (the template is available at the TC member site)
(3) a good turnout for the next conference call, on the last
Wednesday in November.
Thanks everyone.
Cheers,
Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group
Phone +61 (0)414 488 851
www.lockstep.com.au
-------------------
Lockstep Consulting provides independent specialist advice and analysis
on identity management, PKI and smartcards. Lockstep Technologies
develops unique new smartcard technologies to address transaction
privacy and web fraud.
-------- Original Message --------
Subject: [pki-tc] For discussion at next meeting
Date: Tue, 23 Oct 2007 04:27:37 +1000
From: Stephen Wilson <swilson@lockstep.com.au>
Organization: Lockstep
To: pki-tc@lists.oasis-open.org
Hello everyone.
Thanks again for those who have produced case studies, we're building up
a nice set! These will be posted soon on the totally new IDtrust
Resources Page. Keep up the good work!
Meanwhile I'd like to get some discussion happening at the next PKIA TC
con call around a new whitepaper or two on strategic issues -- fresh
thinking in PKI. To get things rolling, I attach two papers on new ways
to apply PKI and govern it. These are meant only to seed discussion.
I got some good feedback from Peter Alterman on the "Security Printer"
concept. This is where a CA operates on a wholesale sort of basis,
producing certificates on request from authorised RAs, targeting
particular independent applications. A security printer can service
multiple customers (e.g. different banks for cheques, different concert
organisers for tickets, different doctors for prescription pads) and
remain insulated from liabilities arising from misuse of those different
paper products. The printer's liabilities concern quality of printing,
protection of special equipment and paper stock, personnel security etc.
All these attributes are strongly analagous to governance of CAs. So
the "security printer model" suggests we can better define the
demarcation of RA and CA in the CP/CPS, and generally de-mystify and
simply the legal arrangements or CA, RA and Subject.
The other paper is an earlier attempt to re-imagine certificates as
representing relationships instead of personal identity per se. In the
current climate, the idea of Relationship Certificates seems to me to
resonate with "Identity 2.0".
Perhaps a PKIA TC discussion paper that relates 'modern' PKI to Identity
2.0 at the policy and governance level would be useful and achievable?
So ... please take an hour or so between now and next week to read and
think about these issues, and we'll talk on the 31st.
Reminder of the call schedule:
Wed, 31 Oct, 03:00pm ET
Wed, 28 Nov, 03:00pm ET
Wed, 26 Dec, 03:00pm ET *** To be re-scheduled because of Boxing Day ***
Cheers,
Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group
Phone +61 (0)414 488 851
www.lockstep.com.au
-------------------
Lockstep Consulting provides independent specialist advice and analysis
on identity management, PKI and smartcards. Lockstep Technologies
develops unique new smartcard technologies to address transaction
privacy and web fraud.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]