Hal,
If you want a vendor
independent set of certificates, my organization can
volunteer.
Security Crossing is
willing to provide the following:
1)
A signing CA, will
the sole function of providing SSL certificates for the Burton
demonstration.
2)
PKCS10 and PEM based
certification and revocation requests via email.
3)
Internet publication
of the root certificate and a CRL covering the demonstration
period.
On this list I only
know Hal personally, but I believe I know someone in management at every
organization on this email that with attest to my ability to fulfill this need
and remain independent.
Please let me know if
you are interested.
Thank you,
Ken.
-----Original
Message-----
From: Hal
Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Tuesday, May 14,
2002 10:14
AM
To:
saml-dev@lists.oasis-open.org
Cc: 'Irving.Reid@baltimore.com';
'Carlisle Adams'; 'rphilpott@rsasecurity.com'; 'abrown@verisign.com';
'mshilts@verisign.com'
Subject: [saml-dev] Web Server
Certificates
The
Interop spec currently says:
Browser: users will access URLs
protected by SSL. Please check to see that the recommended browsers (type and
version number) trust the certificate root for the certificate you plan to use
to secure your https URLs.
Since
several of the organizations involved in this demo own the roots in
question, (at least: Baltimore, Entrust?, RSA and Verisign) is somebody
willing to act as a sponsor and issue short lived SSL server certificates for
the purpose of this demo. I am sure the Burton Group would agree to some
signage on the order of "certificates provided by...". It might be a good way
to remind people that SAML builds on other security mechanisms, it does not
replace them.
How
about it guys? Any takers?