Rejoinder to ``Breakdown and groups'' by P. L. Davies and U. Gather
Members Meeting December, 2000 Sydney. Sydney Meeting u 73 Attendees u Day 1 Plenary provided...
-
Upload
lydia-poole -
Category
Documents
-
view
212 -
download
0
Transcript of Members Meeting December, 2000 Sydney. Sydney Meeting u 73 Attendees u Day 1 Plenary provided...
Members MeetingDecember, 2000
Sydney
Sydney Meeting
73 Attendees Day 1 Plenary provided valuable input for
the working groups 5 working groups progressed existing work
items and introduced new work items First deliverables of both TWG and BWG
received final review
Technical Working Technical Working GroupGroup
Working Group Introduction Session
Introductions Objectives and Ground Rules Project and White Paper Objectives Status at end of September Meeting
Participants December September
Vendor 13 45% 20 43%
ISV/Exploiter 12 41% 16 38%
Customer 4 9% 10 24%
29 46
CMP Interoperability Project
Robert Moskowitz Goals
– Establish the baseline of mandatory CMP functions• Done!
– Establish the optional, but important CMP functions• Done!
– Expose any deficiencies of difficulties with the specification and provide needed feedback to the IETF on recommended changes to the specification• Progress!
– Provide the foundation for future product testing so that customers will be able to buy PKI products with confidence• Light at the end of the tunnel!
CA-CA Interoperation
Steve Lloyd Goal – Identify problem areas Sources – Government specifications Several options of CA-CA relationships
have varying applicability Schedule – Final Draft 22 December 2000 APEC meeting in March How to do profiling (Davis lead, 4 others)
Token Interoperability
John Hughes (Andrew Nash Reporting) White Papers
– Scope of White Paper• Token interoperability inhibits• Environments• PKCS 11, 15 vs. IETF• Need a “Token Best Practices”
– Chapters• Business Requirements, API’s, Token Formats, Mobile Users,
Recommendations• Chapter owners
– Slow progress, draft by March meeting
UK Government Interoperability Trial
Richard Lampert 15 participants (many more than expected) “Island department PKIs” with domain Common repository (X500 from Novel) Number of vendors implies detail planning Internet trial followed by face to face test Open day for Government Customers in April
2001 Test report in April 2001
Interoperability White Paper Review
Steve Lloyd and Lisa Pretty Concepts from Tim Polk presentation in
March 2000 Definition of terms for interoperability Final comments by Dec 11 Board approval Dec 13 Possible publish in “international
magazine”
Application Certificate Use Project
David Crowe Results Datasheets completed by testers Certificate library
– Review process will be required Datasheets
– Product Descriptions, functionality, configuration notes Test Scripts
– SSL, S/MIME e-mail, Cert Path construction and validation
Application Cert Use Status
Cert library Considerations– Unicert 12.7 cert– CRL Dist Points (by agreement)– Do need PKCS 12– Need CRLs that don’t expire and CRL’s you
would get from CDP Participation and lack of progress
Steve Orlowski
Steve is from APEC eSecurity Task Group Certs under multiple jurisdictions
– Singapore, Japan, Korea– Govt schemes Australia, USA
Key is accreditation Criteria similar, but hard to line up APEC/EU common criteria
– Certificate to support international trade– Fitness for purpose based
OCSP Testing Proposal
Alistair Grant Based on questions from customers Testing Categories
– ASN.1, CertID interpretation, sig conformance, extensions, return code, scenarios Test Groups
– Responder/resp, client/resp, CA/resp Likely hot spots
– Req sig, resp sig, IssuerKey Hash Next steps
– Define set of tasks– Produce project plan/deliverables
Points– 1– 2– German paper
Rob Moskowitz or Carlin Kovey
Path Construction White Paper
Mark Davis High interest in paper Theoretical issues under control
– Graph theory algorithms Operational and implementation problems issue
– Repository/schema problems– Resource problems– Deployment problems– More help from protocols and business process
WP contribution is guidance on operational matters Do we have experience and resources
Community of Interest Discussion
Stephen Wilson Policy OIDs of CA’s and resolution of
multiple CA Audit certificate carries OID Many topics to continue discussion on he
list Stephen Wilson will circulate his paper
LDAP White Paper
Dave Finkelstein (Andrew Nash Presenting) David writing straw man paper to get motion Draft circulated by end of December Patrick Fantou report on LDAP Survey
– Reduce Circulate– Detail questions – too large to complete– Missing areas – application use, name mapping, how
searches are done, path constructions– Coordinate with other surveys– Direction: survey, then WP, or survey and WP in ||
Technical Interoperability
Robert Moscowitz Issues on CA’s, Lifecycle, repositories,
Certificate validation Why have infrastructure, then how does it Bob will submit draft for consideration
Marketing/Education Marketing/Education Working GroupWorking Group
Mission Statement
The Education Work Group’s mission is to create informational pieces that help promote the understanding and value of PKI from both a business and technical perspective.
PKI Tutorial and White Paper Companion
2 Separate presentations– Business target audience
• PPT
– Technical target audience• PPT
Rollout Timeline
3 Review target dates– Dec 22, 2000 submission to ED WG for final
comments– Jan 15, 2001 submission to BWG and TSG for
comments– Jan 31, 2001 submission to Board for approval
Feb 14, 2001 final version posted to web site
New Project : Security in E-Business
Biz confidence is based on trust. Biz wants to move/is moving more
processes to the electronic world Same trust is required in the physical and
electronic world PKI helps mitigate business risk in the
electronic world
E-Business White Paper:
Security in E-Business White Paper Authors: Mike Jeffries, Dan Morrison, Bill
Franklin 1st Draft for ED WG review: Dec 22, 2000
Policy & Privacy Policy & Privacy Working GroupWorking Group
Policy and Privacy Working Group Summary
11 participants over two days Reviewed Montreal meeting project proposals Reviewed submitted Work Items Moved one item to final draft, one item to final
WG review Created mission statement, objectives,work plan
approval process, future meeting schedule Had great commitment from the team
Policy and Privacy Working Group Summary
Mission Statement: – “To provide information and guidance on the
policy and privacy needs and issues related to the development, implementation, and usage of PKI.”
Policy and Privacy Working Group Summary
Objectives:• Develop documents defining high-level
environments, principles, policies, and practices which support government, business, and consumer use of PKI to perform electronic processes
• Develop documents defining the implementation of privacy policies using PKI
• Develop projects that promote understanding and provide guidance for the implementation of policies across jurisdictions using PKI
Policy and Privacy Working Group Summary
Major Current Work Items– PKI Policy Principles
• agreed to final draft
• will send for BWG/TWG final review
– PKI Policy Note• agreed to revised language
• will include one additional business example
• Expect WG review within 2-3 weeks and final draf t in January
– E-Sign Analysis• Established working committee to address re-write
Other Work Items – future meetings-calls
Best PracticesBest PracticesWorking GroupWorking Group
Best PracticesSummary
Wed December 6th: New Members (Japan & India) Definition
– guideline based on material that is – pertinent– actionable– enforceable– auditable
Need common glossary, maybe RFC2828
Best PracticesSummary
Actions/dates assigned for BP chapters:– Value proposition – Risk Management – Planning for successful PKI deployment – Key management– Audit - 3rd party attestation– Legal FAQ and pointers– Registration procedures– TimeStamping/proofing– Accreditation and independent validation
Info to come from APac, NA, and EU
Best PracticesSummary
Best practices evolve with time (mechanism to keep current)
Conclusion– Monthly conference calls are needed to
progress this work– Chair will distribute draft Best Practices paper
by 14 February 2001 Thurs December 7th - n/a
Best PracticesGeneral Comments
Need to avoid duplication of effort - WG Chairs need to communicate and WG members should have a synopsis of activities and boundaries of each group
Board should be providing members with – schedule of PKIForum-level deliverables across
all WGs– copy of PKIForum Business Plan that describes
linkages between all working (and sub-working) groups
ApplicationsApplicationsWorking GroupWorking Group
Applications Summary
Revised Mission Statement– To provide a forum that encourages sharing
business experience, and to produce deliverables that highlight the driving PKI applications within Financial Services, Healthcare, Government, and other influential vertical markets.
Process reviewed with Board Healthcare Note – final-final comments to
Ray by next week
Applications Summary
Open solicitation for Project Leads– Financial Services Note and Government Note
Open solicitation for contributors to case studies
Timeline: submissions by mid-late January to leave enough review time before March meeting
Next Steps
Complete evaluation forms! Don’t wait until next meeting to progress work items Keep PKI Forum objectives in mind and identify
actions to advance Member surveys will be sent out through mailing list
in early January Next Meeting March 13-15 in California
– Bay area venue to be set and announced early January – Agenda to be published the end of January
Website overhaul and improved information availability