working group reports
DESCRIPTION
Working Group Reports. Meeting Wrap-up. March 2001. 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release” of PKI Forum Deliverables 1.5 days of working group sessions. Future Meetings. Next meeting in June - PowerPoint PPT PresentationTRANSCRIPT
Working Group Reports
Meeting Wrap-up
March 2001
• 120 meeting attendees• Day one – PKI Forum, Industry Analyst, PKI
Executives & End User• First “release” of PKI Forum Deliverables• 1.5 days of working group sessions
Future Meetings
• Next meeting in June– Contract in progress for Munich June 19-21
(thanks to Walter Fumy for helping with venue selection)
• September in Toronto?• Nov/Dec in Asia Pacific?• Please respond to survey – a shorter one will
be issued the working groups
Policy and Privacy Working Group Meeting Report
Research Information Project
Review existing PKI policy guidelines and certificate policies for inclusion on the Web Site. Establish links to the Australian comparative site.
Action: Recommend BOD support for Virtual follow-up
Research Information Project
Develop a framework (toolkit?) for planning policy and procedure development in support of PKI implementation. It is a tool to define process of implementing PKI and provide scoping to help PKI implementers in the development of their organization’s policy. This will also help organizations through the maze of documentation required for PKI. Possible components include:
• PKI Policy Questionnaire• Selected PKI Policies and Documents• PKI Policy Development Plan • Templates, Guidelines and Support Resources• Entities which must be engaged. Action: Interim meeting scheduled for April 27 in
Washington, DC.
Project – White Paper
Write a white paper describing how PKI, currently and in the future, can enable e-business beyond providing authentication and data integrity security services. The white paper will focus on three business areas: law enforcement, health care, and financial services. It will address privacy and data protection mandates in these sectors, as well as issues such as archive, business continuity, and off-line retention and management of business information. This will also serve as input to the Technical Working Groups on what business requires in order to make the emerging PKI confusion into a (hopefully) seamless and transparent experience for the end user.
Action: Business areas assigned and draft due for June meeting
Project – White Paper
Prepare a white paper examining the principal requirements of UETA and the U.S. E-sign bill as against the European qualified certificate and signature and other major international electronic signature laws and consider how to have applications systems that must operate with both, and must be able to detect their characteristics.
Action: Deferred
Project – White Paper
Write a white paper to understand, compare and differentiate audit requirements used by bodies such as AICPA, APEC, Australia's Gatekeeper, Italy's AIPA, Identrus, etc. Working with these bodies, the paper will identify where requirements are identical and where they differ and address the interoperability of audit requirements.
Action: Assigned, Arthur Andersen lead project
Best Practices Working Best Practices Working GroupGroup
SummarySummary
March 14, 2001March 14, 2001
San Jose, CASan Jose, CA
Best Practices BWG SummaryBest Practices BWG Summary
Wednesday, March 14• Define White Papers: (Create detailed list)
– Business Risk Assessment (Jeff for ideas)– Define Business & Tech Requirements– Decision: Acquisition vs Implementation– Follow the CA Trust Specification– Leverage past work within your community of interest for the
structure of the PKI (Identrus for FI, Federal Bridge & European Bridge for Gov’t, etc)
– Plans to move operationally from the Pilot to Production– Need: FAQ &Lessons Learned Database– May structure other future items
Best Practices BWG SummaryBest Practices BWG Summary
Wednesday, March 14
• Business Risk Assessment– Business needs analysis must be completed
first– List of questions and process for determining
the need for PKI.
Best Practices BWG SummaryBest Practices BWG Summary
• Elements of a Needs Analysis– How are your employees authenticated from home?– How do customers access information?– What information do you want to make available?– What is the value of this information?– What initiatives are impacting your business? What are the
three top issues? When will they impact your business?– What are the human bottlenecks for transaction processing,
such as travel, purchasing, information accuracy, order processing, and application approval & acceptance?
– Are fraud and erroneous processing an issue? If so, where and how do they occur?
– Are you concerned with controlling and managing access to your corporate information?
Best Practices BWG SummaryBest Practices BWG Summary
• Elements of a Needs Analysis– What is the impact of a security breech to your
credibility, IP, and corporate assets?– List of drives for PKI over the next 2 years:
• Financials: GBL (Grahem Leitch-Biley• Children: COPA• Safeharbour: EU Directive• Bill C-6 in Canada• EUTA: • ACES:• PDD 63: Critical Infrastructure protection
Best Practices BWG SummaryBest Practices BWG Summary
• Elements of a Needs Analysis– PKI Sweet Spot:
• Authentication• Authorization• Integrity• Confidentiality• Non-repudiation• Accountability
Best Practices BWG Summary
• Other Tools: eg PMI, Username/password, encryption, CHAP
• Authentication: • Authorization:• Integrity• Confidentiality• Non-repudiation• Accountability
• What is the cost benefit of trading existing tools with PKI
Best Practices BWG SummaryBest Practices BWG Summary
Wednesday, March 14• AICPA:
– US & Canada adopted– 15 other countries in evaluation mode– Leads to the final ISO standard TC68/2/8– Motion for the BPWG to endorse both the AICPA/CICA
audit standard and ANSI X9.79 as tools for achieving best practices. We also expect to endorse the final ISO version of this standard.
– Endorsements from: DST, Verisign, Identrus, Microsoft?– How do we create momentum from the industry and
customers? Marketing WG to leverage, lobby & educate
Results of BWG - Applications
• Formulation of Templates for the following deliverables
• Applications Overview• Things to Consider Overview • Case Studies – Lessons Learned, Business Case
• Call for participants (email sign-up)• June meeting: Overviews ready, One Case Study
Education & Marketing WG
San Jose March 2001
Mission Statement
The Marketing & Education Work Group’s mission is to create and disseminate informational pieces that help promote the understanding and value of PKI from both a business and technical perspective.
Logistics
• Obtain BWG alias for Ed & Mktg• ConCalls every second Wed of each month at
8:00 am Pacific Time (works for AP, Europe, North America) agenda will be emailed 1 week prior
• Next Face to Face at RSA Conference. Meeting place TBD/ concall at the usual time 8:00, April 11th.
Project Update: PKI Tutorial
• “How PKI Addresses e-Business Risks”– Reviewed and signed off– Will go to Virtual Inc for production
Project Update : PKI Technical Tutorial
– Walter Project Lead– Coauthors: Bill Franklin & Nancy Bianco, Michele Rubenstein – Outline draft circulated– 1 Doc draft targeted for April 11, 2001– Draft of the outline 3/15– Submit to inerall email out to group today -Bryta– Comments on Outline back March 20, 2001– Decent 1st draft: April 11th (meeting date)
.Project Update: Security in E-Business
• Bill Garvin: Project Lead• Coauthors : Mike Jeffries, Dan Morrison, Bill Franklin• Target audience: Business Managers• Out line Draft for comment by :March 15, 2001• Comments due by: March 2, 2001• 1st Doc Draft: April 5, 2001
New Project: PKI Buyer’s Guide Tutorial
– Project Leader: Leo Pluswick– Project Plan
• Comments on initial material due - April 15, 2001
• Consolidate comments/content - April 30, 2001• TWG & BWG Review - May 4, 2001• Publish July 12, 2001
New Project: PKI note on Biometrics
• Project Leaders - Jeff Stapleton & Bill Franklin– 2nd draft date: March 15th, 2001
Wrap
• Questions?• Thank You!
March 2001 – San Jose