1 / 28

Working Group Reports

Working Group Reports. Meeting Wrap-up. March 2001. 120 meeting attendees Day one – PKI Forum, Industry Analyst, PKI Executives & End User First “release” of PKI Forum Deliverables 1.5 days of working group sessions. Future Meetings. Next meeting in June

havard
Download Presentation

Working Group Reports

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Working Group Reports Meeting Wrap-up

  2. March 2001 • 120 meeting attendees • Day one – PKI Forum, Industry Analyst, PKI Executives & End User • First “release” of PKI Forum Deliverables • 1.5 days of working group sessions

  3. Future Meetings • Next meeting in June • Contract in progress for Munich June 19-21 (thanks to Walter Fumy for helping with venue selection) • September in Toronto? • Nov/Dec in Asia Pacific? • Please respond to survey – a shorter one will be issued the working groups

  4. Policy and Privacy Working Group Meeting Report

  5. Research Information Project Review existing PKI policy guidelines and certificate policies for inclusion on the Web Site. Establish links to the Australian comparative site. Action: Recommend BOD support for Virtual follow-up

  6. Research Information Project Develop a framework (toolkit?) for planning policy and procedure development in support of PKI implementation. It is a tool to define process of implementing PKI and provide scoping to help PKI implementers in the development of their organization’s policy. This will also help organizations through the maze of documentation required for PKI. Possible components include: • PKI Policy Questionnaire • Selected PKI Policies and Documents • PKI Policy Development Plan • Templates, Guidelines and Support Resources • Entities which must be engaged. Action: Interim meeting scheduled for April 27 in Washington, DC.

  7. Project – White Paper Write a white paper describing how PKI, currently and in the future, can enable e-business beyond providing authentication and data integrity security services. The white paper will focus on three business areas: law enforcement, health care, and financial services. It will address privacy and data protection mandates in these sectors, as well as issues such as archive, business continuity, and off-line retention and management of business information. This will also serve as input to the Technical Working Groups on what business requires in order to make the emerging PKI confusion into a (hopefully) seamless and transparent experience for the end user. Action: Business areas assigned and draft due for June meeting

  8. Project – White Paper Prepare a white paper examining the principal requirements of UETA and the U.S. E-sign bill as against the European qualified certificate and signature and other major international electronic signature laws and consider how to have applications systems that must operate with both, and must be able to detect their characteristics. Action: Deferred

  9. Project – White Paper Write a white paper to understand, compare and differentiate audit requirements used by bodies such as AICPA, APEC, Australia's Gatekeeper, Italy's AIPA, Identrus, etc. Working with these bodies, the paper will identify where requirements are identical and where they differ and address the interoperability of audit requirements. Action: Assigned, Arthur Andersen lead project

  10. Best Practices Working GroupSummary March 14, 2001 San Jose, CA

  11. Best Practices BWG Summary Wednesday, March 14 • Define White Papers: (Create detailed list) • Business Risk Assessment (Jeff for ideas) • Define Business & Tech Requirements • Decision: Acquisition vs Implementation • Follow the CA Trust Specification • Leverage past work within your community of interest for the structure of the PKI (Identrus for FI, Federal Bridge & European Bridge for Gov’t, etc) • Plans to move operationally from the Pilot to Production • Need: FAQ &Lessons Learned Database • May structure other future items

  12. Best Practices BWG Summary Wednesday, March 14 • Business Risk Assessment • Business needs analysis must be completed first • List of questions and process for determining the need for PKI.

  13. Best Practices BWG Summary • Elements of a Needs Analysis • How are your employees authenticated from home? • How do customers access information? • What information do you want to make available? • What is the value of this information? • What initiatives are impacting your business? What are the three top issues? When will they impact your business? • What are the human bottlenecks for transaction processing, such as travel, purchasing, information accuracy, order processing, and application approval & acceptance? • Are fraud and erroneous processing an issue? If so, where and how do they occur? • Are you concerned with controlling and managing access to your corporate information?

  14. Best Practices BWG Summary • Elements of a Needs Analysis • What is the impact of a security breech to your credibility, IP, and corporate assets? • List of drives for PKI over the next 2 years: • Financials: GBL (Grahem Leitch-Biley • Children: COPA • Safeharbour: EU Directive • Bill C-6 in Canada • EUTA: • ACES: • PDD 63: Critical Infrastructure protection

  15. Best Practices BWG Summary • Elements of a Needs Analysis • PKI Sweet Spot: • Authentication • Authorization • Integrity • Confidentiality • Non-repudiation • Accountability

  16. Best Practices BWG Summary • Other Tools: eg PMI, Username/password, encryption, CHAP • Authentication: • Authorization: • Integrity • Confidentiality • Non-repudiation • Accountability • What is the cost benefit of trading existing tools with PKI

  17. Best Practices BWG Summary Wednesday, March 14 • AICPA: • US & Canada adopted • 15 other countries in evaluation mode • Leads to the final ISO standard TC68/2/8 • Motion for the BPWG to endorse both the AICPA/CICA audit standard and ANSI X9.79 as tools for achieving best practices. We also expect to endorse the final ISO version of this standard. • Endorsements from: DST, Verisign, Identrus, Microsoft? • How do we create momentum from the industry and customers? Marketing WG to leverage, lobby & educate

  18. Results of BWG - Applications • Formulation of Templates for the following deliverables • Applications Overview • Things to Consider Overview • Case Studies – Lessons Learned, Business Case • Call for participants (email sign-up) • June meeting: Overviews ready, One Case Study

  19. Education & Marketing WGSan Jose March 2001

  20. Mission Statement The Marketing & Education Work Group’s mission is to create and disseminate informational pieces that help promote the understanding and value of PKI from both a business and technical perspective.

  21. Logistics • Obtain BWG alias for Ed & Mktg • ConCalls every second Wed of each month at 8:00 am Pacific Time (works for AP, Europe, North America) agenda will be emailed 1 week prior • Next Face to Face at RSA Conference. Meeting place TBD/ concall at the usual time 8:00, April 11th.

  22. Project Update: PKI Tutorial • “How PKI Addresses e-Business Risks” • Reviewed and signed off • Will go to Virtual Inc for production

  23. Project Update : PKI Technical Tutorial • Walter Project Lead • Coauthors: Bill Franklin & Nancy Bianco, Michele Rubenstein • Outline draft circulated • 1 Doc draft targeted for April 11, 2001 • Draft of the outline 3/15 • Submit to inerall email out to group today -Bryta • Comments on Outline back March 20, 2001 • Decent 1st draft: April 11th (meeting date)

  24. .Project Update: Security in E-Business • Bill Garvin: Project Lead • Coauthors : Mike Jeffries, Dan Morrison, Bill Franklin • Target audience: Business Managers • Out line Draft for comment by :March 15, 2001 • Comments due by: March 2, 2001 • 1st Doc Draft: April 5, 2001

  25. New Project: PKI Buyer’s Guide Tutorial • Project Leader: Leo Pluswick • Project Plan • Comments on initial material due - April 15, 2001 • Consolidate comments/content - April 30, 2001 • TWG & BWG Review - May 4, 2001 • Publish July 12, 2001

  26. New Project: PKI note on Biometrics • Project Leaders - Jeff Stapleton & Bill Franklin • 2nd draft date: March 15th, 2001

  27. Wrap • Questions? • Thank You!

  28. March 2001 – San Jose

More Related