Hi everybody,
Happy new year! (OK, now that the pleasantries are over.... :-))
I'm trying to get a sense for how to plan 2009 activities for the
EKMI TC. It would help me to understand IDtrust SC's goals and
budgets for this year, so we can align ourselves.
We're on the verge of voting to create the SKSML Committee
Specification (as soon as Mary McRae sends out the ballot) and
will be starting new work in the TC. Some of the things we have
on our plate:
1) Creating a mobile-SKSML profile. PayPal is specially interested
in this and Upendra Mardikar has written up a proposal to create
a sub-committee. As soon as he sends it out, we will vote on it.
Goal is to put out the profile in 2009.
2) Pick up work (that we shelved in 2006) on the EKMI Implementation,
Operations and Audit Guidelines.
3) Start discussions with IETF KEYPROV to see if there are ways to
work together. They want to talk about using a common symmetric
key-container in both protocols. Remains to be seen if this is
feasible, given our different goals for what the keys will be
used for.
4) Start working on the corporate members of EKMI to provide support
letters/emails for SKSML so that it can get to a standards vote.
(We currently have many "sponsor" members on the TC - but only 3
are "visible": CA, Red Hat and US DOD. The others (Microsoft,
Oracle, Wells Fargo, Symantec, RSA, BoozAllen, Mitre, etc.) are
all Observers.
I don't know enough about OASIS to know if Observers can provide
support-emails, but without 3 of these e-mails, we can't get to
a standards vote. Any help that the SC can provide in getting
these three letters would help get SKSML to a standards vote.)
5) We've contracted with a developer to create the EKMI Flash-demo;
this will use $3.5K of the $5.0K we had in 2008. About half-dozen
TC members plan to be at RSA in SFO in spring. I would like to
rent a room for 1/2 day and provide lunch for the attending TC
members from the remainder of the budget. Assuming the room (in
some hotel) is about $300 and lunch for 6 people is about $200,
I estimate about $500 for this.
6) We would like to build on the introductory Flash-demo that we
should have before RSA, and add a segment on SKSML for software
developers. This might come to an another $3-4K.
7) The IEEE has taken the lead in creating a Key Management Symposium
in 2008. It was only logical that they could pull it off - about
75% of the attendees were IEEE members. However, OASIS got a lot
of visibility there because of two presentations I gave. There
were about 3-4 OASIS attendees to the conference.
There will be another KMS in summer 2009; EKMI TC might want to
consider sponsoring part of it: potential cost: $1-2K (last year
was $1K for logo on web-site and mention in the opening remarks).
I would appreciate knowing how IDtrust sees 2009 shaping up and its
goals/budgets, so we can scope the work of the EKMI TC. While we
have lost 2-3 individual members, I am anticipating new ones to join
in 2009. Let me know if you need any more information.
Thanks.
Arshad