|Steve Hanna||May 24, 2004 9:02 am||.bin|
|Subject:||Arshad's comments on the draft Ask Vendors survey|
|From:||Steve Hanna (Stev...@Sun.COM)|
|Date:||May 24, 2004 9:02:05 am|
bin00010.bin - 4k
Thanks, Arshad, for your comments. My responses are below.
Note that I have moved this discussion to the pki-askvendors mailing list because we're getting into wordsmithing. Arshad, your posts will probably bounce since you're not a member of the SC. I'll resend them to the list if you cc me.
Arshad Noor wrote:
1) While many of the vendors on this list probably understand the benefits of PKI-enabling their applications, it would be useful to include a paragraph - for Product Managers not too familiar with the benefits of PKI - why PKI-enabling their applications is good for their customers and their bottom-line. It appears to me, we're assuming the vendors already know these benefits and just need to tell us what's stopping them from supporting PKI;
The following paragraph from the draft survey was intended to demonstrate the benefits in terms appropriate to the audience (potential revenues, since the audience is product managers). Maybe we should include more discussion of business benefits: greater security, etc. We could add some text in this paragraph pointing out that the market is growing due to heightened concerns about security.
Why is this worth your valuable time? The market for PKI enabled applications is potentially quite large. The U.S. Department of Defense is now deploying PKI enabled smart cards to 4 million workers. Deployment at the FBI is under way and discussions have begun on extending the system throughout the U.S. government. In Europe, Asia, and around the world, PKI initiatives are under way and in some cases large and well established. Corporate adoption of PKI enabled smart cards is picking up with large companies like Johnson and Johnson and Sun Microsystems leading the way.
2) In question #1, we ask "what sort of PKI support do they include?"; might it not be useful to provide some examples, such as:
a) Digital Signatures b) Certificate-based authentication c) Encryption d) Other: (please explain) _______________________
Good idea. Will do.
3) In the E-Commerce vendors section, I propose we add the following vendors to the list to be queried:
a) Middleware vendors, such as IBM, Sun, Oracle, BEA, Tibco, Microsoft, CA, etc. b) Database vendors: IBM, Oracle, Microsoft, Sybase, MySQL, etc. c) Application vendors: Oracle, PeopleSoft, Siebel, Lawson, Microsoft, CA, etc. d) Operating System vendors: Microsoft, Sun, Red Hat, Novell, Apple, HP, IBM, etc. e) E-Commerce operators: Amazon, E-bay, Priceline, Orbitz, Salesforce, etc.
This survey is limited by design to the top three applications identified in last summer's surveys. Certainly, we could expand it beyond that. But I think we have our hands full already.
I realize that I'm working on defining the E-Commerce section as part of the Application Guidelines SC; however, since this SC is ready to go out with a questionnaire, I thought it might be useful to add to this list now, rather than wait for the E-commerce defintion before we get any answers from them.
I'd be glad to send to e-commerce vendors, but I think we need to agree on some sort of definition first so we can choose the vendors. Maybe you can put together a definition quickly. Once we reach agreement on that, we can get the e-commerce vendor list together and send out the survey. OK?