|Shivangi Nadkarni||May 15, 2004 2:46 am|
|Steve Hanna||May 17, 2004 8:26 am|
|Shivangi Nadkarni||May 18, 2004 1:16 am|
|Steve Hanna||May 18, 2004 5:55 am||.bin|
|Steve Hanna||May 18, 2004 11:05 am||.bin|
|Steve Hanna||May 18, 2004 1:49 pm||.bin|
|Yu, Jiafu||May 18, 2004 2:25 pm|
|Steve Hanna||May 19, 2004 6:14 am||.bin|
|Subject:||Re: [pki-askvendors] Revised Ask Vendors survey|
|From:||Steve Hanna (Stev...@Sun.COM)|
|Date:||May 17, 2004 8:26:32 am|
Thanks for your comments, Shivangi. You have a lot of good ideas. Here are my thoughts in response.
Shivangi Nadkarni wrote:
Subject: PKI Support in Your Products
Please forward this email to the Product Manager for your ??? product or someone else who has insight into the process by which the feature set for this product is chosen.
[Shivangi] - Do we need to give a small intro here saying we are
writing to you from the OASIS PKI Technical Committee which is looking at ways and means of making PKI easy to use......etc....? Just to ensure that the person who receives this doesnt trash the mail, especially if he/she is not the concerned person to whom the survey is targetted.
Or is is that these folks have already been contacted so they dont need a repeat?
Good idea. I don't want to repeat all the text that appears later in the survey, but here's a brief intro paragraph that could go the text "Please forward this email ...". OK?
We, the OASIS PKI Technical Committee, are working to improve Public Key Infrastructure (PKI) and to remove obstacles to PKI deployment and usage. Since your company has a product relevant to PKI, we'd like to ask for a small amount of assistance.
Why is this worth your valuable time? The market for PKI enabled applications is potentially quite large. The U.S. Department of Defense is now deploying PKI enabled smart cards to 4 million workers. Deployment at the FBI is under way and discussions have begun on extending the system throughout the U.S. government. Corporate adoption of PKI enabled smart cards is picking up with large companies like Johnson and Johnson and Sun Microsystems leading the way.
[Shivangi] - At a global level also, much of Europe and Asia have PKI
initiatives and E-Signature legislations that directly or indirectly propagate PKI
(Sorry - cudnt resist adding a bit of "non-US" centric point in your note ;-))
Thanks for pointing this out. Maybe we should add a sentence after "U.S. government" saying "In Europe, Asia, and around the world, PKI initiatives are under way and in some cases large and well established."
[Shivangi] - Steve, is this survey targetted at those orgns who
already have PKI support built in for their products or for those who do not currently have support but are "candidates" for the same? If it is going to be answered by people who already have some level of support built in (thats the impression I got from the list of vendors u've circulated), then there shud be a few more questions for them like :
Some survey recipients already have PKI support in their products. Many do not. It is a mix.
-Are you happy with the PKI functionality/ features built into your product? If not, what specific areas would you like to enhance/ improve?
I like this question. Let's change question 1 to ask for a bit more information:
1) Does your company currently sell products with PKI support? If so, which products include PKI support and what sort of PKI support do they include?
And then add a new question after that:
2) Are you happy with your PKI support or lack thereof? If not, what changes would you like to make? Is there something in particular holding you back from making these changes? If so, what?
-Are the existing standards in PKI sufficient for building your applications? Did you feel constrained at any point in time by the lack of/ incompleteness of standards? -Did you have to take any decisions to do some amount of "proprietary implementation" to overcome lack of a standard specification? Would you like to share that with us?
These questions seem to be gathering more detail about problems with PKI-related standards. But we haven't yet determined whether standards are a serious problem for these companies. I want to understand what problems are holding them back before drilling down too much on one problem. Does that sound good to you?
These were some thoughts that came to my mind while going thru your mail. If I have any more bursts of inspiration, will let you know.
Thanks for these comments. Please let me know if you are comfortable with the changes I have suggested to address them. I will submit the revised survey to the PKI TC tomorrow so they can discuss it at the Wednesday PKI TC meeting.
Any ideas on the vendor list?