4 messages in org.oasis-open.lists.ekmi-implementationRe: [ekmi] Groups - EKMI Implementati...| From | Sent On | Attachments |
|---|---|---|
| arsh...@strongauth.com | Feb 27, 2007 4:25 pm | |
| Tomas Gustavsson | Mar 13, 2007 10:50 am | |
| Arshad Noor | Mar 14, 2007 3:08 pm | |
| Tomas Gustavsson | Mar 15, 2007 12:06 am |
| Subject: | Re: [ekmi] Groups - EKMI Implementation and Operations Guidelines(ODT) | |
|---|---|---|
| From: | Tomas Gustavsson (tom...@primekey.se) | |
| Date: | Mar 15, 2007 12:06:55 am | |
| List: | org.oasis-open.lists.ekmi-implementation | |
Arshad Noor skrev:
I don't see why SKMS cannot precede PKI in the Implementation Guide document; they will both be equivalent players in an EKMI, so discussing either first, would be appropriate.
I just though about the people that only have the energy to browse through the first part of the document :)
WRT the directory, Tomas, most PKIs that I've been involved with in the past have required publishing certificates to Active Directory or some other form of LDAP - although the last 2 we deployed did not require that. Technically, there is no requirement for it unless the business required it; but if the business did require it, it would be good to discuss it in the guidelines document. Perhaps we should move it to an Appendix as an optional component of a PKI. Any other thoughts on this from others?
My feeling is that we should limit the description to the EKMI domain. If it's not a requirement for EKMI it's out. If it's a technical requirement for some PKI implementation, then it should be regarded as an implementation issue. I don't see the EKMI ever making use of the directory as a directory service, does naybode else see that?
P.S. I need to study XKMS a little bit before I can say speak intelligently on the subject, since I have not delved into XKMS too deeply. Other than the W3C site with the specification, are there any other documents/presentations that you'd recommend to us for our reading list? Thanks Tomas.
No unforturnately not. I did not do the XKMS implementation in EJBCA myself, so I have only heard it from another source. He says that XKMS is used/suitable for client enrollment anyhow.
Cheers, Tomas