The objective was to review the status of the existing draft and decide how to proceed in order to complete the draft - gathering further inputs, etc. - to complete this document ready for formal review leading to approval for publication.
Eliot Solomon (SIAC)
Steve Jenkins (NASA Jet Propulsion Laboratory)
Steve Whitlock (Boeing)
Dean Richardson (Boeing)
Manabu Nishio (NTT Software)
Stefano Crosta (Eurecom, guest of Security Forum)
Craig Heath (Symbian)
Bob Blakley (IBM/Tivoli)
Ian Dobson (The Open Group, Security Forum)
Eliot felt this guide no longer has the value it had 6 months ago and suggested we re-evaluate what we want to achieve with the material that the present draft contains. Ian confirmed that since making the current draft available to the Directory Interoperability Forum and Messaging Forum, no comments or expressions of interest have been received from members. Nevertheless, Ian thought that nothing has happened to improve understanding of PKI technology and its surrounding security issues over the past 6 months, and from his understanding of the non-USA market - particularly Europe - there is still a significant need to explain to business Managers what they can expect from Public Key solutions, and to describe to them how they might use any existing PK software they may already have bought but are confused as to how to make use of.
Eliot thought we would be better advised to think in terms of writing a Managers Guide to IT Security for the Enterprise. SteveJ suggested we could target whatever guide we do produce in this space more along the lines of how the MGIS introduces the Public Key issues - Know Who's Who, etc.
Craig and SteveW proposed to review the existing draft more closely to input their feedback. Whatever our decision, this PKI guide will not receive attention from Eliot or SteveJ until they complete the final draft of the Privacy Guide for member review.
Review the purpose of this Guide, and prompt members to review the existing draft and return comments, to establish a decision on how to proceed - whether to continue in its original intent, whether to revise its intent towards IT Security for the Enterprise, or other.
In view of the question over whether this 2002 deliverable now has sufficient value to justify completing it, Ian will prompt all members (including in the DIF and Messaging Forums) to request they review the existing publicly available draft PKI Guide and return comments on what additional issues it might address and what further material it might include. In any event, resources to take it forward will not be available until December (after completion of the Privacy Guide) so even if we proceed, it will not now be delivered in 2002.