On Tue, Dec 16, 2003 at 06:17:26AM +0900, Masataka Ohta wrote:
Neal McBurnett wrote:
The term "PKI" is surely hyped and overloaded with meaning.
Can you clarify *YOUR* definition of PKI?
At our PKI workshops there have always been people from a wide variety
of perspectives. PKI is a buzzword which we use in lieu of something
more widely accepted as pertaining to the full range of public key
technologies, infrastructures, tools, objects, policies, policy
languages, etc. used for security decisions.
But as
many people are pointing out, the use of public key technology
supported by tools and infrastructures attuned to the needs of
user communities has its place, both now and in the future.
"tools AND infrastructures"?
I have been having a feeling that people who claims to be working
on PKI call tools to support public key technology PKI. But, you,
apparently, are not.
If someone tried to sell me tools and seriously claimed it was a
"PKI", I'd know they didn't understand what an infrastructure is.
But arguing about terminology rapidly leads to a black hole.
As has been seen recently in the case of DNS, the potential for
confusion often pops up when tools and infrastructure and policy
are mixed together in what we call middleware (to introduce another
buzzword - sigh).
To bring this closer to specifics and thus the engineering realm, one
area currently bearing fruit is federations: communities who can agree
on policies, data formats, tools, and definitions of other key issues
(heh - sic :-).
See FOO - Federating Organizations Organization
http://middleware.internet2.edu/foo/
Federations (like InCommon) need tools (like shibboleth):
http://incommon.internet2.edu/
http://shibboleth.internet2.edu/
The public key aspects are mostly below the surface.
This is all related to the Middleware Architecture Committee for
Education (MACE) work in directories, object classes, policy
languages, etc.
Neal McBurnett http://bcn.boulder.co.us/~neal/
Signed and/or sealed mail encouraged. GPG/PGP Keyid: 2C9EBA60