[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Attribute Certificate Policies Extension
Anders,
Let me assure you that attribute certificates are being used industry in
real products. The TimeCheck service offered by WetStone technologies is
one of them (http://www.wetstonetech.com/timecheck.html). In my view, it is
precisely this kind of change that will help to make attribute certificates
useful beyond the rather limited scope of access control where they have
admittedly had little commercial success.
Since this group's charter focuses on X.509, and ACs are part of that
standard, I disagree with your position that this topic is not worthy of
discussion here.
Christopher S. Francis
Director Programs and Services
WetStone Technologies, Inc.
Mangrove Bay Office Center
17755 US Hwy 19 North, Suite 150
Clearwater, FL 33764
vox: (727) 599-2390 x180
cell: (727) 642-8993
http://www.wetstonetech.com/
-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]On
Behalf Of Anders Rundgren
Sent: Saturday, October 26, 2002 2:59 AM
To: Denis Pinkas; pkix
Subject: Re: Attribute Certificate Policies Extension
Denis,
I have a long time questioned the value of X.509 ACs.
What systems and SW do you know that today supports such?
If explicit authorizations is ever going to be a major inter-organization
issue, it seems that authorizations will rather be transferred in various
types of XML-formatted messages (like SAML), and that for a number
of good reasons such as:
- XML Schemas allow exact and easy-to-differentiate authorization
profiles to be developed
- XML is an almost human-readable format
- XML is supported by free (or built-in) software and an abundance
of people who knows how to use it
- Practically all vendors of the required authorization management
SW are working with XML-based systems
This limits X.509 ACs to a few local systems of little general interest,
which makes me believe that the draft is redundant. As policies for
internal use is implicit, and typically only can be interpreted by
humans, it does not fill a need for local enterprise systems either.
As a more constructive input, I advice you to join some of the AC-
related OASIS-groups, who at least have a chance (albeit slim), to
get their work accepted by the industry.
As indicated by others, it is maybe a good idea, to from time to time,
perform polls concerning new and existing PKIX-drafts' commercial
potential, instead of wasting energy on resurrecting a dead horse.
Just my 0.002 EUR
Anders
----- Original Message -----
From: "Denis Pinkas" <Denis.Pinkas@xxxxxxxx>
To: "pkix" <ietf-pkix@xxxxxxx>
Sent: Friday, October 25, 2002 15:23
Subject: Attribute Certificate Policies Extension
A new version of the draft on Attribute Certificate Policies Extension has
been posted. It is available at :
http://www.ietf.org/internet-drafts/draft-ietf-pkix-acpolicies-extn-01.txt
Whereas the previous draft was defining different extensions, the new draft
only covers a single extension allowing to designate the policy under which
an Atribute Certificate has been issued.
This extension is not applicable to Public Key Certificates.
Denis