Re: Accessing/selecting biometrics was: Stray Poll: Finger-printsin QCs

["David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>]

MISSI/Fortezza documentation is available, as always, from
http://www.armadillo.huntsville.al.us/Fortezza_docs/missi2.html

That includes the latest (12 May) versions of SDN.706: "X.509
Certificate and Certificate Revocation List Profiles and Certification
Path Processing Rules for MISSI" and SDN.801: "MISSI Access Control
Concept and Mechanisms".

I take mild exception to Peter's characterization that the
subjectDirectoryAttributes extension is somehow slanted toward MISSI's
use of the extension as a container for the "prbacInfo",
"sigOrKMPrivileges", and "commPrivileges" data structures.  Those data
structures are oriented toward a particular user community, but it is
silly to imply that the extension itself is anything other than
absolutely generic.

I agree with Steve that the place to define biometric interoperability
specifications is within a biometric interest group (open/closed
consortium or IETF BOF/WG), not within PKIX.  PKIX should provide a
container (sDA or hash+URL, neither of which are specific to biometric
data) but no more.

Dave Kemp



> From: Ed Gerck <egerck@nma.com>
> 
> Peter Williams wrote:
> 
> > May I ask a Booz-Allen or DoD party to post a URL here to the excellent
> > and current version of SDN706 before we sensibly discuss further
> > the use of labels and the authorization issue, re 
subjectDirectoryAttributes?
> 
> I second that. I can host a public copy, if needed.  This helps the 
interoperation
> goal.
> 
> Cheers,
> 
> Ed Gerck
>