<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-2022-jp">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6389.0">
<TITLE>RE: [cgl_discussion] about the requirement for PKI CA Support</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<BR>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Julie</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">,</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Oh! I do notice the keyword</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">s</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"></FONT></SPAN><SPAN LANG="en-us"> <FONT SIZE=2 FACE="Courier New">"</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">authentication and authorization</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">"</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"></FONT></SPAN><SPAN LANG="en-us"> <FONT SIZE=2 FACE="Courier New">in its TODO list</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">. But you may omit</FONT></SPAN><SPAN LANG="en-us"> <FONT SIZE=2 FACE="Courier New">the</FONT></SPAN><SPAN LANG="en-us"> <FONT SIZE=2 FACE="Courier New">topic under which these keywords</FONT><FONT SIZE=2 FACE="Courier New"> la</FONT><FONT SIZE=2 FACE="Courier New">y</FONT><FONT SIZE=2 FACE="Courier New">.</FONT>!
</SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> The</FONT></SPAN><SPAN LANG="en-us"> <FONT SIZE=2 FACE="Courier New">following</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"></FONT> <FONT SIZE=2 FACE="Courier New">is copied from its TODO list</FONT><FONT SIZE=2 FACE="Courier New">:</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">- central interface for accesscontrol and sessionmanagement</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - filter/pass design like for firewalls or compilers</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - connection</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - IP area</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - SSL acti</FONT><FONT SIZE=2 FACE="Courier New">vated</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - symmetric cipher</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - asymmetric cipher</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - user certificate</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - authentication</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - login</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - login/passphrase</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - ssl user certificate based</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - signature based</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - session</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> </FONT> <FONT SIZE=2 FACE="Courier New"> - cookies</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - session IDs</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - authorization</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - per interface</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - per script (and role)</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - per functionality (and role)</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - role based</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - user based</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - write an own independent log</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - connection</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - login</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - session parameters</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - athorization result and used rule(s)</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - request data</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> - script</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"></FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">The topic</FONT> <FONT SIZE=2 FACE="Courier New">is</FONT> <FONT SIZE=2 FACE="Courier New">"</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">central interface for accesscontrol and sessionmanagement</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">", which is concerned about</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#FF0000" SIZE=2 FACE="Courier New">the</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#FF0000" SIZE=2 FACE="Courier New">management of CA/RA servers</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#FF0000" SIZE=2 FACE="Courier New">, not about the functions of CA/RA</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">.</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> The purpose of this TODO entry is to provide a secure environment for the management of C</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">A/RA servers.!
</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">From my test experience, I think that openCA has implemented the features required by CGL 2.0</FONT></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">, because CGL2.0 requirement for CA is very basic.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">**These views are not necessarily those of my employer.**</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Thanks </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Forrest</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<BR>
<BR>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">-----Original Message-----<BR>
</FONT><FONT SIZE=2 FACE="Courier New">From:</FONT><FONT SIZE=2 FACE="Courier New"> Fleischer, Julie N<BR>
</FONT><FONT SIZE=2 FACE="Courier New">Sent:</FONT><FONT SIZE=2 FACE="Courier New"> 2003</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="宋体">年</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">6</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="宋体">月</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">20</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="宋体">日</FONT></SPAN><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> 23:46<BR>
</FONT><FONT SIZE=2 FACE="Courier New">To:</FONT><FONT SIZE=2 FACE="Courier New"> Zhao, Forrest; Makan Pourzandi (LMC); Paul Kierstead<BR>
</FONT><FONT SIZE=2 FACE="Courier New">Cc:</FONT><FONT SIZE=2 FACE="Courier New"> cgl_discussion@osdl.org<BR>
</FONT><FONT SIZE=2 FACE="Courier New">Subject:</FONT><FONT SIZE=2 FACE="Courier New"></FONT> <FONT SIZE=2 FACE="Courier New">RE: [cgl_discussion] about the requirement for PKI CA Support</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> Hi Makan Pourzandi and Paul Kierstead, </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> Your advices are very helpful to me. Thanks!</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> OpenCA(www.openca.org) is in the PoC of PKI CA, I have had an </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> initial test with it, can't openCA meet CGL2.0 requirement? </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> Why? For its performance?</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> Thanks for your comments!</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> Forrest</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Well, I think I confused Gap Analysis and Status for this one. I have now changed this to reflect the fact that if the project meets its goals, it should implement the requirement. However, it's status is still not</FONT> <FONT SIZE=2 FACE="Courier New">stable as I noticed in it's TODO list it appeared to have fundamental functionality missing (esp. with authentication and authorization).</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">However, I'm sure you have much more relevant data at this point if you have already been testing it, so let me know</FONT> <FONT SIZE=2 FACE="Courier New">what you think, and I'll update the spreadsheet to reflect your findings.</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">- Julie</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">**These views are not necessarily those of my employer.**</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">_______________________________________________</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">cgl_discussion mailing list</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">cgl_discussion@lists.osdl.org</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"><A HREF="http://l">http://l</A></FONT><FONT SIZE=2 FACE="Courier New">ists.osdl.org/mailman/listinfo/cgl_discussion</FONT></SPAN></P>
</BODY>
</HTML>