Message-ID: <9986098.1075840475448.JavaMail.evans@thyme> Date: Fri, 17 May 2002 10:35:05 -0700 (PDT) From: ben.porath@oatiinc.com To: ben.porath@oatiinc.com Subject: JTSIN OASIS Nodes and OATI Certificates Update Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: Ben Porath X-To: Ben Porath X-cc: X-bcc: X-Folder: \ExMerge - Gang, Lisa\Deleted Items X-Origin: GANG-L X-FileName: lisa gang 6-25-02.pst OATI webCARES Security Officer, For those Security Officers whose Companies do not use or access the JTSIN OASIS Systems, please disregard this e-mail. As of today, the majority of JTSIN OASIS Administrators across North America have decided to accept OATI digital certificates. The following is a summary of JTSIN Nodes and their decisions regarding OATI digital certificates: JTSIN OASIS Node Accepting OATI Certificates? ECAR OASIS No EES OASIS Still deciding MAIN OASIS Testing w/ OATI Certs, decide soon MAPP OASIS Yes MISO OASIS Yes NEPOOL OASIS Yes New Brunswick OASIS (not JTSIN, but requires certs) Yes Northwest OASIS No Rocky Mountain OASIS Yes SWPP OASIS Yes VACAR OASIS Yes Many OATI digital certificate users have contacted OATI regarding the process for registering their OATI digital certificate in JTSIN Nodes that will accept OATI certificates. At this time, I have been told the following by some entities familiar with the new JTSIN software: There will be a user interface in the JTSIN software that will allow the Security Officer from a Company to access the JTSIN system for the purpose of linking the new digital certificates to the Company's Users in the JTSIN System. Therefore, the JTSIN Node Administrators will need to know who the Security Officer or Officers are from each Company. Please contact the appropriate JTSIN Node Administrator(s) to find out more about this process (and verify that this is the actual process) and when this interface will be available at each JTSIN Node. An efficient method for informing JTSIN Node Administrators who your Company's Security Officers are is to make your Company's public certificate data available through the OATI LDAP or CSV file dump interfaces (please see the attachment more information about this feature). Due to questions and concerns raised by many of our Security Officers about this process, neither the LDAP interface or the CSV file dump are accessible to the public. Access to this data will only be made available to known third-parties in the industry that have a need to access this data, such as JTSIN OASIS Node Administrators. For those Companies that access the NEPOOL JTSIN OASIS Nodes, please choose to make your Company's certificate data available through the CSV file dump and LDAP interface as the Node Administrator would like to begin testing the CSV file dump for identifying Company Security Officers (certificate type has now been added to this file dump). For those Companies that do not want to make this data available, then please communicate to the Node Administrator who your OATI certificate Security Officer is through other means. Finally, OATI will continue to talk with the remaining JTSIN nodes that are still deciding which certificates to accept as well as those who have initially said they will not accept OATI certificates. OATI also urges all Companies that access those JTSIN Nodes and want to use their OATI certificates to contact the OASIS Administrators and provide your input on this subject. If anyone has any questions or would like more information about the subjects covered in this e-mail, please feel free to contact me. Thank you, Ben Porath Open Access Technology, Intl. (763) 553-2725 ben.porath@oatiinc.com CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic. <> --------- Inline attachment follows --------- From: To: Ben Porath Date: Thursday, May 16, 2002 10:52:39 GMT Subject: > OATI webCARES Security Officer, > > As many of you already know, the JTSIN OASIS Systems will begin using > X.509 Digital Certificates very soon. In order to allow the JTSIN OASIS > Administrators to efficiently link a customer's OATI Digital Certificate > to their JTSIN OASIS user account, OATI has implemented infrastructure > that will allow JTSIN OASIS Administrators to programmatically access > webCARES Digital Certificate public key information. The Digital > Certificate public key information is made public in two formats: through > the use of LDAP technology and as a CSV hourly file dump (these interfaces > will only be made available to known third-parties in the industry that > require this data, such as JTSIN Node Administrators). > > However, due to input from our customers, each Company has to > affirmatively choose to make their Company's public certificate data > available through the LDAP interface and CSV dump. OATI has specific > customer's whose security policies and procedures require that this data > not be made available to the public. Therefore, each Company's Security > Officer has the ability to make this data publicly available. To make > your Company's data publicly available, login to the webCARES System, then > under Options, click on User Settings. In the User Settings interface, > you can check the box to "Make Certificate Data Public" then click on > Submit to accept the change. For all Company's, the default setting is to > make the data non-public. > > When a Company choose to make this data available, the following > Certificate information is available: Certificate Common Name, E-Mail > address on Certificate, Certificate Status, Certificate Serial Number, > Certificate Subject, and the Certificate Content in text format (base 64). > For those Companies that do not want to make this data available but would > like to send the information to a particular third-party, such as a JTSIN > OASIS Administrator, the Security Officer can use the webCARES Certificate > Report feature (available by the end of the week). The Certificate Report > feature allows the information listed above to be e-mailed to a designated > e-mail address that is entered by the Security Officer. The Certificate > Report feature can be found under the Certificate Management page within > webCARES. The report is generated for all certificates the Security > Officer displays on the Certificate Management screen. The Certificate > Management screen can be configured to display up to 200 Certificates > simultaneously. > > If your Company chooses to make its Certificate data public, please make > the change in webCARES soon. OATI would like to announce this new feature > to the JTSIN OASIS Administrators shortly so they can begin testing with > the data. > > Finally, the JTSIN OASIS Administrators are making their final decisions > on what vendor's Certificates to accept. To make sure your Company's > input is heard, please contact the JTSIN OASIS Administrators for the > nodes that your Company does business with to let them know that your > Company would like them to accept OATI's Digital Certificates. > > If anyone has any questions about this new webCARES feature or the > implications of this change, please feel free to contact me for more > information. > > Thank you, > Ben Porath > Open Access Technology, Intl. > (763) 553-2725 > ben.porath@oatiinc.com > > CONFIDENTIAL INFORMATION: This email and any attachment(s) contain > confidential and/or proprietary information of Open Access Technology > International, Inc. Do not copy or distribute without the prior written > consent of OATI. If you are not a named recipient to the message, please > notify the sender immediately and do not retain the message in any form, > printed or electronic. >