Message-ID: <21797986.1075840476524.JavaMail.evans@thyme> Date: Wed, 8 May 2002 12:59:27 -0700 (PDT) From: ben.porath@oatiinc.com To: ben.porath@oatiinc.com Subject: OATI Certificates for use in the JTSIN OASIS Nodes - Security Officer Action Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: Ben Porath X-To: Ben Porath X-cc: X-bcc: X-Folder: \ExMerge - Gang, Lisa\Deleted Items X-Origin: GANG-L X-FileName: lisa gang 6-25-02.pst OATI webCARES Security Officer, As many of you already know, the JTSIN OASIS Systems will begin using X.509 Digital Certificates very soon. In order to allow the JTSIN OASIS Administrators to efficiently link a customer's OATI Digital Certificate to their JTSIN OASIS user account, OATI has implemented infrastructure that will allow JTSIN OASIS Administrators to programmatically access webCARES Digital Certificate public key information. The Digital Certificate public key information is made public in two formats: through the use of LDAP technology and as a CSV hourly file dump accessible from the OATI Certificate Repository website (www.oaticerts.com/repository). However, due to input from our customers, each Company has to affirmatively choose to make their Company's public certificate data available through the LDAP interface and CSV dump. OATI has specific customer's whose security policies and procedures require that this data not be made available to the public. Therefore, each Company's Security Officer has the ability to make this data publicly available. To make your Company's data publicly available, login to the webCARES System, then under Options, click on User Settings. In the User Settings interface, you can check the box to "Make Certificate Data Public" then click on Submit to accept the change. For all Company's, the default setting is to make the data non-public. When a Company choose to make this data available to the public, the following Certificate information is available: Certificate Common Name, E-Mail address on Certificate, Certificate Status, Certificate Serial Number, Certificate Subject, and the Certificate Content in text format (base 64). For those Companies that do not want to make this data available to the public but would like to send the information to a particular third-party, such as a JTSIN OASIS Administrator, the Security Officer can use the webCARES Certificate Report feature (available by the end of the week). The Certificate Report feature allows the information listed above to be e-mailed to a designated e-mail address that is entered by the Security Officer. The Certificate Report feature can be found under the Certificate Management page within webCARES. The report is generated for all certificates the Security Officer displays on the Certificate Management screen. The Certificate Management screen can be configured to display up to 200 Certificates simultaneously. If your Company chooses to make its Certificate data public, please make the change in webCARES soon. OATI would like to announce this new feature to the JTSIN OASIS Administrators shortly so they can begin testing with the data. Finally, the JTSIN OASIS Administrators are making their final decisions on what vendor's Certificates to accept. To make sure your Company's input is heard, please contact the JTSIN OASIS Administrators for the nodes that your Company does business with to let them know that your Company would like them to accept OATI's Digital Certificates. If anyone has any questions about this new webCARES feature or the implications of this change, please feel free to contact me for more information. Thank you, Ben Porath Open Access Technology, Intl. (763) 553-2725 ben.porath@oatiinc.com CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic.