OATI webCARES Security Officer,

For those Security Officers whose Companies do not use or access the JTSIN
OASIS Systems, please disregard this e-mail.

As of today, the majority of JTSIN OASIS Administrators across North America
have decided to accept OATI digital certificates.  The following is a
summary of JTSIN Nodes and their decisions regarding OATI digital
certificates:

JTSIN OASIS Node	Accepting OATI Certificates?	
ECAR OASIS	No	
EES OASIS	Still deciding	
MAIN OASIS	Testing w/ OATI Certs, decide soon	
MAPP OASIS	Yes	
MISO OASIS	Yes	
NEPOOL OASIS	Yes	
New Brunswick OASIS (not JTSIN, but requires certs)	Yes	
Northwest OASIS	No	
Rocky Mountain OASIS	Yes	
SWPP OASIS	Yes	
VACAR OASIS	Yes	

Many OATI digital certificate users have contacted OATI regarding the
process for registering their OATI digital certificate in JTSIN Nodes that
will accept OATI certificates.  At this time, I have been told the following
by some entities familiar with the new JTSIN software: There will be a user
interface in the JTSIN software that will allow the Security Officer from a
Company to access the JTSIN system for the purpose of linking the new
digital certificates to the Company's Users in the JTSIN System.  Therefore,
the JTSIN Node Administrators will need to know who the Security Officer or
Officers are from each Company.  Please contact the appropriate JTSIN Node
Administrator(s) to find out more about this process (and verify that this
is the actual process) and when this interface will be available at each
JTSIN Node.

An efficient method for informing JTSIN Node Administrators who your
Company's Security Officers are is to make your Company's public certificate
data available through the OATI LDAP or CSV file dump interfaces (please see
the attachment more information about this feature).  Due to questions and
concerns raised by many of our Security Officers about this process, neither
the LDAP interface or the CSV file dump are accessible to the public.
Access to this data will only be made available to known third-parties in
the industry that have a need to access this data, such as JTSIN OASIS Node
Administrators.

For those Companies that access the NEPOOL JTSIN OASIS Nodes, please choose
to make your Company's certificate data available through the CSV file dump
and LDAP interface as the Node Administrator would like to begin testing the
CSV file dump for identifying Company Security Officers (certificate type
has now been added to this file dump).  For those Companies that do not want
to make this data available, then please communicate to the Node
Administrator who your OATI certificate Security Officer is through other
means.

Finally, OATI will continue to talk with the remaining JTSIN nodes that are
still deciding which certificates to accept as well as those who have
initially said they will not accept OATI certificates.  OATI also urges all
Companies that access those JTSIN Nodes and want to use their OATI
certificates to contact the OASIS Administrators and provide your input on
this subject. 

If anyone has any questions or would like more information about the
subjects covered in this e-mail, please feel free to contact me. 

Thank you,
Ben Porath
Open Access Technology, Intl.
(763) 553-2725
ben.porath@oatiinc.com

CONFIDENTIAL INFORMATION:  This email and any attachment(s) contain
confidential and/or proprietary information of Open Access Technology
International, Inc.  Do not copy or distribute without the prior written
consent of OATI.  If you are not a named recipient to the message, please
notify the sender immediately and do not retain the message in any form,
printed or electronic.

 <<OATI Certificates for use in the JTSIN OASIS Nodes - Security Officer
Action>> 



--------- Inline attachment follows ---------

From:  <Ben.Porath@oatiinc.com>
To: Ben Porath <Ben.Porath@oatiinc.com>
Date: Thursday, May 16, 2002 10:52:39 GMT
Subject: 


> OATI webCARES Security Officer,
> 
> As many of you already know, the JTSIN OASIS Systems will begin using
> X.509 Digital Certificates very soon.  In order to allow the JTSIN OASIS
> Administrators to efficiently link a customer's OATI Digital Certificate
> to their JTSIN OASIS user account, OATI has implemented infrastructure
> that will allow JTSIN OASIS Administrators to programmatically access
> webCARES Digital Certificate public key information.  The Digital
> Certificate public key information is made public in two formats: through
> the use of LDAP technology and as a CSV hourly file dump (these interfaces
> will only be made available to known third-parties in the industry that
> require this data, such as JTSIN Node Administrators).  
> 
> However, due to input from our customers, each Company has to
> affirmatively choose to make their Company's public certificate data
> available through the LDAP interface and CSV dump.  OATI has specific
> customer's whose security policies and procedures require that this data
> not be made available to the public.  Therefore, each Company's Security
> Officer has the ability to make this data publicly available.  To make
> your Company's data publicly available, login to the webCARES System, then
> under Options, click on User Settings.  In the User Settings interface,
> you can check the box to "Make Certificate Data Public" then click on
> Submit to accept the change.  For all Company's, the default setting is to
> make the data non-public.
> 
> When a Company choose to make this data available, the following
> Certificate information is available: Certificate Common Name, E-Mail
> address on Certificate, Certificate Status, Certificate Serial Number,
> Certificate Subject, and the Certificate Content in text format (base 64).
> For those Companies that do not want to make this data available but would
> like to send the information to a particular third-party, such as a JTSIN
> OASIS Administrator, the Security Officer can use the webCARES Certificate
> Report feature (available by the end of the week).  The Certificate Report
> feature allows the information listed above to be e-mailed to a designated
> e-mail address that is entered by the Security Officer.  The Certificate
> Report feature can be found under the Certificate Management page within
> webCARES.  The report is generated for all certificates the Security
> Officer displays on the Certificate Management screen.  The Certificate
> Management screen can be configured to display up to 200 Certificates
> simultaneously.
> 
> If your Company chooses to make its Certificate data public, please make
> the change in webCARES soon.  OATI would like to announce this new feature
> to the JTSIN OASIS Administrators shortly so they can begin testing with
> the data.
> 
> Finally, the JTSIN OASIS Administrators are making their final decisions
> on what vendor's Certificates to accept.  To make sure your Company's
> input is heard, please contact the JTSIN OASIS Administrators for the
> nodes that your Company does business with to let them know that your
> Company would like them to accept OATI's Digital Certificates.
> 
> If anyone has any questions about this new webCARES feature or the
> implications of this change, please feel free to contact me for more
> information. 
> 
> Thank you,
> Ben Porath
> Open Access Technology, Intl.
> (763) 553-2725
> ben.porath@oatiinc.com
> 
> CONFIDENTIAL INFORMATION:  This email and any attachment(s) contain
> confidential and/or proprietary information of Open Access Technology
> International, Inc.  Do not copy or distribute without the prior written
> consent of OATI.  If you are not a named recipient to the message, please
> notify the sender immediately and do not retain the message in any form,
> printed or electronic.
>