Paul,  Please work with the schedulers to ensure that we have done everything with this that is required.  I'm not convinced that we need to make our certificates public.  If someone feels otherwise, please let me know.

Thanks - MO

-----Original Message-----
From: Ben Porath [mailto:Ben.Porath@oatiinc.com]
Sent: Wednesday, May 08, 2002 2:59 PM
To: Ben Porath
Subject: OATI Certificates for use in the JTSIN OASIS Nodes - Security
Officer Action


OATI webCARES Security Officer,

As many of you already know, the JTSIN OASIS Systems will begin using X.509
Digital Certificates very soon.  In order to allow the JTSIN OASIS
Administrators to efficiently link a customer's OATI Digital Certificate to
their JTSIN OASIS user account, OATI has implemented infrastructure that
will allow JTSIN OASIS Administrators to programmatically access webCARES
Digital Certificate public key information.  The Digital Certificate public
key information is made public in two formats: through the use of LDAP
technology and as a CSV hourly file dump accessible from the OATI
Certificate Repository website (www.oaticerts.com/repository).

However, due to input from our customers, each Company has to affirmatively
choose to make their Company's public certificate data available through the
LDAP interface and CSV dump.  OATI has specific customer's whose security
policies and procedures require that this data not be made available to the
public.  Therefore, each Company's Security Officer has the ability to make
this data publicly available.  To make your Company's data publicly
available, login to the webCARES System, then under Options, click on User
Settings.  In the User Settings interface, you can check the box to "Make
Certificate Data Public" then click on Submit to accept the change.  For all
Company's, the default setting is to make the data non-public.

When a Company choose to make this data available to the public, the
following Certificate information is available: Certificate Common Name,
E-Mail address on Certificate, Certificate Status, Certificate Serial
Number, Certificate Subject, and the Certificate Content in text format
(base 64).  For those Companies that do not want to make this data available
to the public but would like to send the information to a particular
third-party, such as a JTSIN OASIS Administrator, the Security Officer can
use the webCARES Certificate Report feature (available by the end of the
week).  The Certificate Report feature allows the information listed above
to be e-mailed to a designated e-mail address that is entered by the
Security Officer.  The Certificate Report feature can be found under the
Certificate Management page within webCARES.  The report is generated for
all certificates the Security Officer displays on the Certificate Management
screen.  The Certificate Management screen can be configured to display up
to 200 Certificates simultaneously.

If your Company chooses to make its Certificate data public, please make the
change in webCARES soon.  OATI would like to announce this new feature to
the JTSIN OASIS Administrators shortly so they can begin testing with the
data.

Finally, the JTSIN OASIS Administrators are making their final decisions on
what vendor's Certificates to accept.  To make sure your Company's input is
heard, please contact the JTSIN OASIS Administrators for the nodes that your
Company does business with to let them know that your Company would like
them to accept OATI's Digital Certificates.

If anyone has any questions about this new webCARES feature or the
implications of this change, please feel free to contact me for more
information. 

Thank you,
Ben Porath
Open Access Technology, Intl.
(763) 553-2725
ben.porath@oatiinc.com

CONFIDENTIAL INFORMATION:  This email and any attachment(s) contain
confidential and/or proprietary information of Open Access Technology
International, Inc.  Do not copy or distribute without the prior written
consent of OATI.  If you are not a named recipient to the message, please
notify the sender immediately and do not retain the message in any form,
printed or electronic.