[Top] [All Lists]

National Strategy for Trusted Identities in Cyberspace

2011-01-10 10:51:02
Friday, the White House blog announced the creation of 

"A National Program Office for Enhancing Online Trust and Privacy"

This activity will be based on the National Strategy for
Trusted Identities in Cyberspace, which is available in draft form

There was a comment period, which is now closed (and the comments have now been 
taken down)

The draft action items include

Action 2:
Develop a Shared, Comprehensive Public/Private Sector Implementation Plan

Action 4:
Work Among the Public/Private Sectors to Implement Enhanced Privacy

Action 5:
Coordinate the Development and Refinement of Risk Models and Interoperability

Standards that cover interoperability requirements, trustmark criteria, and 
accreditation will pave a path that supports choice across solutions, 
ultimately accelerating Identity Ecosystem adoption. All detailed actions 
associated with Identity Ecosystem standards will build on existing efforts 
undertaken by the Federal Government, trust framework providers, private 
sector, standards bodies, and international organizations.

Standards established within the Identity Ecosystem will require incorporation 
of privacy guidelines. They should also require, to the extent feasible, 
adoption of protocols that minimize the ability to link or aggregate 
transactions and transaction data across Identity Ecosystem participants and 
relying parties, while maintaining individual transaction history, integrity, 
and auditability.       Standards development, adoption, or enhancement will 
support autonomy and choice among Identity Ecosystem providers and flexibility 
within industry sectors, while facilitating cross-sector and international 


What is proposed is apparently something like an official version of the 
existing Certificate system, and apparently will involve technical standards 

This is an area where the IETF has some expertise, and also should have some 
concerns. I must admit that statements such as this

"The Governance Layer enables unaffiliated entities to trust each other’s 
digital identities. A Governance Authority will establish the criteria for 
assessing and certifying Accrediting Authorities, who in turn assess and 
certify service providers. In addition, the Governance Authority will control 
the rules for trustmarks that indicate the service provider’s standing as a 
participant within the Identity Ecosystem."

make me nervous. 

Has the IETF (presumably, the IAB) considered a response to this proposal ?  
Should it ?

Ietf mailing list

<Prev in Thread] Current Thread [Next in Thread>