ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

National Strategy for Trusted Identities in Cyberspace

2011-01-10 10:51:02
from [Marshall Eubanks] [Permanent Link] 
Friday, the White House blog announced the creation of 

"A National Program Office for Enhancing Online Trust and Privacy"

http://www.whitehouse.gov/blog/2011/01/07/national-program-office-enhancing-online-trust-and-privacy

This activity will be based on the National Strategy for
Trusted Identities in Cyberspace, which is available in draft form

http://www.dhs.gov/xlibrary/assets/ns_tic.pdf

There was a comment period, which is now closed (and the comments have now been 
taken down)

http://www.msnbc.msn.com/id/37943900/

http://www.nstic.ideascale.com/

The draft action items include

Action 2:
Develop a Shared, Comprehensive Public/Private Sector Implementation Plan

Action 4:
Work Among the Public/Private Sectors to Implement Enhanced Privacy
Protections

Action 5:
Coordinate the Development and Refinement of Risk Models and Interoperability
Standards

Standards that cover interoperability requirements, trustmark criteria, and 
accreditation will pave a path that supports choice across solutions, 
ultimately accelerating Identity Ecosystem adoption. All detailed actions 
associated with Identity Ecosystem standards will build on existing efforts 
undertaken by the Federal Government, trust framework providers, private 
sector, standards bodies, and international organizations.

Standards established within the Identity Ecosystem will require incorporation 
of privacy guidelines. They should also require, to the extent feasible, 
adoption of protocols that minimize the ability to link or aggregate 
transactions and transaction data across Identity Ecosystem participants and 
relying parties, while maintaining individual transaction history, integrity, 
and auditability.       Standards development, adoption, or enhancement will 
support autonomy and choice among Identity Ecosystem providers and flexibility 
within industry sectors, while facilitating cross-sector and international 
interoperability.

 -----

What is proposed is apparently something like an official version of the 
existing Certificate system, and apparently will involve technical standards 
setting.

This is an area where the IETF has some expertise, and also should have some 
concerns. I must admit that statements such as this

"The Governance Layer enables unaffiliated entities to trust each other’s 
digital identities. A Governance Authority will establish the criteria for 
assessing and certifying Accrediting Authorities, who in turn assess and 
certify service providers. In addition, the Governance Authority will control 
the rules for trustmarks that indicate the service provider’s standing as a 
participant within the Identity Ecosystem."

make me nervous. 

Has the IETF (presumably, the IAB) considered a response to this proposal ?  
Should it ?

Regards
Marshall
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Poster sessions, Henk Uijterwaal
Next by Date:  Re: Old transport-layer protocols to Historic?, John C Klensin
Previous by Thread:  Contacts to Czech Technical University in Prague?, Hannes Tschofenig
Next by Thread:  Re: National Strategy for Trusted Identities in Cyberspace, Hannes Tschofenig
Indexes:  [Date] [Thread] [Top] [All Lists]