Friday, the White House blog announced the creation of "A National Program Office for Enhancing Online Trust and Privacy" http://www.whitehouse.gov/blog/2011/01/07/national-program-office-enhancing-online-trust-and-privacy This activity will be based on the National Strategy for Trusted Identities in Cyberspace, which is available in draft form http://www.dhs.gov/xlibrary/assets/ns_tic.pdf There was a comment period, which is now closed (and the comments have now been taken down) http://www.msnbc.msn.com/id/37943900/ http://www.nstic.ideascale.com/ The draft action items include Action 2: Develop a Shared, Comprehensive Public/Private Sector Implementation Plan Action 4: Work Among the Public/Private Sectors to Implement Enhanced Privacy Protections Action 5: Coordinate the Development and Refinement of Risk Models and Interoperability Standards Standards that cover interoperability requirements, trustmark criteria, and accreditation will pave a path that supports choice across solutions, ultimately accelerating Identity Ecosystem adoption. All detailed actions associated with Identity Ecosystem standards will build on existing efforts undertaken by the Federal Government, trust framework providers, private sector, standards bodies, and international organizations. Standards established within the Identity Ecosystem will require incorporation of privacy guidelines. They should also require, to the extent feasible, adoption of protocols that minimize the ability to link or aggregate transactions and transaction data across Identity Ecosystem participants and relying parties, while maintaining individual transaction history, integrity, and auditability. Standards development, adoption, or enhancement will support autonomy and choice among Identity Ecosystem providers and flexibility within industry sectors, while facilitating cross-sector and international interoperability. ----- What is proposed is apparently something like an official version of the existing Certificate system, and apparently will involve technical standards setting. This is an area where the IETF has some expertise, and also should have some concerns. I must admit that statements such as this "The Governance Layer enables unaffiliated entities to trust each other’s digital identities. A Governance Authority will establish the criteria for assessing and certifying Accrediting Authorities, who in turn assess and certify service providers. In addition, the Governance Authority will control the rules for trustmarks that indicate the service provider’s standing as a participant within the Identity Ecosystem." make me nervous. Has the IETF (presumably, the IAB) considered a response to this proposal ? Should it ? Regards Marshall _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf