assurance - Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches
Subject: Assurance
List archive
- From: "Joe St Sauver" <>
- To:
- Subject: Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches
- Date: Wed, 8 Aug 2012 09:21:38 -0700 (PDT)
mrg commented:
#800-63 is a useful document. It is intended for USGov agencies and NGOs.
#We are not they. When we say Silver is 800-63, even in certain respects,
#I completely disagree. We are NOT they.
At the risk triggering special paper airplane targetting when we next
eat together, let me just share a somewhat different perspective...
Clearly, higher ed is not the US government, in that respect, you're
absolutely right.
However, in many cases, we do need to work closely with them. This might
be NSF or NIH or DOE research grants, for example, or use of supercomputers
or other federally administered research facilities.
Or it might be federal financial aid programs, or other student-related
programs in conjunction with the Department of Education, just to
mention another possible area where universities and federal agencies
seem to often intersect.
If we're all following the same standards, imperfect/frustrating though
those existing stanard may be, we might hope that those interactions
would be simpler (probably a vain hope, but at times I indulge myself
and allow myself to be at least a little bit of an optimistic idealist).
Heck, if the international community can agree on common standards for
machine readable passports, or the states can (largely) agree on common
standards for drivers licenses, surely we should be able to come close
to similar congruence for high assurance identities...
Or we might do something different, unique to (part of) higher ed.
Having done so, is there much chance that the feds will come about and
begin to follow our new course? I think not. HSDP-12, for example,
ensured that virtually all federal employees and contracts will be using
HSPD-12-compliant credentials. That ship has sailed.
What of the broader marketplace? Is Facebook or Google likely to adopt
credentials that follow *either* the federal standard, or higher
education's standard for strong assurance credentials? Unfortunately,
probably not.
And that's really unfortunate. I'd really, really, really like to see a
standardized and potentially interoperable credential for all those who
might need or want it, with privacy preserving options for those who
might worry about privacy/big brother having too easy of a time of it.
If we can't do 800-63, I think it would behoove us to pursue a formal
industry standard that we all could live with, probably via the IETF.
It might start with 800-63, or Silver, or something else, but at least
it would be a standard from a standards body that has a chance of
universal acceptance. That's the real key, I think -- having something
that's standardized, and thus broadly accepted.
Just my two cents, paper airplane ack-ack guns at the ready :-)
Regards,
Joe
- [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/07/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/07/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/08/2012
- <Possible follow-up(s)>
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Joe St Sauver, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/09/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Tom Scavo, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Tom Scavo, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, William G. Thompson, Jr., 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Cantor, Scott, 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, William G. Thompson, Jr., 08/10/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Tom Scavo, 08/10/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/10/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Roy, Nicholas S, 08/09/2012
- RE: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Jones, Mark B, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Michael R. Gettes, 08/08/2012
- Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches, Ann West, 08/07/2012
Archive powered by MHonArc 2.6.16.