1. We'd all like to see the US NSTIC project move forward and produce something of value. One of
the first things NSTIC needs is a credible draft standards landscape. We'd like to use IIW13
(http://www.idcommons.org/internet-identity-workshop-13-october-18-20-in-mountain-view-2/) to start
open collaboration on that, by brainstorming to:
* validate or improve some rough categories;
* collect and solicit additions to lists of known standards and gaps for each category; and
* seek some agreement on how to refine, and more broadly consult about, those lists.
In the spirit of moving forward fast: Seems like a good idea to collect all the data that we can
easily gather on existing relevant standards projects. Tragically, there's no such thing as the
Official Global Database Of Everyone's Standards and Drafts.
In the spirit of cooperation: Representatives from six relevant standards organizations have
huddled and agreed to cooperate on brainstorming sessions at IIW next week: in alpha order,
Kantara, OASIS, OIX, SAFE-BioPharma, Smart Card Alliance and W3C. Of course, there are
lots of other equally valuable stakeholders; but we needed some moderators, and standards
people who have been showing up reliably at NSTIC and IIW seemed like a good start. This is an
unconference; nobody bosses anybody.
In the spirit of fitting into the IIW ecology: There's a lot of ground to cover, but it would be piggy
to consume a whole IIW day. So we are planning to propose 3 sessions. Helps keep the scale
bearable. And obviously, other stuff will be going on in the same time slots. All we can expect, in
that time frame, is a beginning list of known projects, and some plans to collectively grow it. But
that's enough for a start.
Note: It's not a perfect taxonomy of categories, and the exemplar standards listed are definitely
not complete. But this rough sort still may help us organize lists, and solicit additions.
Session Topics Incomplete list of obvious stuff Moderators/scribes
1 Authorization, SSO, token Kantara, OIX, OAuth, OpenID, KMIP, etc. Don Thibeau (OIX)
data & Joni Brennan
(Kantara)
Access control and SAML, SCIM, XACML, SPML, LDAP, RuleML/
assertion languages RIF, WS-Policy, XSPA, W3C Provenance, etc.
2 “Frameworks“, assurance Kantara, OIX, SAFE-BioPharma, Trust Rich Furr (SAFE-
levels, interparty liability Elevation, etc. BioPharma) & Cathy
Medich (SCA)
Device-specific (mobile; SCA (14443, 7816, etc), SAFE-BioPharma,
smartcards; browser, etc.) W3C mobile, W3C DNT, INCITS M1, etc.
3 Privacy, anonymity & policy P3P, W3C DNT, PMRM, VRM, IETF RFCs Harry Halpin (W3C)
3323, 4941, 6280, etc. & Jamie Clark
(OASIS)
Plan for iterating the lists Public reviews? Wikis? Meetings?
Ideally, after a few rounds of this, we will have a first approximation of an existing-standards map,
and something to use in identifying gaps.
So, consider this your notice that a handful of standards folks will propose three sessions on
Wednesday to go standards-hunting, and you're invited to participate. See you in Santa Clara!