Transcript of "Standards brainstorming: NSTIC/IIW13"
Wed all like to see the US NSTIC project move forward and produce something of value. One ofthe first things NSTIC needs is a credible draft standards landscape. Wed like to use IIW13(http://www.idcommons.org/internet-identity-workshop-13-october-18-20-in-mountain-view-2/) to startopen collaboration on that, by brainstorming to: * validate or improve some rough categories; * collect and solicit additions to lists of known standards and gaps for each category; and * seek some agreement on how to refine, and more broadly consult about, those lists.In the spirit of moving forward fast: Seems like a good idea to collect all the data that we caneasily gather on existing relevant standards projects. Tragically, theres no such thing as theOfficial Global Database Of Everyones Standards and Drafts.In the spirit of cooperation: Representatives from six relevant standards organizations havehuddled and agreed to cooperate on brainstorming sessions at IIW next week: in alpha order,Kantara, OASIS, OIX, SAFE-BioPharma, Smart Card Alliance and W3C. Of course, there arelots of other equally valuable stakeholders; but we needed some moderators, and standardspeople who have been showing up reliably at NSTIC and IIW seemed like a good start. This is anunconference; nobody bosses anybody.In the spirit of fitting into the IIW ecology: Theres a lot of ground to cover, but it would be piggyto consume a whole IIW day. So we are planning to propose 3 sessions. Helps keep the scalebearable. And obviously, other stuff will be going on in the same time slots. All we can expect, inthat time frame, is a beginning list of known projects, and some plans to collectively grow it. Butthats enough for a start.Note: Its not a perfect taxonomy of categories, and the exemplar standards listed are definitelynot complete. But this rough sort still may help us organize lists, and solicit additions.Session Topics Incomplete list of obvious stuff Moderators/scribes1 Authorization, SSO, token Kantara, OIX, OAuth, OpenID, KMIP, etc. Don Thibeau (OIX) data & Joni Brennan (Kantara) Access control and SAML, SCIM, XACML, SPML, LDAP, RuleML/ assertion languages RIF, WS-Policy, XSPA, W3C Provenance, etc.2 “Frameworks“, assurance Kantara, OIX, SAFE-BioPharma, Trust Rich Furr (SAFE- levels, interparty liability Elevation, etc. BioPharma) & Cathy Medich (SCA) Device-specific (mobile; SCA (14443, 7816, etc), SAFE-BioPharma, smartcards; browser, etc.) W3C mobile, W3C DNT, INCITS M1, etc.3 Privacy, anonymity & policy P3P, W3C DNT, PMRM, VRM, IETF RFCs Harry Halpin (W3C) 3323, 4941, 6280, etc. & Jamie Clark (OASIS) Plan for iterating the lists Public reviews? Wikis? Meetings?Ideally, after a few rounds of this, we will have a first approximation of an existing-standards map,and something to use in identifying gaps.So, consider this your notice that a handful of standards folks will propose three sessions onWednesday to go standards-hunting, and youre invited to participate. See you in Santa Clara!