Categories
Building Trust Identity Open Internet Standards Privacy Technology

Rough Guide To IETF 89: Trust, Identity, and Privacy

Trust, identity, and privacy continue to be active areas of interest for the Internet Society. With all the recent concerns about security and privacy on the Internet, the IETF has focused on numerous activities addressing these topics. To that end, there are several interesting topics being discussed at IETF 89 in London next week.

For the first time, a tutorial on Engineering Privacy into Internet Protocols will be offered to all IETF attendees on Sunday, 2 March. This tutorial comes out of the IAB Privacy program and is based on RFC 6973, Privacy Considerations for Internet Protocols.

The web PKI certificate infrastructure continues to be a source of trust-related operational issues in the Internet. Work to improve this infrastructure is being accelerated by the establishment of a new working group, trans (Public Notary Transparency). The first task of this working group will be to generate a standards track version of the experimental RFC 6962 on Certificate Transparency. Additionally, the wpkops (web PKI OPS) WG continues to work to document current Web PKI operations with an eye toward suggested improvements in those operations.

On the identity front, the abfab (Application Bridging for Federated Access Beyond the web) Working Group is wrapping up its initial work on a federated identity mechanism for use by Internet protocols other than HTML/HTTP. Next week they will focus on remaining open issues and possible work items to re-charter the working group. The scim (System for Cross-domain Identity Management) WG continues to make progress on managing user identities and identity-related objects across administrative domains. The oauth (Web Authorization Protocol) WG is quite active with work on assertions, dynamic registration, and JSON web tokens. There will also be discussions on security directions for oauth in that session. The jose (Javascript Object Signing and Encryption) WG has just completed a Working Group Last Call on its suite of documents and the expectation is that these documents will soon be sent forward to the IESG. And, in case your plate isn’t full enough, there is a BoF on authentication and authorization in constrained environments (ace).

Finally, as a continuing technical response to last year’s series of pervasive surveillance revelations, the IETF is focused on several efforts to strengthen the Internet. This begins prior to the IETF with the IAB/W3C STRINT workshop mentioned in an earlier IETF 89 Rough Guide blog post. It continues into the IETF week with discussions on improving privacy through the use of TLS in various Internet application protocols in the newly formed uta (Using TLS in Applications) WG. Additionally, the IRTF Crypto Forum Research Group has renewed interest and activity as a result of the IETF desire to strengthen its use of cryptography.

All in all it will be an action-packed week for those interested in trust, identity, and privacy at IETF 89.

Related Meetings, Working Groups, and BoFs at IETF 89:

  • Tutorial: Engineering Privacy into Internet Protocols
    (Sunday, 2 March 2014; 1500-1630)

To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf89.