Wrapping up the series of Rough Guide posts is our focus on Trust, Identity, and Privacy. ISOC has been working over the past five years in these areas, and each subsequent IETF has seen advancing work and progress being made on multiple fronts. IETF 91 is no exception.
The first bit of exciting news is that the ISOC @ IETF panel for this IETF will focus on Identity. We have arranged for four excellent panelists to talk about the world of identity from their perspective. Some questions we hope to address are: What are the underlying identifiers we use on the Internet today? What are their properties? How do these identifiers and attributes relate to our ideas of “identity?” If we were to dream of an ideal world with multiple interlinked and interoperable identity ecosystems, what would good look like?
The second bit of exciting news is a new mailing list created to discuss vectors of trust . The impetus for this mailing list came out of an ISOC sponsored workshop this past December. It is hoped that these discussions will lead to further consensus on concepts around trust and levels of assurance. There are rumors of a Bar BOF (tragically without a real bar) to be held on this topic in the Sea Pearl 3 room this Monday, 10 Nov from 7:45 pm until we run out of steam. Check the mailing list for any last minute update of these plans. This is a great opportunity to get involved in a potential IETF activity at a very early stage.
Before we get to a rundown of the working groups, I’d also like to highlight a side meeting on W3C activities related to privacy. The W3C Privacy Interest Group (PING) will be holding an informal “get-together” alongside IETF on Thursday 13 November 2014 (11:40 am – 12:50 pm) in Sea Pearl 4. Anyone is welcome to attend, and this is an excellent opportunity to learn about W3C activities in this space. Who knows, you may even feel inclined to volunteer to help with a few reviews and in return get exposure to and gratitude from the W3C community.
As for the IETF working groups, there are several ongoing working groups addressing topics in this space. The JOSE wg will have a short meeting on Monday evening primarily to address comments from the recent IESG review of all the core specifications. It is exciting to see this activity drawing closer to a successful conclusion.
The OAUTH (Web Authorization Protocol) working group is quite active with its continuing work on dynamic client registration, proof-of-possession security assertions, token introspection, and token exchange among others. There are several oauth documents that are currently in IESG processing.
The recently formed ACE (Authentication and Authorization in Constrained Environments) working group is meeting for only the second time here at IETF91. Topics for the agenda include use cases, actors, architecture comparison, and object security. There are several documents ready for discussion at the documents link below.
The SCIM (System for Cross-domain Identity Management) working group is primarily focused on getting their core documents for the management of user identities and identity-related objects across administrative domains finalized. They will however also be discussing rechartering, and some possible next steps include soft deletes, notifications, password and other credential artifacts, and session management.
The STIR (Secure Telephone Identities Revisited) working group is looking to develop mechanisms to correctly identify where SIP requests are being originated. In a nutshell, how do you prove ownership of a telephone number of the Internet? The problem statement (RFC 7340) and threats (RFC 7375) documents were published earlier this year, and the “Authenticated Identity Management in the Session Initiation Protocol” and “Secure Telephone Identity Credentials: Certificates” documents are on the agenda for this meeting.
The web PKI certificate infrastructure continues to be a source of trust related operational issues in the Internet. The primary effort of the TRANS (Public Notary Transparency) WG is the generation of a standards track version of the experimental RFC 6962 on Certificate Transparency. Topics for this week’s agenda incude the gossip protocol, the client/monitor protocol, and extensions of CT for DNSSEC and executables.
The final activity that I’d like to highlight is the IAB Privacy and Security Program. We’ve already mentioned this program in earlier blog posts in this series, but I felt a summary in this space would not be complete without mentioning it again. The trust area of this program is just getting started, and we look forward to lots of interesting work coming out of this activity. If you see me around this week, feel free to stop me and share with me any ideas that you might have related to this topic (or any other for that matter).
Related Meetings, Working Groups, and BOFs:
ace (Authentication and Authorization for Constrained Environments) BOF
Wednesday, 12 Nov 2014; 1300-1500, Coral 5
dprive (DNS PRIVate Exchange) WG
Tuesday, 11 November 2014, 1300-1500 HST, Coral 5
httpauth (Hypertext Transfer Protocol Authentication) WG
Friday, 14 Nov 2014, 1150-1320 HST, Coral 2
Monday, 10 Nov 2014, 1730-1830 HST, Lehua Suite
kitten (Common Authentication Technology Next Generation) WG
Thursday, 13 Nov 2014, 1520-1620 HST, Hibiscus
oauth (Web Authorization Protocol) WG
Wednesday, 12 Nov 2014, 900-1130, Lehua Suite
scim (System for Cross-domain Identity Management) WG
Friday, 14 Nov 2014, 1150-1320
stir (Secure Telephone Identity Revisited) WG
Tuesday, 11 Nov 2014, 1300-1500 HST, Kahili
trans (Public Notary Transparency) WG
Monday, 10 November 2014, 1520-1720 HST, Hibiscus
There’s a lot going on next week, and whether you plan to be there or join remotely, there’s much to follow. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://dev.internetsociety.org/rough-guide-ietf91.