Categories
Building Trust Identity Open Internet Standards Privacy Technology

Rough Guide to IETF 90: Trust, Identity, and Privacy

Trust, Identity, and Privacy are ongoing key topics for the Internet Society team. With the evolving awareness around security and privacy on the Internet, the IETF has continued to focus on numerous activities addressing these topics, and will be participating in several sessions this week at IETF 90 in Toronto.

The web PKI certificate infrastructure continues to be a source of trust related operational issues in the Internet. The trans (Public Notary Transparency) Working Group (WG) was chartered and met for the first time at IETF 89. The first task of this working group is the generation of a standards track version of the experimental RFC 6962 on Certificate Transparency. This working group has been quite active and maintains an issue tracker to facilitate progress on their documents. Topics for this week include remaining issues before working group last call, a gossip protocol, and client behavior. The working group is already considering potential new working items including the creation of transparent repositories for other assets including dnssec and binary signatures of executables.

On the identity front, the abfab (Application Bridging for Federated Access Beyond the web) WG is wrapping up its initial work on a federated identity mechanism for use by Internet protocols other than HTML/HTTP. This week they will focus on remaining open issues related to the architecture and usability and user interface documents.
 
The newly formed ace (Authentication and Authorization in Constrained Environments) WG is meeting for the first time here at IETF90. The primary discussions for this meeting will center around some core questions to help provide the group scope and direction. Given that this working group is just getting started, this session should be an excellent one to get a broad perspective on the work and direction as it is forming.
 
The scim (System for Cross-domain Identity Management) WG is also focused on getting their core documents for the management of user identities and identity-related objects across administrative domains ready for working group last call.
 
The oauth (Web Authorization Protocol) WG is quite active with work on dynamic client registration, proof-of-possession security assertions, token introspection, and token exchange among others. There are several oauth documents that are currently in IESG processing.
 
The jose (Javascript Object Signing and Encryption) WG has been addressing various issues from the AD review of the four core specifications. This meeting will discuss the status of those reviews, prepare for an IETF Last Call on the documents, discuss the status of the cookbook, and explore a few additional topics including JSON Web key thumbprint and the possible use of JOSE for CBOR.
 
Finally, rumor has it that one of the co-chairs of the W3C Privacy Interest Group (PING) is here this week and planning some side discussions related to those activities. The exact details are evolving, but if you are interested, drop me an email, and I’ll forward the details.
 
All in all it will be a busy week for those interested in Trust, Identity, and Privacy at IETF 90.

Related Meetings, Working Groups, and BOFs at IETF 90:

abfab (Application Bridging for Federated Access Beyond web) WG
Agenda: https://tools.ietf.org/wg/abfab/agenda
Charter: https://tools.ietf.org/wg/abfab/charter
Thursday, 24 July 2014; 0900-1000

ace (Authentication and Authorization for Constrained Environments) WG
Agenda: https://tools.ietf.org/wg/ace/agenda
Charter: https://tools.ietf.org/wg/ace/charter
Wednesday, 23 July 2014; 0900-1130

httpauth (Hypertext Transfer Protocol Authentication) WG
Agenda: https://tools.ietf.org/wg/httpauth/agenda
Charter: https://tools.ietf.org/wg/httpauth/charter
Thursday, 24 July 2014; 1000-1130

jose (Javascript Object Signing and Encryption) WG
Agenda: https://tools.ietf.org/wg/jose/agenda
Charter: https://tools.ietf.org/wg/jose/charter
Monday, 21 July 2014; 1300-1500

kitten (Common Authentication Technology Next Generation) WG
Agenda: https://tools.ietf.org/wg/kitten/agenda
Charter: https://tools.ietf.org/wg/kitten/charter
Wednesday, 23 July 2014; 0900-1130

oauth (Web Authorization Protocol) WG
Agenda: https://tools.ietf.org/wg/oauth/agenda
Charter: https://tools.ietf.org/wg/oauth/charter
Thursday, 24 July 2014; 1520-1720

scim (System for Cross-domain Identity Management) WG
preliminary agenda published on scim mailing list
Agenda: https://tools.ietf.org/wg/scim/agenda (not available as of 20 July 2014)
Charter: https://tools.ietf.org/wg/scim/charter
Wednesday, 23 July 2014; 1300-1500

trans (Public Notary Transparency) WG
Agenda: https://tools.ietf.org/wg/trans/agenda
Charter: https://tools.ietf.org/wg/trans/charter
Friday, 25 July 2014; 0900-1130