Trust, Identity, and Privacy are ongoing key topics for the Internet Society team. With the evolving awareness around security and privacy on the Internet, the IETF has continued to focus on numerous activities addressing these topics, and will be participating in several sessions this week at IETF 90 in Toronto.
The web PKI certificate infrastructure continues to be a source of trust related operational issues in the Internet. The trans (Public Notary Transparency) Working Group (WG) was chartered and met for the first time at IETF 89. The first task of this working group is the generation of a standards track version of the experimental RFC 6962 on Certificate Transparency. This working group has been quite active and maintains an issue tracker to facilitate progress on their documents. Topics for this week include remaining issues before working group last call, a gossip protocol, and client behavior. The working group is already considering potential new working items including the creation of transparent repositories for other assets including dnssec and binary signatures of executables.
On the identity front, the abfab (Application Bridging for Federated Access Beyond the web) WG is wrapping up its initial work on a federated identity mechanism for use by Internet protocols other than HTML/HTTP. This week they will focus on remaining open issues related to the architecture and usability and user interface documents.
The newly formed ace (Authentication and Authorization in Constrained Environments) WG is meeting for the first time here at IETF90. The primary discussions for this meeting will center around some core questions to help provide the group scope and direction. Given that this working group is just getting started, this session should be an excellent one to get a broad perspective on the work and direction as it is forming.
The scim (System for Cross-domain Identity Management) WG is also focused on getting their core documents for the management of user identities and identity-related objects across administrative domains ready for working group last call.
The oauth (Web Authorization Protocol) WG is quite active with work on dynamic client registration, proof-of-possession security assertions, token introspection, and token exchange among others. There are several oauth documents that are currently in IESG processing.
Finally, rumor has it that one of the co-chairs of the W3C Privacy Interest Group (PING) is here this week and planning some side discussions related to those activities. The exact details are evolving, but if you are interested, drop me an email, and I’ll forward the details.
All in all it will be a busy week for those interested in Trust, Identity, and Privacy at IETF 90.
Related Meetings, Working Groups, and BOFs at IETF 90:
scim (System for Cross-domain Identity Management) WG
preliminary agenda published on scim mailing list
Agenda: https://tools.ietf.org/wg/scim/agenda (not available as of 20 July 2014)
Wednesday, 23 July 2014; 1300-1500