Re: Call for Participation: OASIS Identity Based Attestation and Open Exchange Protocol Specification (IBOPS) TC

On 08/09/2014 02:25 AM, Anders Rundgren wrote:
> I think OASIS should try things they have a chance succeeding with.
> AFAIK, their stake in the client platform is close to NULL. It is sad
> that banks don't spend a dime on genuine web tech such as WebCrypto.
> Or VISA explaining how their "tokenization" scheme would go into
> WebPayments.

Agreed. I don't understand why the work is being done at OASIS either
unless this is a purely insider play (meaning, the technology isn't
meant to be used by the public, it's primarily for use in large
enterprises). They have been successful at getting SAML adopted, so this
wouldn't be the first time they've worked in the space. That Bank of
America, RedHat, and Intel are taking the lead is interesting, the
solution will most likely be colored (for better or worse) by a "big
enterprise" palette.

For those that don't want to dig deep into the documents, here's what
they're working on:

"The TC will develop the IBOPS specification to enable security systems
to provide Identity Assertion, Role Gathering, Multi-Level Access
Control, Assurance, and Auditing capabilities. IBOPS will define how
software running on a client device can communicate with an
IBOPS-enabled server. Methods for enabling security components to work
with existing IBOPS components for integration into current operating
environments will also be considered. An end-to-end specification
describing the standards necessary to perform server-based enhanced
biometric security will be created.  This solution will consider
enrollment phase, maintenance, storage, and revocation. Version 1.0 of
the specification should be completed within 18 to 24 months of the
first meeting. "

"The TC might also develop interoperability profiles for OASIS Trust
Elevation Protocol, FIDO, SAML, Open ID Connect and OAuth if deemed
appropriate by the TC."

Sounds like they're biting of a great deal of stuff, much of which we've
marked as out of scope for the credentials work because each item alone
would take years to complete.

We should track the IBOPS work closely and learn from it if they do
something interesting. It wouldn't hurt to try and create a liason
relationship between the Credentials CG and the IBOPS WG.

-- manu


Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: High-Stakes Credentials and Web Login

Received on Saturday, 9 August 2014 22:01:34 UTC