Are there too many cooks in the certification kitchen?
Certification programs seem to be the cooking shows of the identity domain. Turn around, and there is a new one. Do they add value or confusion?
I once managed a certification program for identity services, so tend to have a somewhat jaded but intimate understanding of both the beautiful vision of interoperable outcomes and the seductive fallacy of enforcement.
While I believe that a properly structured certification program adds great value by ensuring a common baseline of interoperable services, my concern remains the impact of the sheer number of these programs (“flaming hoops”) on the identity services who seek the certification.
At least for the FICAM TFS Program, the two options I had thought would be worth further exploration, without changing the existing once removed (TFS > TFP > Identity Service) approval mechanisms, were:
-
Merge the FICAM TFS Program into the FedRAMP program. FedRAMP is currently focused on the infrastructure-as-a-service layer, so bringing in the TFS certification under the FedRAMP umbrella simply enriched it with an existing identity-as-a-service layer (FedRAMP > TFP > Identity Service).
-
Merge the FICAM TFS Program into the Connect.gov program. If Connect.gov is the operational infrastructure, let it also have the authority and ability to manage the certification program for the services that can integrate with it (Connect.gov PMO > TFP > Identity Service)
I was unsuccessful at getting any traction for either of these options, but continue to believe that less is better here.
Context and Privacy
-
The Context Conundrum: How can we ensure that personal data or metadata is used to our benefit? How can we provide intelligent assistance while protecting customer privacy?
-
Privacy Engineering at NIST. Webcast overview of the draft Privacy Engineering Objectives and Risk Model
-
The Office of the National Coordinator for Health Information Technology (“ONC”) has released a revised Guide to Privacy and Security of Electronic Health Information
cyberLinks: random and relevant
-
Open Assets Protocol describes a mechanism used for storing and transferring custom, non-native assets on the Blockchain
-
HTTP v 2 is now on the standards track at IETF