Certification programs seem to be the cooking shows of the identity domain. Turn around, and there is a new one. Do they add value or confusion?
I once managed a certification program for identity services, so tend to have a somewhat jaded but intimate understanding of both the beautiful vision of interoperable outcomes and the seductive fallacy of enforcement.
While I believe that a properly structured certification program adds great value by ensuring a common baseline of interoperable services, my concern remains the impact of the sheer number of these programs ("flaming hoops") on the identity services who seek the certification.
At least for the FICAM TFS Program, the two options I had thought would be worth further exploration, without changing the existing once removed (TFS > TFP > Identity Service) approval mechanisms, were:
Merge the FICAM TFS Program into the FedRAMP program. FedRAMP is currently focused on the infrastructure-as-a-service layer, so bringing in the TFS certification under the FedRAMP umbrella simply enriched it with an existing identity-as-a-service layer (FedRAMP > TFP > Identity Service).
Merge the FICAM TFS Program into the Connect.gov program. If Connect.gov is the operational infrastructure, let it also have the authority and ability to manage the certification program for the services that can integrate with it (Connect.gov PMO > TFP > Identity Service)
I was unsuccessful at getting any traction for either of these options, but continue to believe that less is better here.
Context and Privacy
The Context Conundrum: How can we ensure that personal data or metadata is used to our benefit? How can we provide intelligent assistance while protecting customer privacy?
Privacy Engineering at NIST. Webcast overview of the draft Privacy Engineering Objectives and Risk Model
The Office of the National Coordinator for Health Information Technology (“ONC”) has released a revised Guide to Privacy and Security of Electronic Health Information
cyberforge: random and relevant
Open Assets Protocol describes a mechanism used for storing and transferring custom, non-native assets on the Blockchain
HTTP v 2 is now on the standards track at IETF