Zero Trust

 View Only
Expand all | Collapse all

Summary of the First Digital Identity Accreditations

  • 1.  Summary of the First Digital Identity Accreditations

    Posted Nov 07, 2022 09:51:00 AM
    This a nice article from Schellman mapping out the initial set of Digital Identity Accreditations. It will be interesting to see how things evolve. If history is any indication of future success, accreditations add a certain levell of credibility.

    Understanding the First Digital Identity Accreditations

    https://www.schellman.com/blog/understanding-the-first-digital-identity-accreditations?utm_content=221785449&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10472234

    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------


  • 2.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 08, 2022 08:38:00 AM





  • 3.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 09, 2022 01:54:00 PM
    Do you know if there is a breeder document authentication accreditation program? Schellman pushed these out as the first. You gotta wonder what is next on the list.

    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 4.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 09, 2022 02:25:00 PM
    Yes.  NIST in their FIPS 201-2 (Older Version) suggested a forensic analysis of the breeder document.
    In 2012 I co-wrote the paper "Stop Issuing Secure Credentials to Imposters"

    https://www.acuant.com/ sells the product.  I worked for AssureTec.  Accuant acquired them about five years ago.

    --
    Ron Martin, CPP



    Attachment(s)



  • 5.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 09, 2022 02:30:00 PM
    The two files are in the Library.

    Yes.  NIST in their FIPS 201-2 (Older Version) suggested a forensic analysis of the breeder document.
    In 2012 I co-wrote the paper "Stop Issuing Secure Credentials to Imposters"

    https://www.acuant.com/ sells the product.  I worked for AssureTec.  Acuant acquired them about five years ago.

    --
    Ron Martin, CPP

    --
    Ron Martin, CPP





  • 6.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 09, 2022 07:24:00 AM
    My concern, since digital identity was a hot topic around 2000 amongst national governments,  is that identity fraud, forgery is, I think, the number one crime today, and registration, validation and verification are only as secure as the identity management technology deployed by the identity authority.  

    It was insecure in the year 2000, and it is insecure today.  How to ensure the independence of validation of identity claims?  I think there may be a role for blockchain here, for verification when identity detail change requests are processed.  There is still the unresolved question of how to ensure all Identity Blockchain Group Members are trustable.  My initial thoughts were that they really had to be at a federal or regional government level, though with todays state actors perpetrating cyber espionage, how do we set up a federation of trust across national borders.  And please recognise that we require international collaboration to address the greatest challenge we have ever faced as a species, how to safely ratify carbon emissions reduction on a global basis.  This is a topic that has come up today at COP27, the UN Conference of Parties to address climate change. Because currently every country's Greenhouse Gas Emissions Reporting is inaccurate to a greater and lesser degree, either inadvertently or in some cases deliberate under reporting. 

    tCO2e metrics might well be another blockchain use case in the global annual reporting context, though not in the transactional sense. 

    I believe we have to think outside the boundaries of perceived national interest.  The big challenges today are international - stopping war and achieving net zero carbon emissions by 2050, or preferably earlier, as we are already on track for catastrophic inundation of coastal areas. 

    Best

    Nya

    ------------------------------
    Nya Murray
    Director
    Trac-Car
    ------------------------------



  • 7.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 10, 2022 07:20:00 AM
    NIST has provided some guidance here with the SP 800-63 Digital Identity Guidelines https://pages.nist.gov/800-63-3/

    ------------------------------
    Jonathan Flack Managing Director, ACM, CNCF, CSA
    ------------------------------



  • 8.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 10, 2022 09:59:00 AM
    Yes. SP 800-63 is a great source.  Maybe in the next revision, they will encourage electronic verification of breeder documents.

    --
    Ron Martin, CPP





  • 9.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 10, 2022 10:17:00 AM
    I know Login.gov referenced (and is compliant with) this for the identity assurance model they use.

    ------------------------------
    Jonathan Flack Managing Director, ACM, CNCF, CSA
    ------------------------------



  • 10.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 10, 2022 07:46:00 AM
    https://www.globalidentity.blog/2020/03/ten-reasons-blockchain-may-not-be.html

    ------------------------------
    Paul Simmonds
    CSA UK Chapter
    ------------------------------



  • 11.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 11, 2022 06:33:00 AM
      |   view attached
    @Nya Murray, as always I enjoy your posts and your aspirations. On a practical note, we need to act locally and think globally.​

    A multi-national (or global) identity system has been envisioned for years. In fact, the underlying structure was mapped out in the X.500 body of work in the 80s. Going back even further, this was talked about by the initial architects of the Internet. To @Paul Simmonds 's (and Vint Cerf's) point a global identity solution is not practical any time soon.

    Let's face it, the bad guys are never going to be honest about their identity. If they were, Ransomware would not happen. I sit on a policy and regulatory working group working on these issues for digital assets and cryptocurrency. Attached is a document talking about the Anti-Money Laundering (AML)/ Know Your Customer (KYC) issues with lots of references.

    Your post, as always, has lots to unpack. Keep those cards and letters coming. I do want to underline one item so your point about the need for accurate reporting for climate change and the like does not get lost. The simple act of placing data in the payload of a blockchain does not improve the quality of the data. Garbage In/ Garbage Out. It is the business rules placed around the blockchain that does that. Personally, I would like to see some regulation or at least oversight of any public blockchain.


    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------

    Attachment(s)



  • 12.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 14, 2022 02:05:00 AM
    People used to move and assume new identities prior to the 19th century.  And look at how authoritarian regimes are abusing identity, (for example the Chinese facial recognition systems that track Uighur people).  The technology is clear evidence that governments cannot be trusted with identity.  OK, @Alex Sharpe here is the scary update from COP27.  Al Gore and Co have developed great AI software combining satellite data, heat maps, and greenhouse maps to produce a global Climate Trace map. https://climatetrace.org/map  It is pretty accurate, and it is clear that global climate change is being caused globally mainly by Oil, Coal and Gasfields. The scary bit?  We are still in denial at what causes the problem, and collectively global governments have not been able to stop the big polluters, or even identify them. And it turns out that these companies are underreporting their CO2e (Global Warming Potential of greenhouse gases) by up to 300%.  The COP27 is the usual talk fest about everything but the elephant in the room.  Dangerous and irreversible climate change is largely being caused by a small number of fossil fuel companies. ​How have we missed this?  How did we miss Hitler?  How do we have mass delusions of what is good cybersecurity?   Hmmmmmmmm.............  let me think about that ......... :)

    ------------------------------
    Nya Murray
    Director
    Trac-Car
    ------------------------------



  • 13.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 15, 2022 02:54:00 PM
    @Nya Murray, these issues are a bit outside of CSA's purview but important just the same. Personally, I like the analytics produced by The Earth Institute.

    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 14.  RE: Summary of the First Digital Identity Accreditations

    Posted Nov 16, 2022 12:31:00 AM
    @Alex Sharpe I don't think you realize that cybersecurity and carbon emissions monitoring is the new imperative.  I sent you the link to Climate Trace because the planet is dying from overheating, and these people at last have produced a very exciting data collection show EXACTLY who is responsible.  Mostly multinational Oil, Coal and Gas companies whose dangerous emissions we now can track for certain, are destroying Earth's natural shield from massive solar radiation. 

    They are underreporting by up to 300%, so the case in point is how do we  get an identity management regime to stop these companies who are responsible for weather related mass deaths in Africa, Pakistan and death, loss and damage in the United States, Australia, China, India and Europe from CHEATING in their national carbon reports.  This is the current absolutely critical Use Case for Digital Identity, and Data Integrity.  So what is not relevant?   The CSA does not believe in science and data?   ​This is just the very start of the destruction being unleashed by greenhouse gas pollution, if you believe the 12,000 scientists from every country who contribute to the Intergovernmental Panel on Climate Change forecast for loss and damage on our planet in the next 10, 20 and 50 years.  Surely this is the use case to end all use cases, and if this is not relevant to the CSA, I would like to know what planet the CSA is living on. 

    Surely everyone has been following the science.  After all, we are computer scientists.

    ------------------------------
    Nya Murray
    Director
    Trac-Car
    ------------------------------