I’m a little confused on the item below, can you explain more and why this should be done in OIDF ? Also I would assume that the requirements be normative (as they are listed under non-normative now). Also I assume that the assurance criteria would be based upon some exiting international standard like 29115 and not limited to NIST efforts.
(1) International Government Assurance Profile for OAuth 2.0 From: specs [mailto:[email protected]] On Behalf Of John Bradley Sent: Sunday, August 2, 2015 2:34 PM To: [email protected] Cc: [email protected]; [email protected] Subject: New iGov Working Group Charter proposal. At the request of a number of Governments, some of whom have OpenID Connect deployments and others that are considering it, we propose to form a new OIDF Working group. The goal is to have a common deployment profile that can be customized for the needs of both pubic and private sector deployments that require the higher levels of security that OpenID Connect can support. "The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that allow users to authenticate and share consented attribute information with public sector services across the globe. The resulting profile will enable standardized integration with public sector relying parties in multiple jurisdictions. The profile will be applicable to, but not exclusively targeted at, identity broker-based implementations.” The fill draft charter is available at http://openid.net/igov-wg-draft-charter/<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fopenid.net%2figov-wg-draft-charter%2f&data=01%7c01%7ctonynad%40microsoft.com%7c47c35927aadc404393f408d29b821a9f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=mw8EdW6JfCWQU9O43hsXLOLVFiOEjQTgTMFbMhg11xs%3d> Feedback and additional proposers are welcome. Regards John Bradley
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
