US e-government certificate policy
Hi folks, I just want to mention that the US e-gov certificate policy <http://www.idmanagement.gov/sites/default/files/documents/X%20509%20Certificate%20Policy%20for%20the%20E-Governance%20Certification%20Authorities%20v2.1.pdf> includes policy on issuance of X.509 certificates for devices and services. It's fairly standard enterprise IT stuff like TLS for HTTPS or SAML, and that scope lacks some IOT characteristics like device autonomy, wide geographic dispersal or susceptibility to physical attack, but I still think we can learn from it. I believe the doc would be an exemplary use case for us to analyze using the approach in our draft document on the wiki. Much of the content of the document is technically tied to PKI, but there is plenty of guidance that could be classified as "identity of thing management" which is not technology dependent. If the group thinks this makes sense, I may take a stab over the holidays at working up an annex to the draft document. Let me know what you think. Best regards, Scott -- ========================================================== *Scott Shorter, Principal Security Engineer* Electrosoft *–* Fueling Customer Success Through Outstanding Value and Trust! *Woman-Owned, Minority-Owned Small Business | ISO 9001 | CMMI Level 2 * sshorter@electrosoft-inc.com (Email); http://www.electrosoft-inc.com (Web) ==========================================================
Hi Scott, I think this could be an interesting source for us. So if and only if you find the time I would really appreciate your work here. Best Ingo From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Scott Shorter Sent: Dienstag, 15. Dezember 2015 19:45 To: dg-idot@kantarainitiative.org Subject: [DG-IDoT] US e-government certificate policy Hi folks, I just want to mention that the US e-gov certificate policy<http://www.idmanagement.gov/sites/default/files/documents/X%20509%20Certificate%20Policy%20for%20the%20E-Governance%20Certification%20Authorities%20v2.1.pdf> includes policy on issuance of X.509 certificates for devices and services. It's fairly standard enterprise IT stuff like TLS for HTTPS or SAML, and that scope lacks some IOT characteristics like device autonomy, wide geographic dispersal or susceptibility to physical attack, but I still think we can learn from it. I believe the doc would be an exemplary use case for us to analyze using the approach in our draft document on the wiki. Much of the content of the document is technically tied to PKI, but there is plenty of guidance that could be classified as "identity of thing management" which is not technology dependent. If the group thinks this makes sense, I may take a stab over the holidays at working up an annex to the draft document. Let me know what you think. Best regards, Scott -- ========================================================== Scott Shorter, Principal Security Engineer Electrosoft – Fueling Customer Success Through Outstanding Value and Trust! Woman-Owned, Minority-Owned Small Business | ISO 9001 | CMMI Level 2 sshorter@electrosoft-inc.com<mailto:sshorter@electrosoft-inc.com> (Email); http://www.electrosoft-inc.com<http://www.electrosoft-inc.com/> (Web) ==========================================================
participants (2)
-
Ingo.Friese@telekom.de
-
Scott Shorter