[gnso-rds-pdp-wg] What does "accreditation" mean here? (was Re: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc)

Andrew Sullivan ajs at anvilwalrusden.com
Thu Feb 15 20:35:53 UTC 2018 

Hi,

On Thu, Feb 15, 2018 at 12:44:32PM -0500, Stephanie Perrin wrote:
> Barcelona meeting to discuss accreditation requirements for cybersecurity an
> IP actors who want to retain access to personal data in a tiered access
> solution.

What do you mean by "accreditation"?

It seems to me there are two models.

One is that ICANN is a gate-keeper, and makes decisions about everyone
who wants access to these things.

Another is that ICANN relies on various sector- or industry-related
bodies to do that work, and ICANN just acts as a clearing house.  So,
for instance, ICANN could decide that INTERPOL gets to decide what a
police officer is, and ICANN simply accepts that definition.

It strikes me that quite possibly both mechanisms could be needed,
with the first providing a fallback when someone has a legitimate need
but doesn't have a relevant approved community group to rely on.

A nice thing about option (2) is that ICANN then doesn't need to be in
the business of making a lot of decisions.  If there's already some
international or treaty body that governments accept, then ICANN can
just incorporate that acceptance all on its own.  (This is similar to
how ICANN doesn't need to decide who a country is.)  Even better, the
mechanism for such accreditation is for the "accrediting organization"
to run an OAuth server.  That way, the org in question could change
its membership all it wanted without informing or even having anything
to do with ICANN.  An OAuth profile would identify that kind of
account, and the user would get the appropriate access.  This is just
how it works when you "use Google" to long into a non-Google site.
It's an already-invented technology that is ready to go for RDAP
today.  You can see it working IIRC in Scott Hollenbeck's testbed/demo
system.

We have the technology today, ready to go and waiting, to make this
easy.  Let's please not design a new accreditation system that gets
ICANN into the business of evaluating every professional claim on the
Internet.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com

More information about the gnso-rds-pdp-wg mailing list