[gnso-rds-pdp-wg] What does "accreditation" mean here? (was Re: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc)

Rod Rasmussen rod at rodrasmussen.com
Thu Feb 15 20:58:20 UTC 2018 

Andrew,

Couple things.

One, couldn’t agree with you more on model two with a little bit of model one thrown in on some overall accreditation requirements. Hence I refer you to what the EWG report says about this in sections IV b & IV c  Amazingly, despite this document being nearly four years old now, almost every point you raise here we hit as well.  Great minds and all that…

Two, I think Stephanie here is basically assuming the technical side of this but would like there to be widely accepted standards for various fields to meet in order to be accredited by whatever body is doing it.  So assuming the scissors accreditors exist, what standards about people being able to cut properly do those accreditors all use?

Cheers,

Rod

> On Feb 15, 2018, at 12:35 PM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> 
> Hi,
> 
> On Thu, Feb 15, 2018 at 12:44:32PM -0500, Stephanie Perrin wrote:
>> Barcelona meeting to discuss accreditation requirements for cybersecurity an
>> IP actors who want to retain access to personal data in a tiered access
>> solution.
> 
> What do you mean by "accreditation"?
> 
> It seems to me there are two models.
> 
> One is that ICANN is a gate-keeper, and makes decisions about everyone
> who wants access to these things.
> 
> Another is that ICANN relies on various sector- or industry-related
> bodies to do that work, and ICANN just acts as a clearing house.  So,
> for instance, ICANN could decide that INTERPOL gets to decide what a
> police officer is, and ICANN simply accepts that definition.
> 
> It strikes me that quite possibly both mechanisms could be needed,
> with the first providing a fallback when someone has a legitimate need
> but doesn't have a relevant approved community group to rely on.
> 
> A nice thing about option (2) is that ICANN then doesn't need to be in
> the business of making a lot of decisions.  If there's already some
> international or treaty body that governments accept, then ICANN can
> just incorporate that acceptance all on its own.  (This is similar to
> how ICANN doesn't need to decide who a country is.)  Even better, the
> mechanism for such accreditation is for the "accrediting organization"
> to run an OAuth server.  That way, the org in question could change
> its membership all it wanted without informing or even having anything
> to do with ICANN.  An OAuth profile would identify that kind of
> account, and the user would get the appropriate access.  This is just
> how it works when you "use Google" to long into a non-Google site.
> It's an already-invented technology that is ready to go for RDAP
> today.  You can see it working IIRC in Scott Hollenbeck's testbed/demo
> system.
> 
> We have the technology today, ready to go and waiting, to make this
> easy.  Let's please not design a new accreditation system that gets
> ICANN into the business of evaluating every professional claim on the
> Internet.
> 
> Best regards,
> 
> A
> 
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180215/530a5b18/signature.asc>

More information about the gnso-rds-pdp-wg mailing list