[DG-IDoT] US e-government certificate policy

Scott Shorter sshorter at electrosoft-inc.com
Tue Dec 15 12:44:34 CST 2015


Hi folks,

I just want to mention that the US e-gov certificate policy
<http://www.idmanagement.gov/sites/default/files/documents/X%20509%20Certificate%20Policy%20for%20the%20E-Governance%20Certification%20Authorities%20v2.1.pdf>
includes policy on issuance of X.509 certificates for devices and
services.  It's fairly standard enterprise IT stuff like TLS for HTTPS or
SAML, and that scope lacks some IOT characteristics like device autonomy,
wide geographic dispersal or susceptibility to physical attack, but I still
think we can learn from it.

I believe the doc would be an exemplary use case for us to analyze using
the approach in our draft document on the wiki.  Much of the content of the
document is technically tied to PKI, but there is plenty of guidance that
could be classified as "identity of thing management" which is not
technology dependent.

If the group thinks this makes sense, I may take a stab over the holidays
at working up an annex to the draft document. Let me know what you think.

Best regards,
Scott
-- 
==========================================================
*Scott Shorter, Principal Security Engineer*
Electrosoft *–* Fueling Customer Success Through Outstanding Value and
Trust!
*Woman-Owned, Minority-Owned Small Business | ISO 9001 | CMMI Level 2 *
sshorter at electrosoft-inc.com (Email);   http://www.electrosoft-inc.com (Web)
==========================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/dg-idot/attachments/20151215/5a82eea8/attachment.html>


More information about the DG-IDoT mailing list