[Openid-specs-risc] First things first for RISC

Mike Jones Michael.Jones at microsoft.com
Mon Feb 20 22:58:24 UTC 2017


I have some observations and recommendations to share from the RISC face-to-face meeting that I attended on Thursday.  I'll say up front that I believe that the mission of RISC is incredibly important, which is why I'm taking the time to write this now.

The thing that most surprised me about the working group meeting was that none of the time was used to enable trial exchanges of incident and compromise data among the working group participants.  I had expected that to be the working group's highest priority - especially in light of the preliminary exchanges between Google and Microsoft being so encouraging.  As such, I expected that work on producing standard representations of RISC data would be foremost on the agenda - something that didn't occur.

Instead, my observation was that essentially all the time was spent on defining mechanisms for establishing and administering feeds of data (and defining terminology for those feeds).  I would assert that this is not where the RISC WG can add the most value.  Indeed, I would suggest that the working group make a deliberate decision not to work on delivery mechanisms, but instead to encourage the IETF SecEvent working group to do that work.  Instead, choose to spend your time doing whatever it takes to make numerous data exchanges happen as soon as possible, so the working group can learn from them.  Heck, FTP or HTTPS are fine transports for these initial exchanges.  Actual feeds aren't needed yet.

It would be my hope that the working group can make a goal to have completed at least 20 bi-lateral RISC data exchanges involving at least 8 participants by the Internet Identity Workshop in October, 2017 - with at least half of these exchanges using draft-standard RISC data representations.  And hopefully talk about the lessons learned during IIW.  That would be something to get truly excited about!

I hope that RISC will choose to focus first on Risk and Incident Sharing and Coordination and leave defining transports to others, as that is not where RISC adds the most value.

                                                       -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20170220/b1decd86/attachment-0001.html>


More information about the Openid-specs-risc mailing list