Starting on the OASIS IDtrust member steering committee

I started a new “job” last week, serving on the OASIS Identity and Trusted Infrastructure (IDtrust) Member Section, member steering committee.  I was elected to a 2 year term on this 5 member board.  This was my candidate statement and remains as my profile. On my first call as a member of the committee I was part of approving 8K of money including sponsoring the upcoming Interent Identity Workshop.

I shared with my fellow board members

in my introductory call that I was keen to link this work with other work that is related and ongoing at other standards efforts like the W3C where I have been participating in the Federated Social Web work.  There is also independent efforts like OpenID and OAuth happening within IETF.  One of our next tasks at Personal Data Ecosystem Consortium is to outline the core standards relevant to personal data.  We are not going to invent anything new – rather help what is be found and adopted and adapted.

Why Does participation in an International Standards body matter?

If “code is law,” then standards are like the Senate.  Bruce Sterling, commenting on the April 2011 Augmented Reality Standards gathering

Code is Law comes from Lawrence Lessig’s work – here is a good article about the core ideas from Harvard Magazine and a link to V2 of his book.

Our choice is not between “regulation” and “no regulation.” The code regulates. It implements values, or not. It enables freedoms, or disables them. It protects privacy, or promotes monitoring. People choose how the code does these things. People write the code. Thus the choice is not whether people will decide how cyberspace regulates. People—coders—will. The only choice is whether we collectively will have a role in their choice—and thus in determining how these values regulate—or whether collectively we will allow the coders to select our values for us.

The standards are both incredibly freeing and in that freedom of interoperability across a wide range of systems means they are also limiting. They are a bit of a paradox.  The modern world was and is shaped by standards – standard screw widths that go with standard nutwings that go with standard lumbar, that use standard electric voltage and sockets that were transported on standard gauge rails and with standard containers for ships and on and on.

The internet is driven by standards because as the name implies it is inter -network of networks.  The way information flows between them successfully in an inter operable way is because standards exist to do so.  The book that I read early on that helped me understand what was going on and why this was/is important is protocol: how control exists after decentralization.  It is so important I quoted it in an Appendix of my response to the National Strategy for Trusted Identities in Cyberspace governance Notice of Inquiry Response.

At this point in our history we are defining what the standards and norms are for peoples identities online

  • How they represent themselves;
  • How others represent them;
  • How we have control over who can see what key information about us and what power we have over that?;
  • What are the features enabled by digital systems;
  • What the default in the system are;
  • What the edges of the protocol space are;

These are all fundamental to shaping the future of our society.

I ran as an end-user advocate and I intend to remain as I am independent. The organizaiton that I am affiliated with that is an OASIS member is Planetwork. They joined in 2002. To participate in the creation of identity standards on the web and bring a civil society perspective to the effort that is largely driven by major technology companies.

I could work to translate this position into a “real” job in industry at a big company who sees the position as having value in the market.  I know quite a few people who translated their contribution to community driven standards into, board positions elected by the community and then into work in really big companies.  Hiring someone with positional authority in a major standards effort brings the company power and the people get to make real change/build real products because they are part of a large organization.  So it is a mutually beneficial and it isn’t the path I will take.  Planetwork is still working on figuring out how to resource me in this position that I think is about 1/8 the time. We may do a fundraiser.  I am totally committed to being independent.


Context: Ok so what’s OASIS? It’s the Organization for the Advancement of Structured Information Standards. Its one of the three major internet standards organizations (see below for more context). OASIS efforts tends to focus on business process standards and some things that you might have heard of and use every day include Extensible Markup Language (XML) and the Security Assertion Markup Language.

The OASIS Identity and Trusted Infrastructure (IDtrust) Member Section promotes greater understanding and adoption of standards-based identity and trusted infrastructure technologies, policies, and practices. The group provides a neutral setting where government agencies, companies, research institutes, and individuals work together to advance the use of trusted infrastructures, including the Public Key Infrastructure (PKI).

The IETF and W3C are the other internet  and the internet standards as a whole are in contrast to the main institution behind the phone world the International Telecommunications Union (ITU-T) and the GSMA that drives the GSM standards. As far as international technical standards there is also ISO.


Leave a Reply

Your email address will not be published. Required fields are marked *