Hi, On Thu, Feb 15, 2018 at 12:44:32PM -0500, Stephanie Perrin wrote:
Barcelona meeting to discuss accreditation requirements for cybersecurity an IP actors who want to retain access to personal data in a tiered access solution.
What do you mean by "accreditation"? It seems to me there are two models. One is that ICANN is a gate-keeper, and makes decisions about everyone who wants access to these things. Another is that ICANN relies on various sector- or industry-related bodies to do that work, and ICANN just acts as a clearing house. So, for instance, ICANN could decide that INTERPOL gets to decide what a police officer is, and ICANN simply accepts that definition. It strikes me that quite possibly both mechanisms could be needed, with the first providing a fallback when someone has a legitimate need but doesn't have a relevant approved community group to rely on. A nice thing about option (2) is that ICANN then doesn't need to be in the business of making a lot of decisions. If there's already some international or treaty body that governments accept, then ICANN can just incorporate that acceptance all on its own. (This is similar to how ICANN doesn't need to decide who a country is.) Even better, the mechanism for such accreditation is for the "accrediting organization" to run an OAuth server. That way, the org in question could change its membership all it wanted without informing or even having anything to do with ICANN. An OAuth profile would identify that kind of account, and the user would get the appropriate access. This is just how it works when you "use Google" to long into a non-Google site. It's an already-invented technology that is ready to go for RDAP today. You can see it working IIRC in Scott Hollenbeck's testbed/demo system. We have the technology today, ready to go and waiting, to make this easy. Let's please not design a new accreditation system that gets ICANN into the business of evaluating every professional claim on the Internet. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com