Let others besides industry define AAC criteria

Raised by:
Mary Ellen Zurko
Opened on:
"designed to establish accountability in accordance with an industry standard set of criteria"

Is "industry standard" too constraining? What about government standards, and standard standards? Do we really mean to leave them out? I wouldn't, so if we do, I'd like to know why?

I'm throwing this comment in here to, just to be sure I get an answer:

"It is further assumed that Issuer and Subject information included in Augmented Assurance Certificates is valid, and intended to be displayed to users."

What does valid mean in this context? Does it refer to checking the chain (and URL), or something else?

"intended to be displayed to users" is interesting, given our charter. Does this really mean the low bar it implies; strings that are intended for human consumption (but no particular understanding)?
Related Actions Items:
Related emails:
  1. Meeting record: 2008-05-13 (from on 2008-06-06)
  2. WSC WG f2f May 2008 Agenda (v 1.1) (from on 2008-05-09)
  3. ISSUE-134 Let others besides industry define AAC criteria (from on 2008-04-25)
  4. ISSUE-134: Let others besides industry define AAC criteria [wsc-xit] (from on 2007-12-14)

Related notes:

Added to xit as open issue under Section 5.3.1 Augmented Assurance Certificates

Anil Saldhana, 21 Jan 2008, 21:43:03

Display change log ATOM feed

Mary Ellen Zurko <>, Chair, Thomas Roessler <>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: 134.html,v 1.1 2010/10/11 09:35:06 dom Exp $