OASIS members are asked to review and comment on a draft charter to establish the OASIS Open Reputation Management Systems (ORMS) Technical Committee. The group plans to develop a system that provides the ability to use common data formats for representing reputation data and standard definitions of reputation scores. The ORMS will not define algorithms for computing the scores; however, it will provide the means for understanding the relevancy of a score within a given transaction.

The IESG Secretary announced the availability of a proposed modified charter submitted for the Public-Key Infrastructure (X.509) PKIX working group in the Security Area of the IETF. The IESG has not made any determination as yet. As proposed: "The PKIX Working Group was established in the fall of 1995 with the goal of developing Internet standards to support X.509-based Public Key Infrastructures (PKIs).

Huge losses reported by Société Générale were apparently enabled by forgotten low-level IT chores such as password management.

On September 6, 2007, Dr. Peter Alterman, Chair of the Federal Public Key Infrastructure Policy Authority (FPKIPA), hosted a group of PKI experts from government and industry to determine:

1.      The strategic direction for the FPKI;

2.      Short-term actions in support of that FPKI strategic direction; and

The new Dutch transit card system, on which $2 billion has been spent, was recently shown by researchers to be insecure. Three attacks have been announced by separate research groups. Let’s look at what went wrong and why.

Read the rest of the story at Ed Felten's blog at http://www.freedom-to-tinker.com/?p=1250.