A reason why we'll need a governance framework
Jon Udell - who now works for Microsoft has a thoughtful post on RealID.
RealID is a US government initiative to standardize the information on driver's licenses and how to access it electronically. Of course this has all sorts of implications. I'm going to avoid discussing whether this is good or bad at the moment.
But given that as Jon points out - this information is already gathered in multiple contexts outside of driving - then maybe there is some benefit to making a standard out of how this information is accessed and used.
This is because standardization would not only help make it easier to leverage the information but also to protect it through appropriate policies. These policies will need to be worked out through normal legal processes but then they will need to be implemented via software.
This is where something like the Identity Governance Framework could help. For example, if it became possible that practically any system from the Social Security Office to Amazon to whatever else out there could be able to use a RealID via a standard set of software packages - then as part of that package could come an AAPML file.
An AAPML file is a specification defined in IGF that governs how the data an attribute source (such as a RealID service provider would become to an internal organization) can be used.
Thus it would make it possible to standardize a secure way to use RealID information above and beyond just what is written down in a federal law.
