September 23, 2015
"In June 2015, the White House’s Office of Management and Budget (OMB) issued a Memorandum, which mandates the exclusive use ofHTTPS with HSTS across all Federal government web services. It states clearly that “all publicly accessible Federal websites and web services only provide service through a secure connection. The strongest privacy and integrity protection currently available for public web connections is Hypertext Transfer Protocol Secure (HTTPS).”
It stands to reason that as a US Department of Defense initiative, the Experience API (xAPI) should hold itself, at a minimum, to that standard.
With a thumb’s-up from ADL, my Yet Analytics’ colleague Jason Lewis and I volunteered to draft the skeleton of an open source xAPI security protocol which meets the demands of the OMB memo. I presented our initial ideas at the xAPI Bootcamp at ADL’s Alexandria Co-lab in July of 2015. The near-term goal is to produce a formal draft for public comment through the xAPI community by the end of the year. We will publish a schedule for revisions and a final draft and would then like charter community members to sign on to the protocol. The charter members will likely draft an xAPIsec certification to be published and managed through the forthcoming industry consortium that will steward xAPI."