Difference between revisions of "Nstic-mit-privacy-breakout"

From IVP Wiki
(New page: <B>QUICKLINKS:<br> [http://www.papertopersona.org WHITE PAPER] / [http://www.infotrust.org INFOTRUST] / [http://www.infovalet.org INFOVALET] / [http://www.rjionline.org RJI ONLINE]<br></b>...)
 
Line 9: Line 9:
 
=BREAKOUT SESSION: 1:30 p.m.=  
 
=BREAKOUT SESSION: 1:30 p.m.=  
  
 +
Lead by Kellie Cosgrove Riley  (Federal Trade Commission division of privacy and identification).
  
 
<B>QUICKLINKS:<br>
 
<B>QUICKLINKS:<br>
 
[http://www.papertopersona.org WHITE PAPER] / [http://www.infotrust.org INFOTRUST] / [http://www.infovalet.org INFOVALET] / [http://www.rjionline.org RJI ONLINE]<br></b>
 
[http://www.papertopersona.org WHITE PAPER] / [http://www.infotrust.org INFOTRUST] / [http://www.infovalet.org INFOVALET] / [http://www.rjionline.org RJI ONLINE]<br></b>
 +
<hr>
 +
 +
==CONVENING QUESTION:==
 +
 +
How do you implement [http://www.ftc.gov/reports/privacy3/fairinfo.shtm Fair Information Practice Principles]  in a national identity infrastructure?
 +
 +
* http://en.wikipedia.org/wiki/FTC_Fair_Information_Practice
 +
* http://www.ftc.gov/reports/privacy3/fairinfo.shtm
 +
 +
(In keeping with an open discussion, and because it’s difficult to do so, these comments are not attributed to specific individuals and are merely indicative of key points of the conversation in the room).
 +
 +
*A "religious" debate about aspects of SAML starts off.
 +
 +
*Now a discussion about how attributes may be used -- who controls? Are there default uses?
 +
 +
What do we want the identity provider to tell the relying party?
 +
 +
Should we say the relying party can only get what they need to let this person in.
 +
 +
Different schools of thought of how to turn high-level principles into solutions.
 +
 +
 +
Cut
 +
 +
We cannot discuss the policy until we have figured out what the scope is.
 +
 +
Everyone talks about entitity but they mean different things.
 +
 +
It seems like the group hasn’t yet developed uses cases for tools for solving real problems.
 +
 +
See if we can establish a way for access with different levels of credentials, can be supported in a trustworthy way. For NSTIC concept is not to create one identifier but to create access to government and others – health, higher education – that offer online services in a way that would be standardized, allowing the concept of accreditation for identity providers. This discussion is about privacy requirements.
 +
 +
Microsoft rep says they have developed internal implementation of FIPPS concepts. They focus a lot on notice. Many products have been through compliance against the Microsoft standards. How do you meet privacy concepts and still have good usability.
 +
 +
If you want to talk about privacy, you have to talk about all the effects. Otherwise we are just talking about security and identity. That’s when consent comes into play. If you aren’t involved it talking with users about consent, you are nowhere.
 +
 +
What do we think about consent, about an individual who has a credential?
 +
 +
Want to be able to store the permissions for different relying parties with the service provider and have those be updatable.
 +
 +
NSTIC is about initiating a relationship or reconfirming a relationship. The ongoing relationship is between the relying party and the consumer.
 +
 +
Two scope issues have come up repetitively. One is consent. Other scope question is does that stuff apply to one kind of person or role or another?
 +
 +
Consent is transaction based and the transaction is either between the requestor and relying party, the requestor and the identity provider, or between the identity provider and the relying party. 
 +
 +
There needs to e user responsibility in the whole equation.  It’s a contract, you have agree with how our attributes are going to be used.  We’re not doing this for you we are doing this with you and you have a role to play in this.
 +
 +
The issue of consent is raised.
 +
 +
The notion of minimum necessary – My credit card company basically says we’re concerned about your personal information and we are going to do whatever we want with it. You may not have much choice if you need that service, to agree to their terms.  That aspect of minimm necessary and having some enforcement of that. Because without that the idea of user participation is not possible.
 +
 +
Minimum necessary has to do with what is collected.
 +
 +
In addition to talking about uses cases, should also talk about the threat issues. When information gets exposed, along with it you better make sure the policies for managing those go along with them. We need a model for how to provide metadata about use restrictions that flow with information.
 +
 +
If we are going to do anything else besides terms and conditions, is there a mechanism to enhance it, not necessarily replace it.
 +
 +
Commentator says he has a background is financial services and payment services and is naïve about most of what’s being discussed. Financial services has been a pr at obscuring things. If this session is about turning principals into operational and application I think you are really onto something with the consent. The cyberworld needs a new methodology and not the king’s English done 15 different ways from 15 different providers.  He suggests some color codes or something about data usage. “That would to me be a huge step forward and would actually have some usability.”

Revision as of 18:03, 27 June 2011

QUICKLINKS:
WHITE PAPER / INFOTRUST / INFOVALET / RJI ONLINE


FILE NOTES

National Strategy for Trusted Identities in Cyberspace

Privacy Workshop

June 27-28, 2011 / MIT Media Lab / Boston, Mass.

By Bill Densmore

Hash tags: #nstic.mit #nstic

BREAKOUT SESSION: 1:30 p.m.

Lead by Kellie Cosgrove Riley (Federal Trade Commission division of privacy and identification).

QUICKLINKS:
WHITE PAPER / INFOTRUST / INFOVALET / RJI ONLINE


CONVENING QUESTION:

How do you implement Fair Information Practice Principles in a national identity infrastructure?

(In keeping with an open discussion, and because it’s difficult to do so, these comments are not attributed to specific individuals and are merely indicative of key points of the conversation in the room).

  • A "religious" debate about aspects of SAML starts off.
  • Now a discussion about how attributes may be used -- who controls? Are there default uses?

What do we want the identity provider to tell the relying party?

Should we say the relying party can only get what they need to let this person in.

Different schools of thought of how to turn high-level principles into solutions.


Cut

We cannot discuss the policy until we have figured out what the scope is.

Everyone talks about entitity but they mean different things.

It seems like the group hasn’t yet developed uses cases for tools for solving real problems.

See if we can establish a way for access with different levels of credentials, can be supported in a trustworthy way. For NSTIC concept is not to create one identifier but to create access to government and others – health, higher education – that offer online services in a way that would be standardized, allowing the concept of accreditation for identity providers. This discussion is about privacy requirements.

Microsoft rep says they have developed internal implementation of FIPPS concepts. They focus a lot on notice. Many products have been through compliance against the Microsoft standards. How do you meet privacy concepts and still have good usability.

If you want to talk about privacy, you have to talk about all the effects. Otherwise we are just talking about security and identity. That’s when consent comes into play. If you aren’t involved it talking with users about consent, you are nowhere.

What do we think about consent, about an individual who has a credential?

Want to be able to store the permissions for different relying parties with the service provider and have those be updatable.

NSTIC is about initiating a relationship or reconfirming a relationship. The ongoing relationship is between the relying party and the consumer.

Two scope issues have come up repetitively. One is consent. Other scope question is does that stuff apply to one kind of person or role or another?

Consent is transaction based and the transaction is either between the requestor and relying party, the requestor and the identity provider, or between the identity provider and the relying party.

There needs to e user responsibility in the whole equation. It’s a contract, you have agree with how our attributes are going to be used. We’re not doing this for you we are doing this with you and you have a role to play in this.

The issue of consent is raised.

The notion of minimum necessary – My credit card company basically says we’re concerned about your personal information and we are going to do whatever we want with it. You may not have much choice if you need that service, to agree to their terms. That aspect of minimm necessary and having some enforcement of that. Because without that the idea of user participation is not possible.

Minimum necessary has to do with what is collected.

In addition to talking about uses cases, should also talk about the threat issues. When information gets exposed, along with it you better make sure the policies for managing those go along with them. We need a model for how to provide metadata about use restrictions that flow with information.

If we are going to do anything else besides terms and conditions, is there a mechanism to enhance it, not necessarily replace it.

Commentator says he has a background is financial services and payment services and is naïve about most of what’s being discussed. Financial services has been a pr at obscuring things. If this session is about turning principals into operational and application I think you are really onto something with the consent. The cyberworld needs a new methodology and not the king’s English done 15 different ways from 15 different providers. He suggests some color codes or something about data usage. “That would to me be a huge step forward and would actually have some usability.”