Blog

Version 1.0

I'm pleased to share with the workgroup a draft of version 1.0 of the Blinding Identity Taxonomy Report. This will be coming up for review and voting following the Kantara process shortly, but the draft is now in a place where members of the workgroup can review and comment. The draft attached to his post has line numbers to facilitate comments. Please make your comments about this draft in the comments section of this blog post including a reference to the line number. I'm looking for typos, as well as requests for additions or deletions - remembering that version 1.0 is intended to be published as soon as reasonably possible to get the actual taxonomy into the hands of practitioners.

Placeholder

ISI Quarterly Update LC

We are pleased to inform the Board of the successful creation of the Information Sharing Interoperability Work Group (ISI WG), continuing and expanding on the work previously accomplished in the Consent Information & Sharing Work Group.
The Group successfully archived the Consent Information & Sharing Work Group (CIS WG). ISI WG is expanding new concepts and information flows towards record-keeping control and management for both the service provider side and the individual side of information sharing between two or more entities.
ISI WG has organized into several project teams, working on specific solutions to accomplish expanded goals. The WG has taken the current Consent Receipt (CR) specification version 1.1 and will be developing and clarifying fields and field definitions aligning them with other standards, which have emerged since the CIS WG inception.
The project teams are working around specifications for Notice and Consent, the manifestation of consent using standard definitions and labels. Information sharing through two mechanisms, profiles individuals create and use to proffer the information to others called Standard Information Sharing Agreements. Intent Casting, whereby individuals can infer an intent for suppliers to quote a value exchange, often referred to as a deal or trade. These two projects and the output specifications created contribute to the concept of a Personal Data Use Records (PDR) framework.
The PDR Framework publication will be contributed through Kantara's official liaison agreement with ISO SC 17/WG 5 "Identity management, privacy technologies and biometrics" into the new ISO 27560 standards project "Consent Record Information Structure" which will be led by Kantara members.
ISI WG continues our outreach and awareness efforts at industry events and conferences. Following on our success at Identiverse 2019, we have secured a masterclass session at Identiverse 2020 in June where we will showcase progress in the specification publications and implementations by members.

A Primer

By definition, integration means to add, to mix, combine and to unite. On the other hand, the definition of interface means border, boundary line, a point where two systems, subjects or organizations meet and interact.  Throw in the term, "interoperability," which describes the extent to which systems and devices can exchange data and interpret it, and you've got some serious thinking to do and the most sophisticated approach, resulting in a richer experience for any interface to present as output.

In layman’s terms: interoperable systems speak the same language.

Where in, integration it is more like having a conversation through an interpreter. (Like going to Canada not knowing how to speak French, and needing two Greeks to help you communicate: one who speaks English and one who speaks French.) With interoperability, everybody speaks English (or Greek or French, or whatever the agreed-upon language is…). The point is systems actually talk to each other with no added complexity or delay. In large scalable systems, this becomes an important factor.

Every industry has a unique vocabulary, and Technology is no exception.  The problem: some of those sticky, often-used words take on a life of their own, are easily misunderstood, and can even end up misused to the point of meaninglessness. These so-called “buzzwords” (and their actual meanings) may seem inconsequential on the surface, but if we are going to effectively communicate and address challenges in an industry as complex as the personal data economy, it’s important that we all clearly understand the terms we’re fighting for—and against. To help define one of the biggest buzzwords in Tech today: interoperability.  It is found, people often use without knowing what it really means.

Interoperability isn’t integration.

People use the words integration and interoperability interchangeably, but there’s actually a pretty big difference between the two. Integration refers to connecting applications so data from one system can be accessed by the other one.  Where integration involves a third party—in software terms, middleware—translating data and makes it “work” for the receiving system. It’s not a direct path for information to get from point A to point B in this scenario.

Interoperability is a real-time data exchange between systems without middleware.  When systems are interoperable, they have the ability to not only share information but to interpret incoming data and present it as it was received, preserving its original context.

It is about more than semantics.

Currently, most data exchange in our industry is the result of integration, but achieving interoperability is vital to technical operations in the future. Why? The immediate access to information interoperability makes it possible allows for both a complete view and the ability to be agile when it comes to complying with requests and reporting requirements. And these data-driven activities are key to success in the value-based personal data world.

An example of this level of information access is particularly important for say a loan processing center, where they are entities outside of large financial services (typically having their own, closed data systems).  In an interoperable world, all stakeholders in the continuum of processing are able to easily access and use the data within other systems, making up-to-date—even up-to-the-minute—information retrieval possible. A good example is ATM clearing systems.

The change to true interoperability won’t be an evolution—it’ll be a revolution requiring a large amount of future-focused thinking-lots of compromising and agreements on basic approaches and commonalities. The Kantara Initiative is the most likely place to leading the way with specifications, guidelines, and a sense of universality... but the onus is on providers as well—to partner with vendors that support universal standards. In this way, the future of interoperability is in our hands—and yours. And that’s a sentiment that needs no translation.

Interoperability–An Exchange

In an optimal implementation, and in a software sense, "Interoperability is a characteristic of a product or system whose interfaces are completely understood to work with other products or systems, at present or future, in either implementation or access, without any restrictions" according to Wikipedia

The definition becomes even more robotic from there: "Semantic interoperability is the ability to automatically interpret the information exchanged meaningfully and accurately in order to produce useful results as defined by the end-users of both systems." In my opinion, interoperability means if you are expecting information to come from two or more sources, and you get it, and it makes sense, then you have a win on your hands.

Here's the catch: 

Upon further definition, "Interoperability would allow different systems to work together in their existing state; however, future upgrades, developments, or improvements to any of these products can cause interoperability to cease." Due to factors of constantly updating and upgrading software with fixes and new features ensuring backward compatibility within the lifecycle needs to be embedded in the development cycle.

In short:

    • Interoperability implies exchanges between a range of products. (see interface)
    • Interoperable systems work together now, but the future is uncertain unless data is in a common format
    • Guiding principles or mappings rather than a technical specification
    • Upgrades or product advances can terminate interoperability

Integration–Full Functionality

With integration, software product works as one solution. Instead of passing information between different systems. 'One' system contains the same code and database. Integrated systems work tightly together like the pieces of the whole are 'one.'  System updates are easier, as are real-time reporting requirements.  Integrated solutions share the same databases, so there is no process of mapping codes between systems which can substantially reduce errors and downtime.  Any changes are automatically applied to your whole system.  Integration provides a unified user experience that combines data, reporting, and workflow across a single business platform. Integration is indisputably the truest, most unified way a software system can be utilized.

Of Note: 

An integrated system not only allows a series of products to talk to each other in their current state but also provides backward and forwards compatibility with future versions of each product within the structure.

  • One uninterrupted system
  • Real-timeAll data is immediately gathered, stored, mediated and reportable
  • Data is not decentralized, no synchronization needed
  • Data transfers are reliable and workflow performance is accelerated
  • No mapping updates required, less maintenance
  • Business Intelligence Reporting is up-to-the-minute

Interface–The Bridge

An interface is like a bridge that lets two programs share information with each other. The information can come from different sources that may use different programming languages. Business systems can send and receive data, but otherwise, they act independently of each other.

An interface doesn't allow you to sync data between systems in real-time. If and when you need to sync your data from separate systems, make sure that your system network is powerful enough to handle running data sync often enough to be close to real-time.

Another consideration is the maintenance of mapping codes between systems. Mapping codes act as the directory for information from one system into another. If any changes are made in either system, your mappings table may have to be updated or the software might pull information from the wrong place giving you incorrect data.

In short:

    • Separate software products communicate under limited capacity
    • Data is maintained in multiple locations requiring more administration
    • Additional steps to exchange data
    • Constantly maintain, monitor and update mappings
    • Real-time synchronization is not available

Bonus Section

Nomadicity/Portability/Mobility

Differences between nomadicity, portability, and mobility

  1. Nomadicity is the tendency of a person, or group of people, to move with relative frequency. 
  2. Nomadicity means none restrictive connectivity or unlimited geographic connectivity.
  3. Portability means the ability to jump across networks.
  4. Portability means the ability to transferred from one machine or system to another.
  5. Mobility means when you have seamless and wireless connectivity.
  6. Mobility means the ability to move freely and easily.

Nomadicity as a relatively new term is more about connectivity coverage with the need to support today's increasingly mobile workers with nomadic computing, the use of portable computing devices, and, ideally, constant access to the Internet and data on other computers. While 5G promises to address the vast requirements of geolocation coverage, it lacks many other aspects around security and privacy yet to be addressed. It will, therefore, be many years before it is ready for primetime use.

Portability, (at least as the term is used in the computer software domain), concerns the ease with which some software artifact can be made to function correctly in some computing platform environment other than that for which it was designed. For example, can the software artifact run under a different operating system or execution framework, or on a computer with a different instruction set? How much modification/configuring is required for a given target execution environment? Although portability may have some relationship to a software component's ability to interact with other components. 

Mobility, on the other hand, focuses on the ability for the data to run regardless of the system, framework, computer platform or instruction set. In order to accomplish Mobility with true Interoperability, a common ontology must be present. Software instruction sets can and should behave differently from others, however, both the unstructured data with metadata and fully structured data with defined mappings must behave the same in order to maintain integrity, speed of delivery and use to disparate applications regardless of network, platform, or systems.


Here are the two links for the webinar with controlcase and kuma


Recording: https://www.controlcase.com/iso-27001-in-the-age-of-privacy/

Slides: https://www.slideshare.net/ControlCase/iso-27001-in-the-age-of-privacy


Did try to create a share external link but don't have admin rights to the Whitelist With the following error message: You cannot share a link to this site. Ask your admin to add it to the whitelist.