[DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!

j stollman stollman.j at gmail.com
Tue Jul 16 05:23:01 CDT 2013


I am intending to submit a proposal.  The panel I am proposing will not all
be members of the Kantara IoT discussion group.

Jeff


On Tue, Jul 16, 2013 at 1:31 AM, Colin Wallis <colin_wallis at hotmail.com>wrote:

> So taking a step back and moving on..... :-)...
>
> I got a reminder note today about the deadline being 25th July.
>
> So do we have one or two submissions on the go? from Terry, Sal, Jeff Ingo?
>
> Cheers
> Colin
>
>  ------------------------------
> CC: colin_wallis at hotmail.com; joni at ieee-isto.org;
> dg-idot at kantarainitiative.org
> From: tgold at idanalyst.com
>
> Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit
> Today!
> Date: Wed, 3 Jul 2013 23:17:02 -0700
> To: andrew.nash at gmail.com
>
>
> Andrew, didn't mean to offend. Was intended to point out that CFP outcomes
> can occur aside from being rigid and to try anyway with best effort.
>
>  I pointed to politics as one other factor due to my own experiences (with
> RSA). We can take offline if you are interested.
>
> Apologies.
>
>
>
> On Jul 3, 2013, at 10:19 PM, Andrew Nash <andrew.nash at gmail.com> wrote:
>
>  Terry,
>
> having been engaged as part of the RSA Conference track committee over ten
> years I would suggest that your allusions to political decisions are highly
> uninformed - if you have tried to reduce 1400 submissions to 20abstracts
> for a single track you may gain some appreciation of the challenges.
>
> Colins points are actually highly cogent and relevant, although there may
> be more leeway if you decided to submit to the privacy track
>
> While the privacy aspect is important and relevant the same issues already
> exist in many different contexts my group at Google was already managing a
> billion identities with many times that number of transactions taking place
> monthly across 60 product areas
>
> The management at scale of the collection of thing identities, the
> layering of what an identity means from very low level devices and how they
> may be connected to identified organizing identity such as a person (or
> house)  the authorization and relationship management is a pretty
> interesting collection of security issues to deal with and could be
> proposed as a reasonable abstract.
>
> --Andrew
>
>  --Andrew
>
>
> On Wed, Jul 3, 2013 at 9:52 PM, Terry Gold <tgold at idanalyst.com> wrote:
>
>  Hi Colin-
>
> No buzzkill or offense taken. You raise really good and valid points.
>
> I am not so convinced that RSA CFP committee however is as ruthless as
> they are political - am still reserving conclusions in that one.
>
> As for the InfoSec community already being aware of the points 1-4, I
> would like to think I know the community well, and agree there is
> awareness, but it is context that is lacking. How 1-4 are inter related,
> progressions over time, and sequential progressions that got us here, and
> what pieces need to be clawed back for it to start to have a trajectory of
> balance.
>
> There are some technical people in the RSA community, but many are not and
> not all are identity experts (or privacy beyond the corp enterprise) so I
> think there is value in discussing as long as it or not too high level and
> breaks things down quite more. It's easy to get lost in generalizations in
> panels where it's watered down and something g we wi work to avoid.
>
> Lastly, my personal opinion is that Europe in general has a far better
> position on privacy than we do here in the US but if we go in guns blazing
> on a "how to do it like Europe" it will be counterproductive. Rather
> compare positions to expand the border beyond the US, as our data does as
> well.
>
> My thoughts, although willing to accept I could be partly right or all
> wrong too -)
>
> /t
>
> Please excuse spelling errors - sent from my mobile device
>
> On Jul 3, 2013, at 9:25 PM, Colin Wallis <colin_wallis at hotmail.com> wrote:
>
>   At the risk of being a kill joy, I think that Terry's list below, while
> worthy, won't get accepted by RSA's pretty ruthless submission acceptance
> process.
>
> I expect they will say that all 4 are pretty well known..
>
> 1 and 2 have been the subject of VRM, PDEC and now Custome rCommons for
> some time
>
> 3 is less well known to the public, but to the RSA audience, I would have
> thought 'well known'.. if the panel had real answers to how to restrict or
> manage that, such as the European based PICOS and ABC4Trust groups have
> (google those with Kai Rannenburg) then we might have a chance with RSA.
>
> 4) is topical, but may not be in 6 months, and RSA may be sensitive around
> the topic for its own 'relationship managment' reasons .. :-). that
> said..yea, there is a wider Governance story to tell there..and a story
> about which is better? broad surveillance with very good governance? or
> peicemeal organically built up surveillance based on a concern from one
> party of another, that communicated to parties x, y, and z to enact the
> surveillance witha ll the risks of co-ordination, governance etc etc that
> that implies?...
>
> But it's well off Kantara's patch... are you sure we are not better to
> start back with the IdoT problem space and build out to a place where we
> have both the expertise and it is relatively new territory?
>
> No July 4th for me, you can tell, eh? :-)
>
> Cheers
> Colin
>
>
>  ------------------------------
> From: sal at idmachines.com
> To: tgold at idanalyst.com; stollman.j at gmail.com; Ingo.Friese at telekom.de
> Date: Tue, 2 Jul 2013 09:52:01 -0400
> CC: joni at ieee-isto.org; dg-idot at kantarainitiative.org
> Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit
> Today!
>
>  Terry, Jeff, Ingo,
>
> Very good set of points Terry.  Leakage in particular.  UMA might help in
> that regard.
>
> Identities of things is an interesting topic not the least in the sense
> that you have device, owners and users all of which bring their identities
> into things.
>
> I would be interested in the panel as well.  I have some experience around
> SCADA and transport to help bring those perspectives.
>
> Look forward to the DG.
>
> Sal
>
>
>
>  *From:* dg-idot-bounces at kantarainitiative.org [
> mailto:dg-idot-bounces at kantarainitiative.org<dg-idot-bounces at kantarainitiative.org>]
> *On Behalf Of *Terry Gold
> *Sent:* Tuesday, July 02, 2013 9:13 AM
> *To:* 'j stollman'; Ingo.Friese at telekom.de
> *Cc:* 'Joni Brennan'; dg-idot at kantarainitiative.org
> *Subject:* Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit
> Today!
>
> Hi Jeff-
>
> I think you are spot-on. We can continue to define technical frameworks
> (and we will ;-) but the big storm brewing is:
>
> a)      The convenience and pervasiveness of connected services
> b)      Collection and monetization of data (can debate and categorize
> what is PII or not and how it is still usable, etc)
> c)       Identity ownership and control s: evolution, impact,
> possibilities
> d)      Challenges and impact on business models, and individuals as this
> battle looms.
>
> From my perspective, there are four levels to this dilemma that should be
> reviewed/clarified for the audience:
>
> 1.       Legacy models like the credit bureaus. They have long collecting
> everything, are bureaucratic, and monetize data in many ways. Facebook’s
> monetization model isn’t new just the way they collect it.
> 2.       Opt-in relationships: Such as Facebook. We may be opted-in when
> we sign up (don’t agree with that by the way) but we do consciously sign up
> for the relationship and is intended to share on some level (unlike my
> mortgage account or my vehicle records or services).
> 3.       Leakage: The usage of a service that does not disclose that it
> is collecting data, or irresponsibly leaks your data to another service
> (lots of mobile apps are quite “chatty” in this way). Basically, any that
> are “free” apps, are doing this so (and not disclosing) it’s a BIG problem.
> 4.       Government Surveillance: PRISM, etc. For me, the debate on this
> is two-fold, not only the legality but the controlled usage of any
> collected data. Obvious, but just to point out.
>
> I am interested in collaborating and/or participating in the panel as
> well, up to you.
>
> Regards,
> Terry
>
> -------------------------------
> Terry Gold
> *iDanalyst LLC, **Founder***
> *Identity, Security & Privacy*
> t: 213-341-0433
> m: 949-310-5911
>
> tgold at IDanalyst.com
> www.IDanalyst.com <http://www.idanalyst.com/>
> Twitter: @IDanalyst
>
>
>
> *From:* dg-idot-bounces at kantarainitiative.org [
> mailto:dg-idot-bounces at kantarainitiative.org<dg-idot-bounces at kantarainitiative.org>]
>
>
>
> _______________________________________________
> DG-IDoT mailing list
> DG-IDoT at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/dg-idot
>
>
>
> _______________________________________________
> DG-IDoT mailing list
> DG-IDoT at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/dg-idot
>
>


-- 
Jeff Stollman
stollman.j at gmail.com
1 202.683.8699

Truth never triumphs — its opponents just die out.
Science advances one funeral at a time.
                                    Max Planck
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/dg-idot/attachments/20130716/3d87ced2/attachment-0001.html>


More information about the DG-IDoT mailing list