[Wg-p3] Wg-p3 Digest, Vol 2, Issue 16

Patrick Curry patrick.curry at clarionidentity.com
Mon Aug 17 02:33:14 PDT 2009


David and Susan

I suggest we need to look at each perspective on its merits.  Lots of people
may disagree with what I am about to say but here goes...

Re: Level 3.  Level 3 dominates, due to its focus on legally robust
non-repudiation, for most international secure collaboration in regulated
industry supply chains and, increasingly, banking.  It is also starting to
be recognised for gov-gov interactions.  Cross-certification is being
discussed by the governments of CA, UK, AUS, NZ, FR, NL and Germany at a
minimum, with potential for much more. I emphasise that this is for
regulated industries and governments, and their employees.  This isn't about
citizen interactions (yet).  With the publication of PIV-I in May 09 and now
the up-gunning of the Defense Industrial Base Cyber Security activities in
several USG departments, so Level 3 and its implementations are becoming
increasingly important for those that want to interoperate.  My personal
view is that this should form a major plank in the P3WG activities because
(a) it is relevant to so much public policy, and (2) it raises privacy
issues that are very different from the citizen space due to national
security caveats (the authorities can ask more) and because of the vetting
requirements, which dig deeper.  Personally, I am looking for help in this
area and am tasked to get US and UK government people involved.  I have
asked Judy Spencer to help here for US.

Re: Level 2.  Anything of value in the citizen space, where visible
authentication occurs and a financial liability model is appropriate, seems
to sit at Level 2.  For USG, I have asked Dave Temoshok to help here.  

Re: Level 1.  M-0404 is not clear to me at this level.  I see this as being
relevant for pseudo-anonymity, i.e. there is an authentication mechanism but
the relying party doesn't know anything about that person except that they
have been authenticated at some point - very relevant to various kinds of
citizen internet activity.  I see this as very different to anonymity, which
is Level 0. 

So, those of us concerned with organisational compliance and protecting
organisational information will be focused on Level 3.  Those of us focused
on privacy will probably focus more on Levels 1 and 2 (and Level 0??).  It
would be helpful to know who is interested (and expert) on what area, rather
than all trying to do everything.  

Lastly, some of the other Kantara groups are active in the above,
particularly Level 03.  So we need to coordinate with them.

Comments?

Mr Chairman, over to you....


yours sincerely

Patrick

Patrick Curry
Director
Clarion Identity Ltd
M:   +44 786 024 9074
T:   +44 1980 620606
patrick.curry at clarionidentity.com 
Disclaimer
Internet communications are not secure and therefore Clarion
Identity Limited, Rock House, SP3 4JY does not accept legal responsibility
for the contents of this message. Any views or opinions presented are solely
those of the author and do not necessarily represent those of Clarion
Identity Limited unless otherwise specifically stated. If this message is
received by anyone other than the addressee, please notify the sender and
then delete the message and any attachments from your computer.



-----Original Message-----
From: wg-p3-bounces at kantarainitiative.org
[mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of
wg-p3-request at kantarainitiative.org
Sent: 14 August 2009 22:34
To: wg-p3 at kantarainitiative.org
Subject: Wg-p3 Digest, Vol 2, Issue 16

Send Wg-p3 mailing list submissions to
	wg-p3 at kantarainitiative.org

To subscribe or unsubscribe via the World Wide Web, visit
	
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org

or, via email, send a message with subject or body 'help' to
	wg-p3-request at kantarainitiative.org

You can reach the person managing the list at
	wg-p3-owner at kantarainitiative.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wg-p3 digest..."


Today's Topics:

   1. Re: M04-04 levels (Weitzel, David S)


----------------------------------------------------------------------

Message: 1
Date: Fri, 14 Aug 2009 17:33:48 -0400
From: "Weitzel, David S" <dweitzel at mitre.org>
Subject: Re: [Wg-p3] M04-04 levels
To: "wg-p3 at kantarainitiative.org" <wg-p3 at kantarainitiative.org>
Message-ID:
	<F5830D8920D7BA4DB8BCFE1DC57164AC0347270C8C at IMCMBX2.MITRE.ORG>
Content-Type: text/plain; charset="us-ascii"

Susan:

I meant to say that level 3 is the 'broken part' and is what needs the
attention of the community.  Paying too much attention to levels 1 & 2 is
not necessarily a 'step backwards' but rather lower value application of the
collective energy of the group.

__
David Weitzel, MS, JD, CIPP/G
MITRE CIIS
O-703.983.2639
C-703.969.9740
dweitzel at mitre.org

-----Original Message-----
From: wg-p3-bounces at kantarainitiative.org
[mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of
wg-p3-request at kantarainitiative.org
Sent: Tuesday, August 11, 2009 11:25 AM
To: wg-p3 at kantarainitiative.org
Subject: Wg-p3 Digest, Vol 2, Issue 13

Send Wg-p3 mailing list submissions to
        wg-p3 at kantarainitiative.org

To subscribe or unsubscribe via the World Wide Web, visit
 
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org

or, via email, send a message with subject or body 'help' to
        wg-p3-request at kantarainitiative.org

You can reach the person managing the list at
        wg-p3-owner at kantarainitiative.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wg-p3 digest..."


Today's Topics:

   1. Re: Preparation for USG Privacy Workshop (Aug 10th) (Susan Landau)
   2. Re: Preparation for USG Privacy Workshop (Aug 10th)
      (J. Trent Adams)
   3. Re: Preparation for USG Privacy Workshop (Aug 10th) (j stollman)


----------------------------------------------------------------------

Message: 1
Date: Tue, 11 Aug 2009 08:19:35 -0400
From: Susan Landau <Susan.Landau at sun.com>
Subject: Re: [Wg-p3] Preparation for USG Privacy Workshop (Aug 10th)
To: Kantara P3WG <wg-p3 at kantarainitiative.org>
Message-ID: <4A8161D7.8010806 at Sun.COM>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 08/11/09 07:48, Georgia Marsh wrote:
> How was the meeting?
>
Divisive.  Here's my trip report.  Thanks for the info on US government
SAML uses; that came up indirectly during the meeting but things were
sufficiently heated that I dropped that in favor of asking some other,
somewhat pointed, questions.  But thanks much for your help.  It was
good to have that information in my back pocket if needed.

Best,

Susan

Judy Spencer, who is the co-chair of the Identity Management and Access
Management SC (special committee? signon committee?), ran the meeting.
She sought to focus only on Level of Assurance 1, a decision that was
objected to by many in the audience.

Most of the attendees appeared to be members of the federal government
and contractors.  There were very few privacy advocates in the room: one
from EPIC, a junior person from CDT, no one from EFF.  I suspect this
was due to too short notice (and in EFF's case, too expensive a plane
flight from west coast).

The morning was taken up with presentations by the various folks.  First
Chris Louden of Protiviti, a federal contractor working on this
initiative gave an overview, and made the point that for efficiency's
sake, the government wanted to leverage work in the private sector.
There had already been SAML profiles.  But OpenID had lots of traction
and so the government was going to leverage that for Level of Assurance
1, where the government wanted to be able to identify the same user each
time the same user turned up but without any need to tie identity to a
particular person (so as to enable to return customized webpages, send
updates to the user if an email had been supplied, etc.). Chris went
through the privacy requirements for level 1, which included
unlinkability of the user between different sites (something satisfied
by OpenID 2.0 but not OpenID 1.0).

This was followed by a panel: Bob Morgan on InCommon, Don Thibeau and
Drummond Reed doing a tag team on OpenID and InfoCard Foundations and
Brett on Kantara.  The meeting was originally supposed to be on OpenID,
InfoCard, and privacy issues but had broadened.   Don and Drummond spoke
about OpenID 2.0 fulfilling the pseudonymity needs prescribed by the
federal profiles and that OpenID had billions of users. They did not
mention that it was OpenID 1.0 that had the large installed user base.
At this point, I asked some questions.  I asked about the number of
OpenID 2.0 users; this was not answered.  I asked about liability and
didn't get an answer. Nonetheless it was useful to plant these issues
for later discussion.

The afternoon session was devoted to privacy and identity and that was
the time for Q&A. Here I asked about extensibility, pointing out that in
security you architect for the whole solution, then cut back as needed
(and not the other way around) and that we will need identifiers for
health care with much higher levels of assurance.  Chris Louden of
Protiviti said that they understand the issue and they've got that
covered.  At this point, various of the audience picked up the issue of
extensibility strongly.

Someone from MITRE spoke about the progress with level of assurance 3
and 4 and how this was a step backwards.

Don Schmidt of Microsoft said, "billions of burgers sold has nothing to
do with reality."

Jeff Stollman said that usability needs say that other levels influence
level 1.0.  "You can't talk about level 1.0 separately from higher
levels when you talk about usability"; you are making a huge mistake by
using OpenID for level 1.0 when you can't do OpenID for higher levels.
The audience resonated with this.

Tony Nadlin (sp?) said "Why are you going the industry route?  Liability
issues have not been addressed?  What is your emergency response
initiative?  What is your liability initiative?"

Judy Spencer:  "For level 1, OpenID is absolutely appropriate.  We want
to enable technologies for people to use and OpenID is perfectly
acceptable at level 1.0."

Don Schmidt: Using OpenID is a really bad idea (this is a paraphrase).
You're teaching people the wrong message about security. "If this is
successful and if there's a disconnect between this and higher levels
[because OpenID is not extensible for higher levels], in the end we
haven't done a good thing."  I was surprised to see Microsoft speaking
that way, but Schmidt was quite emphatic.

I would say that by the end of the meeting, there was a great deal of
dubiousness in the room concerning using OpenID even at level of
assurance 1.  The agencies will have to implement, of course.  But the
people there were clearly aware --- if they hadn't been earlier ---  of
the problems with OpenID.

***********************************************************
Susan Landau                     phone: 413-259-2018
Distinguished Engineer           fax: 413-253-2156

        Sun Microsystems Laboratories
        MS UBUR02-311
        35 Network Drive
        Burlington MA 01803-0902
        http://research.sun.com/people/slandau

        susan.landau at sun.com
************************************************************





------------------------------

Message: 2
Date: Tue, 11 Aug 2009 09:43:13 -0400
From: "J. Trent Adams" <jtrentadams at gmail.com>
Subject: Re: [Wg-p3] Preparation for USG Privacy Workshop (Aug 10th)
To: Susan.Landau at sun.com
Cc: Kantara P3WG <wg-p3 at kantarainitiative.org>
Message-ID: <4A817571.5050907 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Susan -

Excellent summary.  And great questions yesterday.

All -

To provide additional flavor to Susan's comments about usability, it was
brought up many times throughout the day.  I would classify some of the
issues as what could be called a contract with the users (i.e. setting
their expectations and how to meet them).  While Judy and Chris tried to
reinforce the focus on LOA 1, many saw a disconnect between the
usability requirements of this pilot and what might come next with a
higher ROI.

Of note on this point, Judy made an interesting comment toward the end
that I'm not sure is accurate (AFAIK).  She said that Don Thibeau had
mentioned to her that while OpenID can't move beyond LOA 1 today, there
are people in the OpenID community working on ways to address this soon.

Also, Don was asked how much usability testing has taken place on
OpenID.  While he did say that he assumes Google and Yahoo have done
extensive testing on their own, he decided not to mention the report
that came out earlier this year illustrating how OpenID integration
decreases conversion rates.  His response was primarily that the pilot
should be rolled out and be adjusted according to reactions.

Significant questions were also raised about privacy relating to
unintended self-exposure and masquerading.  Both issues were noted by
Chris Louden as he said they were issues that hadn't been previously
explored.

In the end, none of the topics raised appeared to indicate the GSA/ICAM
would slow down the pilot program to address them.

It was also very interesting that in response to questions, Brett
mentioned that Kantara has three groups working on or planning to work
on the following issues that were brought up:

 1. Usability
 2. Certification
 3. Privacy Assurance
 4. Legal & Litigation

It was clear to me that Kantara was the only represented group in the
room positioned to deal across the board with the issues at the center
of the discussion.  It might make sense to reach out to the attendees
and invite them to participate in these activities.

Finally, it might not be known to the group, but Kantara submitted it's
Trust Framework Process proposal to the GSA/ICAM on Friday.  So far,
it's the only application they have received.

- Trent


Susan Landau wrote:
> On 08/11/09 07:48, Georgia Marsh wrote:
>> How was the meeting?
>>
> Divisive.  Here's my trip report.  Thanks for the info on US
> government SAML uses; that came up indirectly during the meeting but
> things were sufficiently heated that I dropped that in favor of asking
> some other, somewhat pointed, questions.  But thanks much for your
> help.  It was good to have that information in my back pocket if needed.
>
> Best,
>
> Susan
>
> Judy Spencer, who is the co-chair of the Identity Management and
> Access Management SC (special committee? signon committee?), ran the
> meeting.  She sought to focus only on Level of Assurance 1, a decision
> that was objected to by many in the audience.
>
> Most of the attendees appeared to be members of the federal government
> and contractors.  There were very few privacy advocates in the room:
> one from EPIC, a junior person from CDT, no one from EFF.  I suspect
> this was due to too short notice (and in EFF's case, too expensive a
> plane flight from west coast).
>
> The morning was taken up with presentations by the various folks.
> First Chris Louden of Protiviti, a federal contractor working on this
> initiative gave an overview, and made the point that for efficiency's
> sake, the government wanted to leverage work in the private sector.
> There had already been SAML profiles.  But OpenID had lots of traction
> and so the government was going to leverage that for Level of
> Assurance 1, where the government wanted to be able to identify the
> same user each time the same user turned up but without any need to
> tie identity to a particular person (so as to enable to return
> customized webpages, send updates to the user if an email had been
> supplied, etc.). Chris went through the privacy requirements for level
> 1, which included unlinkability of the user between different sites
> (something satisfied by OpenID 2.0 but not OpenID 1.0).
>
> This was followed by a panel: Bob Morgan on InCommon, Don Thibeau and
> Drummond Reed doing a tag team on OpenID and InfoCard Foundations and
> Brett on Kantara.  The meeting was originally supposed to be on
> OpenID, InfoCard, and privacy issues but had broadened.   Don and
> Drummond spoke about OpenID 2.0 fulfilling the pseudonymity needs
> prescribed by the federal profiles and that OpenID had billions of
> users. They did not mention that it was OpenID 1.0 that had the large
> installed user base.
> At this point, I asked some questions.  I asked about the number of
> OpenID 2.0 users; this was not answered.  I asked about liability and
> didn't get an answer. Nonetheless it was useful to plant these issues
> for later discussion.
>
> The afternoon session was devoted to privacy and identity and that was
> the time for Q&A. Here I asked about extensibility, pointing out that
> in security you architect for the whole solution, then cut back as
> needed (and not the other way around) and that we will need
> identifiers for health care with much higher levels of assurance.
> Chris Louden of Protiviti said that they understand the issue and
> they've got that covered.  At this point, various of the audience
> picked up the issue of extensibility strongly.
>
> Someone from MITRE spoke about the progress with level of assurance 3
> and 4 and how this was a step backwards.
>
> Don Schmidt of Microsoft said, "billions of burgers sold has nothing
> to do with reality."
>
> Jeff Stollman said that usability needs say that other levels
> influence level 1.0.  "You can't talk about level 1.0 separately from
> higher levels when you talk about usability"; you are making a huge
> mistake by using OpenID for level 1.0 when you can't do OpenID for
> higher levels. The audience resonated with this.
>
> Tony Nadlin (sp?) said "Why are you going the industry route?
> Liability issues have not been addressed?  What is your emergency
> response initiative?  What is your liability initiative?"
>
> Judy Spencer:  "For level 1, OpenID is absolutely appropriate.  We
> want to enable technologies for people to use and OpenID is perfectly
> acceptable at level 1.0."
>
> Don Schmidt: Using OpenID is a really bad idea (this is a
> paraphrase).  You're teaching people the wrong message about security.
> "If this is successful and if there's a disconnect between this and
> higher levels [because OpenID is not extensible for higher levels], in
> the end we haven't done a good thing."  I was surprised to see
> Microsoft speaking that way, but Schmidt was quite emphatic.
>
> I would say that by the end of the meeting, there was a great deal of
> dubiousness in the room concerning using OpenID even at level of
> assurance 1.  The agencies will have to implement, of course.  But the
> people there were clearly aware --- if they hadn't been earlier ---
> of the problems with OpenID.
>
> ***********************************************************
> Susan Landau                     phone: 413-259-2018
> Distinguished Engineer           fax: 413-253-2156
>
>        Sun Microsystems Laboratories
>        MS UBUR02-311
>        35 Network Drive
>        Burlington MA 01803-0902
>        http://research.sun.com/people/slandau
>
>        susan.landau at sun.com
> ************************************************************
>
>
>
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org

--
J. Trent Adams
=jtrentadams

Profile: http://www.mediaslate.org/jtrentadams/
LinkedIN: http://www.linkedin.com/in/jtrentadams
Twitter: http://twitter.com/jtrentadams




------------------------------

Message: 3
Date: Tue, 11 Aug 2009 11:24:56 -0400
From: j stollman <stollman.j at gmail.com>
Subject: Re: [Wg-p3] Preparation for USG Privacy Workshop (Aug 10th)
To: "J. Trent Adams" <jtrentadams at gmail.com>
Cc: Susan.Landau at sun.com, Kantara P3WG <wg-p3 at kantarainitiative.org>
Message-ID:
        <c0f2bd590908110824g55de9626t6fe27313c07a1200 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

All,

There was a critical item that drove the meeting that was never spoken.
Vivek Kundra, the new Federal CIO is adamant about the use of OpenID.  He
brought it into consideration and he has forced it down the throats of the
ICAM group.  As peons, they are marching to his drum.

On the spoken side, Susan's line of questions established the tone for the
controversy.

Following the conference I sent a note to Mary Ruddy, a private sector
identity advocate who is helping lead ICAM's integration with industry.  In
my note, I summarized my concerns about the meeting.  My comments to her
follow:

   1. I view the privacy issues of government access by the citizenry as a
   systems problem.  While I understand and agree with the need to "start
   somewhere" and to start with the easy victories first, I don't think that
   pilots should begin until all of the system-wide issues have been fully
   considered.  I believe that the issues of usability have not been
thoroughly
   considered.
   2. One of the biggest concerns I have with usability is the need for the
   government to act *in loco parentis* to help ensure that users of the
   system don't expose themselves to privacy issues through their own
actions.
   While a site like Facebook may take a Buyer Beware attitude, the
government
   needs to go a step further to prevent harm to its subjects as a result of
   users' ignorance of the privacy and security exposure that they will
face.
   3. The Government has many well thought-out regulations regarding
   security and privacy, but these apply to the government; they do not
provide
   guidance to the external users of Government systems.  Looking at
security
   and privacy from the user perspective, the Government will not only need
to
   be able to provide instructions to users on how to use Government sites
   (many of which may be obvious), but it will also need to provide policy
   guidance to users.  For example, it would be my recommendation that users
be
   told to create an anonymous ID for accessing government web sites at
Level 1
   and not use this ID for other purposes.  As per the profile, correlation
of
   government sites will then be limited to information held only by the
   Identity Provider and because the ID will not be used with other
   non-Government sites, there will be no opportunity to correlate usage
with
   them.
   4. After consideration of usability, it may turn out to be a small
   issue.  It may be determined that we can live with the problem of having
to
   retrain users.
   5. This consideration should consists of at least two concerns:  (1) user
   training and retraining and (2) scope creep.
   6. The user training and retraining concern is whether it will be
   difficult for non-computer-savvy users to understand and implement the
   end-user policy guidance for Level 1 and then learn and apply new
guidance
   for other levels.  This could be tested using life people.  Such testing
may
   already have been done by some of the large commercial sites (Google,
   Facebook, Yahoo, AOL, AARP, etc.) and may be available, without having to
   run new studies.
   7. The scope creep concern is that agencies will begin adding
   capabilities to their LoA 1 sites which start their migration to higher
   levels of assurance.  I believe it was Naomi Leftkovitz from the Federal
   Trade Commission who suggested that this is already a wide-spread
practice
   in Federal agencies.  This practice can be measured and needs to be
measured
   before LoA 1 can be isolated from the systems problem.
   8. If either of these concerns turn out to be valid, then I would
   recommend adding another vetting constraint to your technology screen
   mechanism:  technologies must be readily extensible to higher levels of
   assurance.  Should this be the case, OpenID would not make the cut.
   9. Another problem I had with the session in general yesterday is that I
   had the sense that the Level 1 acceptance of OpenID, SAML, and
Information
   Cards was a *fait accompli*.  In the session, itself, there did not seem
   to be any resistance to OpenID and SAML.  But there was a lot of concern
   about OpenID.
   10. I also recognize that OpenID is being pushed from the very top.  But
   the reason it is being pushed is based on a fallacious argument:  that
the
   Government should use OpenID because it is already ubiquitous. But OpenID
   2.0 is not ubiquitous.  In fact, the director of the OpenID Foundation
   admits to not having a clue how many OpenID 2.0 users there are.  What is
   ubiquitous is OpenID 1.0 which everyone agrees does not meet the
   Government's standards.  I have no axes to grind against OpenID or Don
   Thibeau (whose integrity and honesty I highly respect).  But in my gut, I
do
   not believe that OpenID warrants consideration until the issues noted in
6
   and 7 above have been fully considered.

Jeff



On Tue, Aug 11, 2009 at 9:43 AM, J. Trent Adams
<jtrentadams at gmail.com>wrote:

> Susan -
>
> Excellent summary.  And great questions yesterday.
>
> All -
>
> To provide additional flavor to Susan's comments about usability, it was
> brought up many times throughout the day.  I would classify some of the
> issues as what could be called a contract with the users (i.e. setting
> their expectations and how to meet them).  While Judy and Chris tried to
> reinforce the focus on LOA 1, many saw a disconnect between the
> usability requirements of this pilot and what might come next with a
> higher ROI.
>
> Of note on this point, Judy made an interesting comment toward the end
> that I'm not sure is accurate (AFAIK).  She said that Don Thibeau had
> mentioned to her that while OpenID can't move beyond LOA 1 today, there
> are people in the OpenID community working on ways to address this soon.
>
> Also, Don was asked how much usability testing has taken place on
> OpenID.  While he did say that he assumes Google and Yahoo have done
> extensive testing on their own, he decided not to mention the report
> that came out earlier this year illustrating how OpenID integration
> decreases conversion rates.  His response was primarily that the pilot
> should be rolled out and be adjusted according to reactions.
>
> Significant questions were also raised about privacy relating to
> unintended self-exposure and masquerading.  Both issues were noted by
> Chris Louden as he said they were issues that hadn't been previously
> explored.
>
> In the end, none of the topics raised appeared to indicate the GSA/ICAM
> would slow down the pilot program to address them.
>
> It was also very interesting that in response to questions, Brett
> mentioned that Kantara has three groups working on or planning to work
> on the following issues that were brought up:
>
>  1. Usability
>  2. Certification
>  3. Privacy Assurance
>  4. Legal & Litigation
>
> It was clear to me that Kantara was the only represented group in the
> room positioned to deal across the board with the issues at the center
> of the discussion.  It might make sense to reach out to the attendees
> and invite them to participate in these activities.
>
> Finally, it might not be known to the group, but Kantara submitted it's
> Trust Framework Process proposal to the GSA/ICAM on Friday.  So far,
> it's the only application they have received.
>
> - Trent
>
>
> Susan Landau wrote:
> > On 08/11/09 07:48, Georgia Marsh wrote:
> >> How was the meeting?
> >>
> > Divisive.  Here's my trip report.  Thanks for the info on US
> > government SAML uses; that came up indirectly during the meeting but
> > things were sufficiently heated that I dropped that in favor of asking
> > some other, somewhat pointed, questions.  But thanks much for your
> > help.  It was good to have that information in my back pocket if needed.
> >
> > Best,
> >
> > Susan
> >
> > Judy Spencer, who is the co-chair of the Identity Management and
> > Access Management SC (special committee? signon committee?), ran the
> > meeting.  She sought to focus only on Level of Assurance 1, a decision
> > that was objected to by many in the audience.
> >
> > Most of the attendees appeared to be members of the federal government
> > and contractors.  There were very few privacy advocates in the room:
> > one from EPIC, a junior person from CDT, no one from EFF.  I suspect
> > this was due to too short notice (and in EFF's case, too expensive a
> > plane flight from west coast).
> >
> > The morning was taken up with presentations by the various folks.
> > First Chris Louden of Protiviti, a federal contractor working on this
> > initiative gave an overview, and made the point that for efficiency's
> > sake, the government wanted to leverage work in the private sector.
> > There had already been SAML profiles.  But OpenID had lots of traction
> > and so the government was going to leverage that for Level of
> > Assurance 1, where the government wanted to be able to identify the
> > same user each time the same user turned up but without any need to
> > tie identity to a particular person (so as to enable to return
> > customized webpages, send updates to the user if an email had been
> > supplied, etc.). Chris went through the privacy requirements for level
> > 1, which included unlinkability of the user between different sites
> > (something satisfied by OpenID 2.0 but not OpenID 1.0).
> >
> > This was followed by a panel: Bob Morgan on InCommon, Don Thibeau and
> > Drummond Reed doing a tag team on OpenID and InfoCard Foundations and
> > Brett on Kantara.  The meeting was originally supposed to be on
> > OpenID, InfoCard, and privacy issues but had broadened.   Don and
> > Drummond spoke about OpenID 2.0 fulfilling the pseudonymity needs
> > prescribed by the federal profiles and that OpenID had billions of
> > users. They did not mention that it was OpenID 1.0 that had the large
> > installed user base.
> > At this point, I asked some questions.  I asked about the number of
> > OpenID 2.0 users; this was not answered.  I asked about liability and
> > didn't get an answer. Nonetheless it was useful to plant these issues
> > for later discussion.
> >
> > The afternoon session was devoted to privacy and identity and that was
> > the time for Q&A. Here I asked about extensibility, pointing out that
> > in security you architect for the whole solution, then cut back as
> > needed (and not the other way around) and that we will need
> > identifiers for health care with much higher levels of assurance.
> > Chris Louden of Protiviti said that they understand the issue and
> > they've got that covered.  At this point, various of the audience
> > picked up the issue of extensibility strongly.
> >
> > Someone from MITRE spoke about the progress with level of assurance 3
> > and 4 and how this was a step backwards.
> >
> > Don Schmidt of Microsoft said, "billions of burgers sold has nothing
> > to do with reality."
> >
> > Jeff Stollman said that usability needs say that other levels
> > influence level 1.0.  "You can't talk about level 1.0 separately from
> > higher levels when you talk about usability"; you are making a huge
> > mistake by using OpenID for level 1.0 when you can't do OpenID for
> > higher levels. The audience resonated with this.
> >
> > Tony Nadlin (sp?) said "Why are you going the industry route?
> > Liability issues have not been addressed?  What is your emergency
> > response initiative?  What is your liability initiative?"
> >
> > Judy Spencer:  "For level 1, OpenID is absolutely appropriate.  We
> > want to enable technologies for people to use and OpenID is perfectly
> > acceptable at level 1.0."
> >
> > Don Schmidt: Using OpenID is a really bad idea (this is a
> > paraphrase).  You're teaching people the wrong message about security.
> > "If this is successful and if there's a disconnect between this and
> > higher levels [because OpenID is not extensible for higher levels], in
> > the end we haven't done a good thing."  I was surprised to see
> > Microsoft speaking that way, but Schmidt was quite emphatic.
> >
> > I would say that by the end of the meeting, there was a great deal of
> > dubiousness in the room concerning using OpenID even at level of
> > assurance 1.  The agencies will have to implement, of course.  But the
> > people there were clearly aware --- if they hadn't been earlier ---
> > of the problems with OpenID.
> >
> > ***********************************************************
> > Susan Landau                     phone: 413-259-2018
> > Distinguished Engineer           fax: 413-253-2156
> >
> >        Sun Microsystems Laboratories
> >        MS UBUR02-311
> >        35 Network Drive
> >        Burlington MA 01803-0902
> >        http://research.sun.com/people/slandau
> >
> >        susan.landau at sun.com
> > ************************************************************
> >
> >
> >
> > _______________________________________________
> > Wg-p3 mailing list
> > Wg-p3 at kantarainitiative.org
> >
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>
> --
> J. Trent Adams
> =jtrentadams
>
> Profile: http://www.mediaslate.org/jtrentadams/
> LinkedIN: http://www.linkedin.com/in/jtrentadams
> Twitter: http://twitter.com/jtrentadams
>
>
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>



--
Jeff Stollman
stollman.j at gmail.com
1 202.683.8699
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachme
nts/20090811/1fae0bf7/attachment.html>

------------------------------

_______________________________________________
Wg-p3 mailing list
Wg-p3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org


End of Wg-p3 Digest, Vol 2, Issue 13
************************************



------------------------------

_______________________________________________
Wg-p3 mailing list
Wg-p3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org


End of Wg-p3 Digest, Vol 2, Issue 16
************************************





More information about the Wg-p3 mailing list