[Wg-p3] Wg-p3 Digest, Vol 2, Issue 16

Robin Wilton futureidentity at fastmail.fm
Mon Aug 17 03:49:32 PDT 2009


Hi Patrick - 

Thanks for this. I'm not going to try and get into a substantive
argument/conclusions at this point - just going to agree that it is a
complex area and that we should, as a WG, at least aim to come up with a
clear and simple analysis of the issues associated with the various
LOAs.

For instance:

- LOA3 and non-repudiation; what are the actual requirements? What does
'non-repudation' mean in when one or both of the parties is a
government? Are banks actually evolving towards the use of digital
non-repudiation technologies, or are they still predominantly relying on
signed paper contracts when it comes to managing the risk of repudiated
transactions?

- LOA2 - again, I think your point raises very valid questions... what
is the right approach to credentials management when they are used to
access public services with a financial component?

- LOA1 - as I mentioned in other emails, is the case for any kind of
pseudonymous authentication compelling if the pay-off is a customised
web interface which persists from visit to visit...?

- LOA0 - These days, I don't think that 'no authentication' equates to
'anonymous access'... is that important, and if so, what do we think
needs to be done about it?


So, as I say, plenty of issues there, and a set of clear problem
statements would, I think, be a veru valuable survey/position paper for
this group to produce.

Any thoughts?


Yrs.,
Robin

On Mon, 17 Aug 2009 10:33 +0100, "Patrick Curry"
<patrick.curry at clarionidentity.com> wrote:
> David and Susan
> 
> I suggest we need to look at each perspective on its merits.  Lots of
> people
> may disagree with what I am about to say but here goes...
> 
> Re: Level 3.  Level 3 dominates, due to its focus on legally robust
> non-repudiation, for most international secure collaboration in regulated
> industry supply chains and, increasingly, banking.  It is also starting
> to
> be recognised for gov-gov interactions.  Cross-certification is being
> discussed by the governments of CA, UK, AUS, NZ, FR, NL and Germany at a
> minimum, with potential for much more. I emphasise that this is for
> regulated industries and governments, and their employees.  This isn't
> about
> citizen interactions (yet).  With the publication of PIV-I in May 09 and
> now
> the up-gunning of the Defense Industrial Base Cyber Security activities
> in
> several USG departments, so Level 3 and its implementations are becoming
> increasingly important for those that want to interoperate.  My personal
> view is that this should form a major plank in the P3WG activities
> because
> (a) it is relevant to so much public policy, and (2) it raises privacy
> issues that are very different from the citizen space due to national
> security caveats (the authorities can ask more) and because of the
> vetting
> requirements, which dig deeper.  Personally, I am looking for help in
> this
> area and am tasked to get US and UK government people involved.  I have
> asked Judy Spencer to help here for US.
> 
> Re: Level 2.  Anything of value in the citizen space, where visible
> authentication occurs and a financial liability model is appropriate,
> seems
> to sit at Level 2.  For USG, I have asked Dave Temoshok to help here.  
> 
> Re: Level 1.  M-0404 is not clear to me at this level.  I see this as
> being
> relevant for pseudo-anonymity, i.e. there is an authentication mechanism
> but
> the relying party doesn't know anything about that person except that
> they
> have been authenticated at some point - very relevant to various kinds of
> citizen internet activity.  I see this as very different to anonymity,
> which
> is Level 0. 
> 
> So, those of us concerned with organisational compliance and protecting
> organisational information will be focused on Level 3.  Those of us
> focused
> on privacy will probably focus more on Levels 1 and 2 (and Level 0??). 
> It
> would be helpful to know who is interested (and expert) on what area,
> rather
> than all trying to do everything.  
> 
> Lastly, some of the other Kantara groups are active in the above,
> particularly Level 03.  So we need to coordinate with them.
> 
> Comments?
> 
> Mr Chairman, over to you....
> 
> 
> yours sincerely
> 
> Patrick
> 
> Patrick Curry
> Director
> Clarion Identity Ltd
> M:   +44 786 024 9074
> T:   +44 1980 620606
> patrick.curry at clarionidentity.com 
> Disclaimer
> Internet communications are not secure and therefore Clarion
> Identity Limited, Rock House, SP3 4JY does not accept legal
> responsibility
> for the contents of this message. Any views or opinions presented are
> solely
> those of the author and do not necessarily represent those of Clarion
> Identity Limited unless otherwise specifically stated. If this message is
> received by anyone other than the addressee, please notify the sender and
> then delete the message and any attachments from your computer.
> 
> 
> 
> -----Original Message-----
> From: wg-p3-bounces at kantarainitiative.org
> [mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of
> wg-p3-request at kantarainitiative.org
> Sent: 14 August 2009 22:34
> To: wg-p3 at kantarainitiative.org
> Subject: Wg-p3 Digest, Vol 2, Issue 16
> 
> Send Wg-p3 mailing list submissions to
> 	wg-p3 at kantarainitiative.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> 
> or, via email, send a message with subject or body 'help' to
> 	wg-p3-request at kantarainitiative.org
> 
> You can reach the person managing the list at
> 	wg-p3-owner at kantarainitiative.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wg-p3 digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: M04-04 levels (Weitzel, David S)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 14 Aug 2009 17:33:48 -0400
> From: "Weitzel, David S" <dweitzel at mitre.org>
> Subject: Re: [Wg-p3] M04-04 levels
> To: "wg-p3 at kantarainitiative.org" <wg-p3 at kantarainitiative.org>
> Message-ID:
> 	<F5830D8920D7BA4DB8BCFE1DC57164AC0347270C8C at IMCMBX2.MITRE.ORG>
> Content-Type: text/plain; charset="us-ascii"
> 
> Susan:
> 
> I meant to say that level 3 is the 'broken part' and is what needs the
> attention of the community.  Paying too much attention to levels 1 & 2 is
> not necessarily a 'step backwards' but rather lower value application of
> the
> collective energy of the group.
> 
> __
> David Weitzel, MS, JD, CIPP/G
> MITRE CIIS
> O-703.983.2639
> C-703.969.9740
> dweitzel at mitre.org
> 
> -----Original Message-----
> From: wg-p3-bounces at kantarainitiative.org
> [mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of
> wg-p3-request at kantarainitiative.org
> Sent: Tuesday, August 11, 2009 11:25 AM
> To: wg-p3 at kantarainitiative.org
> Subject: Wg-p3 Digest, Vol 2, Issue 13
> 
> Send Wg-p3 mailing list submissions to
>         wg-p3 at kantarainitiative.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>  
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> 
> or, via email, send a message with subject or body 'help' to
>         wg-p3-request at kantarainitiative.org
> 
> You can reach the person managing the list at
>         wg-p3-owner at kantarainitiative.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wg-p3 digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: Preparation for USG Privacy Workshop (Aug 10th) (Susan Landau)
>    2. Re: Preparation for USG Privacy Workshop (Aug 10th)
>       (J. Trent Adams)
>    3. Re: Preparation for USG Privacy Workshop (Aug 10th) (j stollman)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 11 Aug 2009 08:19:35 -0400
> From: Susan Landau <Susan.Landau at sun.com>
> Subject: Re: [Wg-p3] Preparation for USG Privacy Workshop (Aug 10th)
> To: Kantara P3WG <wg-p3 at kantarainitiative.org>
> Message-ID: <4A8161D7.8010806 at Sun.COM>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> On 08/11/09 07:48, Georgia Marsh wrote:
> > How was the meeting?
> >
> Divisive.  Here's my trip report.  Thanks for the info on US government
> SAML uses; that came up indirectly during the meeting but things were
> sufficiently heated that I dropped that in favor of asking some other,
> somewhat pointed, questions.  But thanks much for your help.  It was
> good to have that information in my back pocket if needed.
> 
> Best,
> 
> Susan
> 
> Judy Spencer, who is the co-chair of the Identity Management and Access
> Management SC (special committee? signon committee?), ran the meeting.
> She sought to focus only on Level of Assurance 1, a decision that was
> objected to by many in the audience.
> 
> Most of the attendees appeared to be members of the federal government
> and contractors.  There were very few privacy advocates in the room: one
> from EPIC, a junior person from CDT, no one from EFF.  I suspect this
> was due to too short notice (and in EFF's case, too expensive a plane
> flight from west coast).
> 
> The morning was taken up with presentations by the various folks.  First
> Chris Louden of Protiviti, a federal contractor working on this
> initiative gave an overview, and made the point that for efficiency's
> sake, the government wanted to leverage work in the private sector.
> There had already been SAML profiles.  But OpenID had lots of traction
> and so the government was going to leverage that for Level of Assurance
> 1, where the government wanted to be able to identify the same user each
> time the same user turned up but without any need to tie identity to a
> particular person (so as to enable to return customized webpages, send
> updates to the user if an email had been supplied, etc.). Chris went
> through the privacy requirements for level 1, which included
> unlinkability of the user between different sites (something satisfied
> by OpenID 2.0 but not OpenID 1.0).
> 
> This was followed by a panel: Bob Morgan on InCommon, Don Thibeau and
> Drummond Reed doing a tag team on OpenID and InfoCard Foundations and
> Brett on Kantara.  The meeting was originally supposed to be on OpenID,
> InfoCard, and privacy issues but had broadened.   Don and Drummond spoke
> about OpenID 2.0 fulfilling the pseudonymity needs prescribed by the
> federal profiles and that OpenID had billions of users. They did not
> mention that it was OpenID 1.0 that had the large installed user base.
> At this point, I asked some questions.  I asked about the number of
> OpenID 2.0 users; this was not answered.  I asked about liability and
> didn't get an answer. Nonetheless it was useful to plant these issues
> for later discussion.
> 
> The afternoon session was devoted to privacy and identity and that was
> the time for Q&A. Here I asked about extensibility, pointing out that in
> security you architect for the whole solution, then cut back as needed
> (and not the other way around) and that we will need identifiers for
> health care with much higher levels of assurance.  Chris Louden of
> Protiviti said that they understand the issue and they've got that
> covered.  At this point, various of the audience picked up the issue of
> extensibility strongly.
> 
> Someone from MITRE spoke about the progress with level of assurance 3
> and 4 and how this was a step backwards.
> 
> Don Schmidt of Microsoft said, "billions of burgers sold has nothing to
> do with reality."
> 
> Jeff Stollman said that usability needs say that other levels influence
> level 1.0.  "You can't talk about level 1.0 separately from higher
> levels when you talk about usability"; you are making a huge mistake by
> using OpenID for level 1.0 when you can't do OpenID for higher levels.
> The audience resonated with this.
> 
> Tony Nadlin (sp?) said "Why are you going the industry route?  Liability
> issues have not been addressed?  What is your emergency response
> initiative?  What is your liability initiative?"
> 
> Judy Spencer:  "For level 1, OpenID is absolutely appropriate.  We want
> to enable technologies for people to use and OpenID is perfectly
> acceptable at level 1.0."
> 
> Don Schmidt: Using OpenID is a really bad idea (this is a paraphrase).
> You're teaching people the wrong message about security. "If this is
> successful and if there's a disconnect between this and higher levels
> [because OpenID is not extensible for higher levels], in the end we
> haven't done a good thing."  I was surprised to see Microsoft speaking
> that way, but Schmidt was quite emphatic.
> 
> I would say that by the end of the meeting, there was a great deal of
> dubiousness in the room concerning using OpenID even at level of
> assurance 1.  The agencies will have to implement, of course.  But the
> people there were clearly aware --- if they hadn't been earlier ---  of
> the problems with OpenID.
> 
> ***********************************************************
> Susan Landau                     phone: 413-259-2018
> Distinguished Engineer           fax: 413-253-2156
> 
>         Sun Microsystems Laboratories
>         MS UBUR02-311
>         35 Network Drive
>         Burlington MA 01803-0902
>         http://research.sun.com/people/slandau
> 
>         susan.landau at sun.com
> ************************************************************
> 
> 
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 11 Aug 2009 09:43:13 -0400
> From: "J. Trent Adams" <jtrentadams at gmail.com>
> Subject: Re: [Wg-p3] Preparation for USG Privacy Workshop (Aug 10th)
> To: Susan.Landau at sun.com
> Cc: Kantara P3WG <wg-p3 at kantarainitiative.org>
> Message-ID: <4A817571.5050907 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Susan -
> 
> Excellent summary.  And great questions yesterday.
> 
> All -
> 
> To provide additional flavor to Susan's comments about usability, it was
> brought up many times throughout the day.  I would classify some of the
> issues as what could be called a contract with the users (i.e. setting
> their expectations and how to meet them).  While Judy and Chris tried to
> reinforce the focus on LOA 1, many saw a disconnect between the
> usability requirements of this pilot and what might come next with a
> higher ROI.
> 
> Of note on this point, Judy made an interesting comment toward the end
> that I'm not sure is accurate (AFAIK).  She said that Don Thibeau had
> mentioned to her that while OpenID can't move beyond LOA 1 today, there
> are people in the OpenID community working on ways to address this soon.
> 
> Also, Don was asked how much usability testing has taken place on
> OpenID.  While he did say that he assumes Google and Yahoo have done
> extensive testing on their own, he decided not to mention the report
> that came out earlier this year illustrating how OpenID integration
> decreases conversion rates.  His response was primarily that the pilot
> should be rolled out and be adjusted according to reactions.
> 
> Significant questions were also raised about privacy relating to
> unintended self-exposure and masquerading.  Both issues were noted by
> Chris Louden as he said they were issues that hadn't been previously
> explored.
> 
> In the end, none of the topics raised appeared to indicate the GSA/ICAM
> would slow down the pilot program to address them.
> 
> It was also very interesting that in response to questions, Brett
> mentioned that Kantara has three groups working on or planning to work
> on the following issues that were brought up:
> 
>  1. Usability
>  2. Certification
>  3. Privacy Assurance
>  4. Legal & Litigation
> 
> It was clear to me that Kantara was the only represented group in the
> room positioned to deal across the board with the issues at the center
> of the discussion.  It might make sense to reach out to the attendees
> and invite them to participate in these activities.
> 
> Finally, it might not be known to the group, but Kantara submitted it's
> Trust Framework Process proposal to the GSA/ICAM on Friday.  So far,
> it's the only application they have received.
> 
> - Trent
> 
> 
> Susan Landau wrote:
> > On 08/11/09 07:48, Georgia Marsh wrote:
> >> How was the meeting?
> >>
> > Divisive.  Here's my trip report.  Thanks for the info on US
> > government SAML uses; that came up indirectly during the meeting but
> > things were sufficiently heated that I dropped that in favor of asking
> > some other, somewhat pointed, questions.  But thanks much for your
> > help.  It was good to have that information in my back pocket if needed.
> >
> > Best,
> >
> > Susan
> >
> > Judy Spencer, who is the co-chair of the Identity Management and
> > Access Management SC (special committee? signon committee?), ran the
> > meeting.  She sought to focus only on Level of Assurance 1, a decision
> > that was objected to by many in the audience.
> >
> > Most of the attendees appeared to be members of the federal government
> > and contractors.  There were very few privacy advocates in the room:
> > one from EPIC, a junior person from CDT, no one from EFF.  I suspect
> > this was due to too short notice (and in EFF's case, too expensive a
> > plane flight from west coast).
> >
> > The morning was taken up with presentations by the various folks.
> > First Chris Louden of Protiviti, a federal contractor working on this
> > initiative gave an overview, and made the point that for efficiency's
> > sake, the government wanted to leverage work in the private sector.
> > There had already been SAML profiles.  But OpenID had lots of traction
> > and so the government was going to leverage that for Level of
> > Assurance 1, where the government wanted to be able to identify the
> > same user each time the same user turned up but without any need to
> > tie identity to a particular person (so as to enable to return
> > customized webpages, send updates to the user if an email had been
> > supplied, etc.). Chris went through the privacy requirements for level
> > 1, which included unlinkability of the user between different sites
> > (something satisfied by OpenID 2.0 but not OpenID 1.0).
> >
> > This was followed by a panel: Bob Morgan on InCommon, Don Thibeau and
> > Drummond Reed doing a tag team on OpenID and InfoCard Foundations and
> > Brett on Kantara.  The meeting was originally supposed to be on
> > OpenID, InfoCard, and privacy issues but had broadened.   Don and
> > Drummond spoke about OpenID 2.0 fulfilling the pseudonymity needs
> > prescribed by the federal profiles and that OpenID had billions of
> > users. They did not mention that it was OpenID 1.0 that had the large
> > installed user base.
> > At this point, I asked some questions.  I asked about the number of
> > OpenID 2.0 users; this was not answered.  I asked about liability and
> > didn't get an answer. Nonetheless it was useful to plant these issues
> > for later discussion.
> >
> > The afternoon session was devoted to privacy and identity and that was
> > the time for Q&A. Here I asked about extensibility, pointing out that
> > in security you architect for the whole solution, then cut back as
> > needed (and not the other way around) and that we will need
> > identifiers for health care with much higher levels of assurance.
> > Chris Louden of Protiviti said that they understand the issue and
> > they've got that covered.  At this point, various of the audience
> > picked up the issue of extensibility strongly.
> >
> > Someone from MITRE spoke about the progress with level of assurance 3
> > and 4 and how this was a step backwards.
> >
> > Don Schmidt of Microsoft said, "billions of burgers sold has nothing
> > to do with reality."
> >
> > Jeff Stollman said that usability needs say that other levels
> > influence level 1.0.  "You can't talk about level 1.0 separately from
> > higher levels when you talk about usability"; you are making a huge
> > mistake by using OpenID for level 1.0 when you can't do OpenID for
> > higher levels. The audience resonated with this.
> >
> > Tony Nadlin (sp?) said "Why are you going the industry route?
> > Liability issues have not been addressed?  What is your emergency
> > response initiative?  What is your liability initiative?"
> >
> > Judy Spencer:  "For level 1, OpenID is absolutely appropriate.  We
> > want to enable technologies for people to use and OpenID is perfectly
> > acceptable at level 1.0."
> >
> > Don Schmidt: Using OpenID is a really bad idea (this is a
> > paraphrase).  You're teaching people the wrong message about security.
> > "If this is successful and if there's a disconnect between this and
> > higher levels [because OpenID is not extensible for higher levels], in
> > the end we haven't done a good thing."  I was surprised to see
> > Microsoft speaking that way, but Schmidt was quite emphatic.
> >
> > I would say that by the end of the meeting, there was a great deal of
> > dubiousness in the room concerning using OpenID even at level of
> > assurance 1.  The agencies will have to implement, of course.  But the
> > people there were clearly aware --- if they hadn't been earlier ---
> > of the problems with OpenID.
> >
> > ***********************************************************
> > Susan Landau                     phone: 413-259-2018
> > Distinguished Engineer           fax: 413-253-2156
> >
> >        Sun Microsystems Laboratories
> >        MS UBUR02-311
> >        35 Network Drive
> >        Burlington MA 01803-0902
> >        http://research.sun.com/people/slandau
> >
> >        susan.landau at sun.com
> > ************************************************************
> >
> >
> >
> > _______________________________________________
> > Wg-p3 mailing list
> > Wg-p3 at kantarainitiative.org
> > http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> 
> --
> J. Trent Adams
> =jtrentadams
> 
> Profile: http://www.mediaslate.org/jtrentadams/
> LinkedIN: http://www.linkedin.com/in/jtrentadams
> Twitter: http://twitter.com/jtrentadams
> 
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Tue, 11 Aug 2009 11:24:56 -0400
> From: j stollman <stollman.j at gmail.com>
> Subject: Re: [Wg-p3] Preparation for USG Privacy Workshop (Aug 10th)
> To: "J. Trent Adams" <jtrentadams at gmail.com>
> Cc: Susan.Landau at sun.com, Kantara P3WG <wg-p3 at kantarainitiative.org>
> Message-ID:
>         <c0f2bd590908110824g55de9626t6fe27313c07a1200 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> All,
> 
> There was a critical item that drove the meeting that was never spoken.
> Vivek Kundra, the new Federal CIO is adamant about the use of OpenID.  He
> brought it into consideration and he has forced it down the throats of
> the
> ICAM group.  As peons, they are marching to his drum.
> 
> On the spoken side, Susan's line of questions established the tone for
> the
> controversy.
> 
> Following the conference I sent a note to Mary Ruddy, a private sector
> identity advocate who is helping lead ICAM's integration with industry. 
> In
> my note, I summarized my concerns about the meeting.  My comments to her
> follow:
> 
>    1. I view the privacy issues of government access by the citizenry as
>    a
>    systems problem.  While I understand and agree with the need to "start
>    somewhere" and to start with the easy victories first, I don't think
>    that
>    pilots should begin until all of the system-wide issues have been
>    fully
>    considered.  I believe that the issues of usability have not been
> thoroughly
>    considered.
>    2. One of the biggest concerns I have with usability is the need for
>    the
>    government to act *in loco parentis* to help ensure that users of the
>    system don't expose themselves to privacy issues through their own
> actions.
>    While a site like Facebook may take a Buyer Beware attitude, the
> government
>    needs to go a step further to prevent harm to its subjects as a result
>    of
>    users' ignorance of the privacy and security exposure that they will
> face.
>    3. The Government has many well thought-out regulations regarding
>    security and privacy, but these apply to the government; they do not
> provide
>    guidance to the external users of Government systems.  Looking at
> security
>    and privacy from the user perspective, the Government will not only
>    need
> to
>    be able to provide instructions to users on how to use Government
>    sites
>    (many of which may be obvious), but it will also need to provide
>    policy
>    guidance to users.  For example, it would be my recommendation that
>    users
> be
>    told to create an anonymous ID for accessing government web sites at
> Level 1
>    and not use this ID for other purposes.  As per the profile,
>    correlation
> of
>    government sites will then be limited to information held only by the
>    Identity Provider and because the ID will not be used with other
>    non-Government sites, there will be no opportunity to correlate usage
> with
>    them.
>    4. After consideration of usability, it may turn out to be a small
>    issue.  It may be determined that we can live with the problem of
>    having
> to
>    retrain users.
>    5. This consideration should consists of at least two concerns:  (1)
>    user
>    training and retraining and (2) scope creep.
>    6. The user training and retraining concern is whether it will be
>    difficult for non-computer-savvy users to understand and implement the
>    end-user policy guidance for Level 1 and then learn and apply new
> guidance
>    for other levels.  This could be tested using life people.  Such
>    testing
> may
>    already have been done by some of the large commercial sites (Google,
>    Facebook, Yahoo, AOL, AARP, etc.) and may be available, without having
>    to
>    run new studies.
>    7. The scope creep concern is that agencies will begin adding
>    capabilities to their LoA 1 sites which start their migration to
>    higher
>    levels of assurance.  I believe it was Naomi Leftkovitz from the
>    Federal
>    Trade Commission who suggested that this is already a wide-spread
> practice
>    in Federal agencies.  This practice can be measured and needs to be
> measured
>    before LoA 1 can be isolated from the systems problem.
>    8. If either of these concerns turn out to be valid, then I would
>    recommend adding another vetting constraint to your technology screen
>    mechanism:  technologies must be readily extensible to higher levels
>    of
>    assurance.  Should this be the case, OpenID would not make the cut.
>    9. Another problem I had with the session in general yesterday is that
>    I
>    had the sense that the Level 1 acceptance of OpenID, SAML, and
> Information
>    Cards was a *fait accompli*.  In the session, itself, there did not
>    seem
>    to be any resistance to OpenID and SAML.  But there was a lot of
>    concern
>    about OpenID.
>    10. I also recognize that OpenID is being pushed from the very top. 
>    But
>    the reason it is being pushed is based on a fallacious argument:  that
> the
>    Government should use OpenID because it is already ubiquitous. But
>    OpenID
>    2.0 is not ubiquitous.  In fact, the director of the OpenID Foundation
>    admits to not having a clue how many OpenID 2.0 users there are.  What
>    is
>    ubiquitous is OpenID 1.0 which everyone agrees does not meet the
>    Government's standards.  I have no axes to grind against OpenID or Don
>    Thibeau (whose integrity and honesty I highly respect).  But in my
>    gut, I
> do
>    not believe that OpenID warrants consideration until the issues noted
>    in
> 6
>    and 7 above have been fully considered.
> 
> Jeff
> 
> 
> 
> On Tue, Aug 11, 2009 at 9:43 AM, J. Trent Adams
> <jtrentadams at gmail.com>wrote:
> 
> > Susan -
> >
> > Excellent summary.  And great questions yesterday.
> >
> > All -
> >
> > To provide additional flavor to Susan's comments about usability, it was
> > brought up many times throughout the day.  I would classify some of the
> > issues as what could be called a contract with the users (i.e. setting
> > their expectations and how to meet them).  While Judy and Chris tried to
> > reinforce the focus on LOA 1, many saw a disconnect between the
> > usability requirements of this pilot and what might come next with a
> > higher ROI.
> >
> > Of note on this point, Judy made an interesting comment toward the end
> > that I'm not sure is accurate (AFAIK).  She said that Don Thibeau had
> > mentioned to her that while OpenID can't move beyond LOA 1 today, there
> > are people in the OpenID community working on ways to address this soon.
> >
> > Also, Don was asked how much usability testing has taken place on
> > OpenID.  While he did say that he assumes Google and Yahoo have done
> > extensive testing on their own, he decided not to mention the report
> > that came out earlier this year illustrating how OpenID integration
> > decreases conversion rates.  His response was primarily that the pilot
> > should be rolled out and be adjusted according to reactions.
> >
> > Significant questions were also raised about privacy relating to
> > unintended self-exposure and masquerading.  Both issues were noted by
> > Chris Louden as he said they were issues that hadn't been previously
> > explored.
> >
> > In the end, none of the topics raised appeared to indicate the GSA/ICAM
> > would slow down the pilot program to address them.
> >
> > It was also very interesting that in response to questions, Brett
> > mentioned that Kantara has three groups working on or planning to work
> > on the following issues that were brought up:
> >
> >  1. Usability
> >  2. Certification
> >  3. Privacy Assurance
> >  4. Legal & Litigation
> >
> > It was clear to me that Kantara was the only represented group in the
> > room positioned to deal across the board with the issues at the center
> > of the discussion.  It might make sense to reach out to the attendees
> > and invite them to participate in these activities.
> >
> > Finally, it might not be known to the group, but Kantara submitted it's
> > Trust Framework Process proposal to the GSA/ICAM on Friday.  So far,
> > it's the only application they have received.
> >
> > - Trent
> >
> >
> > Susan Landau wrote:
> > > On 08/11/09 07:48, Georgia Marsh wrote:
> > >> How was the meeting?
> > >>
> > > Divisive.  Here's my trip report.  Thanks for the info on US
> > > government SAML uses; that came up indirectly during the meeting but
> > > things were sufficiently heated that I dropped that in favor of asking
> > > some other, somewhat pointed, questions.  But thanks much for your
> > > help.  It was good to have that information in my back pocket if needed.
> > >
> > > Best,
> > >
> > > Susan
> > >
> > > Judy Spencer, who is the co-chair of the Identity Management and
> > > Access Management SC (special committee? signon committee?), ran the
> > > meeting.  She sought to focus only on Level of Assurance 1, a decision
> > > that was objected to by many in the audience.
> > >
> > > Most of the attendees appeared to be members of the federal government
> > > and contractors.  There were very few privacy advocates in the room:
> > > one from EPIC, a junior person from CDT, no one from EFF.  I suspect
> > > this was due to too short notice (and in EFF's case, too expensive a
> > > plane flight from west coast).
> > >
> > > The morning was taken up with presentations by the various folks.
> > > First Chris Louden of Protiviti, a federal contractor working on this
> > > initiative gave an overview, and made the point that for efficiency's
> > > sake, the government wanted to leverage work in the private sector.
> > > There had already been SAML profiles.  But OpenID had lots of traction
> > > and so the government was going to leverage that for Level of
> > > Assurance 1, where the government wanted to be able to identify the
> > > same user each time the same user turned up but without any need to
> > > tie identity to a particular person (so as to enable to return
> > > customized webpages, send updates to the user if an email had been
> > > supplied, etc.). Chris went through the privacy requirements for level
> > > 1, which included unlinkability of the user between different sites
> > > (something satisfied by OpenID 2.0 but not OpenID 1.0).
> > >
> > > This was followed by a panel: Bob Morgan on InCommon, Don Thibeau and
> > > Drummond Reed doing a tag team on OpenID and InfoCard Foundations and
> > > Brett on Kantara.  The meeting was originally supposed to be on
> > > OpenID, InfoCard, and privacy issues but had broadened.   Don and
> > > Drummond spoke about OpenID 2.0 fulfilling the pseudonymity needs
> > > prescribed by the federal profiles and that OpenID had billions of
> > > users. They did not mention that it was OpenID 1.0 that had the large
> > > installed user base.
> > > At this point, I asked some questions.  I asked about the number of
> > > OpenID 2.0 users; this was not answered.  I asked about liability and
> > > didn't get an answer. Nonetheless it was useful to plant these issues
> > > for later discussion.
> > >
> > > The afternoon session was devoted to privacy and identity and that was
> > > the time for Q&A. Here I asked about extensibility, pointing out that
> > > in security you architect for the whole solution, then cut back as
> > > needed (and not the other way around) and that we will need
> > > identifiers for health care with much higher levels of assurance.
> > > Chris Louden of Protiviti said that they understand the issue and
> > > they've got that covered.  At this point, various of the audience
> > > picked up the issue of extensibility strongly.
> > >
> > > Someone from MITRE spoke about the progress with level of assurance 3
> > > and 4 and how this was a step backwards.
> > >
> > > Don Schmidt of Microsoft said, "billions of burgers sold has nothing
> > > to do with reality."
> > >
> > > Jeff Stollman said that usability needs say that other levels
> > > influence level 1.0.  "You can't talk about level 1.0 separately from
> > > higher levels when you talk about usability"; you are making a huge
> > > mistake by using OpenID for level 1.0 when you can't do OpenID for
> > > higher levels. The audience resonated with this.
> > >
> > > Tony Nadlin (sp?) said "Why are you going the industry route?
> > > Liability issues have not been addressed?  What is your emergency
> > > response initiative?  What is your liability initiative?"
> > >
> > > Judy Spencer:  "For level 1, OpenID is absolutely appropriate.  We
> > > want to enable technologies for people to use and OpenID is perfectly
> > > acceptable at level 1.0."
> > >
> > > Don Schmidt: Using OpenID is a really bad idea (this is a
> > > paraphrase).  You're teaching people the wrong message about security.
> > > "If this is successful and if there's a disconnect between this and
> > > higher levels [because OpenID is not extensible for higher levels], in
> > > the end we haven't done a good thing."  I was surprised to see
> > > Microsoft speaking that way, but Schmidt was quite emphatic.
> > >
> > > I would say that by the end of the meeting, there was a great deal of
> > > dubiousness in the room concerning using OpenID even at level of
> > > assurance 1.  The agencies will have to implement, of course.  But the
> > > people there were clearly aware --- if they hadn't been earlier ---
> > > of the problems with OpenID.
> > >
> > > ***********************************************************
> > > Susan Landau                     phone: 413-259-2018
> > > Distinguished Engineer           fax: 413-253-2156
> > >
> > >        Sun Microsystems Laboratories
> > >        MS UBUR02-311
> > >        35 Network Drive
> > >        Burlington MA 01803-0902
> > >        http://research.sun.com/people/slandau
> > >
> > >        susan.landau at sun.com
> > > ************************************************************
> > >
> > >
> > >
> > > _______________________________________________
> > > Wg-p3 mailing list
> > > Wg-p3 at kantarainitiative.org
> > >
> > http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> >
> > --
> > J. Trent Adams
> > =jtrentadams
> >
> > Profile: http://www.mediaslate.org/jtrentadams/
> > LinkedIN: http://www.linkedin.com/in/jtrentadams
> > Twitter: http://twitter.com/jtrentadams
> >
> >
> > _______________________________________________
> > Wg-p3 mailing list
> > Wg-p3 at kantarainitiative.org
> > http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> >
> 
> 
> 
> --
> Jeff Stollman
> stollman.j at gmail.com
> 1 202.683.8699
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachme
> nts/20090811/1fae0bf7/attachment.html>
> 
> ------------------------------
> 
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> 
> 
> End of Wg-p3 Digest, Vol 2, Issue 13
> ************************************
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> 
> 
> End of Wg-p3 Digest, Vol 2, Issue 16
> ************************************
> 
> 
Robin Wilton

Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance


www.futureidentity.eu
+44 (0)705 005 2931
====================================================================
Structured consulting on digital identity, privacy and public policy
====================================================================
Future Identity is a limited company number 6777002, registered in England & Wales




More information about the Wg-p3 mailing list