Best Practices


WHIT - Casual anon, can it be made more secure w/out jeopardizing what we like about it and what makes it powerful - Secret police anon. Have to look at the costs of trying to be anon and penetrating anon.

BEN Simple correlator – Static IP address – a lot of people are currently screwed profile-wise/anon

DICK TOPIC 1 - When there’s an identity exchange, what are the terms and conditions under which your data is being released to somebody? How do you define those terms and conditions?

How do you reward the companies w/positive policies – must allow people to benefit from investing (can be high profile).

Canada and Eur – need explicit permission to use it, and what the specific use will be

KIM: CC model, with icons representing certain behaviors; making I digestable – how do you express policy?

TOPIC 2 Kim’s laws are great, but what are the concrete metrics? How do you measure the properties?

User can control and consent – what are the implications?

moving laws to design principles and beyond, are these the right ones?

WHIT Note Social imbalance: Asymmetry law/prejudice vs lying, no comparison vs asking illegitimate questions. If the question is illegit, maybe you should be able to lie and not be punished – or at least that’s a design principle.

MIKE N should it be completely completely amoral, not taking into acct anyone’s law/natl approach?

What is going to work in the marketplace?

MIKE MOZ Modeling user intent is better than modeling user behavior Beware danger of focusing on what’s possible for us, vs what we can actually teach people to use effectively.

TOPIC: Useability

WHIT’s statement of purpose: We want to design a system that supports people’s legitimate needs and is not overly supportive of antisocial behavior (criminals/terrorists).

KIM: system must support lies, as current id systems do, eg create a virtual persona

MIKE MS – (he has a para on this) ; worldwide… Anchor the discussion: introduce choice from the beginning, so people expect it; support multiple id providers Bring people representing other perspectives than NorthAmerica/this room

MARY: montreux declaration is a useful guide, goes back to 1980, use to gather momentum -produce a mapping, integrate this into our vocab, note appeal to industry

KIM: in response to commissioners, “your request is granted.”

IRA If the policy/agent (self-asserted identity provider) is in the box, then regardless of what a country’s policy is, the box functions. Eg china has rules, and if the pc is shipped/stolen w/its own identity system, not a lot they can do to remove it. Permits behavior on the margin, not change GOC policy. Question is, to what extent do we want it above the radar?

MIKE MS (he has a para on this) Metasystems adoption strategy

(SEPARATE POINT) DOC this has to be a demo sell, have a hack-a-thon on the technology

MIKE MOZ 1) How does identity… 2) Implementation focus, dry runs, code on the ground

DICK Focus: User adoption vs developer adoption

MIKE N Ideal system is fine, but if unimplementable, it is worth little. Adoption (by internet community) is primary constaint.

JC Include commercial adoption (retailers) as well. Why and how it benefits business by being sufficiently customer focused, balancing their needs for anon.

ROBERT AMAZON STEPHENS Got to put the tech out there and see what people will do with it. BB won’t lead, but It’ll follow quickly and benefit from it. Shared control – rewards for giving (and retailer using) data – option is there, even if they don’t want it

DICK TOPIC: Use cases from people who use a system: here’s what I want to be able to do TOPIC: what can be moved with the system (echoing what paul says); do we define it?

PAUL whose problem is it – are we focused only on identity layer (and not worried about other things) Lower bound – not decreasing cost to little anonymity Upper bound – (not so sure what it means) CRM data, profile, personality

DEBBIE How can we come to terms w/this in an easy, understandable way, so a layperson can get it (including terminology)?

KIM we’re agnostic as to the payload (totally elastic), but the layer above is the click stream (which we can’t reasonably expect to affect).

BEN Can’t ignore anon, or the layer above – even if we choose not to deal with them – what can we do to feasibly mitigate, improve.

KIM Need to acknowledge stuff/spin: Were going to have to explain it all – we deal with this, not that although they’re important…

TOPIC: open contextual reputation…

MIKE MOZ TOPIC: Offline Digid, not browsers in nets, national id cards, stuff printed on paper, transit services, not online right now and want to do something related to my digID

TOPIC: Location, ID issues around mobile devices, esp w/gps mobility stuff – some subset of location

KIM include fixed ID beacons; RFID, Bluetooth; consideration of in/valid uses (eg. Stalking vs tracking an alzheimer patient) – imp b/c could cause a backlash to the DigIDsystem

MIKE MOZ Not sure RFID stuff fits.

MIKE N Privacy is not primary function of ID Metasystem… where does it dovetail into privacy? Let’s be careful