Public Policy Issues in Identity
Session Topic: Public Policy around Identity (W2F)
Convener: Alan Friedman
Notes-taker(s): Kimberly White
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
What are the issues to be faced with NSTIC?
Govt. takeover/Corporate capture -Tension – protect consumer and citizen rights versus business model interests of very large international companies.
Govt. interest:consumer/citizen rights
Navigational globalized e-commerce
Privacy Principles – FIPS – decon value
Scale – proof of concept challenges
Model: -Contract
De facto
De jure – federal solution
All markets model –mechanism – liability – trust – some rules, sometimes written down for laws
Duties – contract or public law – market has combination of govt. law and contract
Market can drive single solution, not the best solution.
NSTIC = catalyst – best word –
Competition mentioned throughout NSTIC
Cases: Canadian health cards – massive fraud issue western most province of the country – authentication process within healthcare delivery system.
VA
PKI – failure case
SSO
Parallel efforts
Metrics
Four quadrant Snowden – Complex – Complicated, Chaos, Simple – (Complex to Complicated)
Eleanor Ostrum – Complicated solutions for complicated problems
Multiple solutions, multiple vectors – everything can function with problems.
Precedence – 1)metaphor/usability, 2)legal, established case law 3) major path dependence – once you get the ball rolling…
Second question – let’s go 4 years down the road
What does that look like? Stable equilibrium -
Liability
Market incentives for evaluations
Complexity is the enemy/entropy
Future State – Secure, Scoped past techies,
Data – ownership/property – off the session
Next steps – take the use case – and explore what world states….