Taxonomy AHG Meeting 11/07/2013: Difference between revisions
Jump to navigation
Jump to search
m (8 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:04, 28 June 2018
Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |
Attendees
Adam Madlin (Chair) | Ryan Galluzzo | Naomi Lefkovitz |
John Stearns | Mike Garcia | Bryan Russel |
Robert Faron | Jim Fenton | Eric Krum |
Anne Racuya-Robins | Cathy Tilton | Kaliya Hamlin |
Seethrama Durbha | Christopher Spottiswoode | Stuart Shapiro |
Suzanne Lightman | Bev Corwin | Winthrop Baylies |
Notes
Objectives/Intro:
- The focus of today’s meeting will be to continue to try and resolve existing concerns around the topic if identity and anonymity
- There are several extra privacy committee members on today’s call to try and further the discussion
- There have also been some recent contributions around the process of the committee; these will likely be discussed off line and during future conversations of the committee
Anonymity/Identity:
- Adam raised this at the last chairs call and he requested additional support from the privacy committee; he believes that there needs to be a cross committee conversation in the short term as well as a full discussion at the Plenary
- Anne has raised this topic in the standards committee as well
- Adam requested that all comments during today’s call remain focused on the issues at hand and remain brief
- Adam asked the group whether anyone objected to proceeding with discussion of Identity and Anonymity
- Eric suggested we focus on the definitions and NOT on implementations or the work will bog down
- Kaliya disagreed and stated that definitions are intimately interrelated with implementation and the two cannot be separated
- There was some discussion, but no objections to proceeding
- The current state of “Identity”:
- Six terms were submitted to the Privacy committee for review; they felt that the term “authentication” was not inclusive of anonymous and pseudonymous transactions
- After two meetings of conversation, the committee believed that the issue was actually with “identity”
- The original “consensus” approved definition was: A set of attributes that uniquely distinguishes an entity in context
- At last week’s meeting there was suggestion that the term “entity” should be dropped from this definition
- The group also spent time on the concept of “anonymous identity” v. “anonymous interactions”
- Bryan believes that the use of “in context” covers anonymity and pseudonymity; though there are others that don’t necessarily agree that the meaning of “in context” is clear enough
- Mike believes the issue is the inclusion of entity; if you uniquely identify an “entity” then that entity is no longer anonymous or pseudonymous.
- Bryan believes that “identity” is the root definition in the glossary and should be defined irrespective of policy and implementation considerations that can be handled elsewhere; anonymity can be accomplished through a credential
- Naomi suggested that a credential is a way to assert attributes and that the focus on identity as the root is what is confusing some of the conversation
- Jim Fenton reiterated the concept discussed last week that anonymous is a non-persistent pseudonym and that pseudonym is persistent
- Kaliya suggested that this is not anonymous, but anonymous with verified attributes
- At the moment, the group will not deal with the concept of “Anonymous Identity”
- Mike suggested the following: An attribute set that can be uniquely distinguished in context, some identities may be used for pseudonymous or anonymous transactions
- Bryan disagrees with this new definition. A set of attributes does not uniquely identify anything unless it is connected to a person or a thing…he thinks anonymity and pseudonymity will be handled through credentials not identity
- Stuart thinks the issue may lie with “uniquely”— though he believes that it must be included in the definition of identity, it also seems to prohibit anonymity. He believes that identity can be decoupled from anonymity, as long as there are other terms and operational aspects that support anonymous interactions
- Jim points out that we are not giving an identity over during a transaction; only needed information is passed to the RP. The identity itself is not pseudonymous or anonymous, but the way it is used can be. The ability to conduct these transactions will be defined by the relying party.
- Eric suggested we keep with the current consensus version
- Naomi is concerned that with identity as the “root” definition, over-engineering may impact others definitions that have already been approved; if the problem is not in “identity” then where is it?
- Mike pointed out again that you can have an identity in a system that does not necessarily uniquely refer back to a person or a thing
- Bryan believes that what is in these systems is an identifier which, eventually, points to an identity which is tied to an entity
- There was discussion over whether a persona counts as an “entity”Mike believes that only really people and things are entities; Bryan disagrees
- Mike believes if we continue to include entity in the definition of identity it will break all the other terms; if we remove it, we can continue forward
- Bryan pointed out that he would be in favor of leaving the current definition (with the term “entity”) in based on input from the privacy committee that anonymity can be handled in other definitions
- Jim believes that credential needs to be included in the initial set of definitions
- Adam requested that Mike and Bryan work on discussing the issue on the list-serve to continue to drive towards conclusion
- Stuart made a final point that the terms either need to be broad enough to by inclusive of many different implementations or the need to be “unpacked” and defined specifically to address individual cases
- The meeting was adjourned with the decision to continue deliberation on this issue.
Actions
Action | Owner | Due | Status |
---|---|---|---|
Continue "Identity" discussion on the list serve | Mike Garcia/Bryan Russell | 14-Nov-13 | In Progress |
Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |