Code of Conduct

From IDESG Wiki
Jump to navigation Jump to search

Full Title or Meme

For the purposes of Identity Management, Code of Conduct applies to the actors in the identification of users and the protection of user data supplied during the process of Authentication or Authorization.

Actors

A typical list of actors in Identity Management which exhibits some overlap:

  1. User Agent
  2. Resource Server
  3. Identifier or Attribute Provider
  4. Authorization Server
  5. Credential Service Provider

Conext

Exisnging examples

Problems

The scope of a Code of Conduct is not always clear. In particular it can address either the intent of the actor, the actions of the actor, or the result of the action.

  • For example the Code of Hammurabi was thoroughly results oriented. The penalties are notroisouly strict, often slavery or death.

    Law #53: "If any one be too apathetic to keep his dam in primly condition, and does not so keep it; if then the dam break and all the fields be flooded, then shall he in whose dam the break occurred be sold for money, and the money shall replace the crops which he has caused to be ruined."

  • Professions like Engineering focus on the actions of the engineers in creating the design. These codes are typically mandatory and violations can result in significant liability actions.

    Law #53: "If any one be too a

  • Other groups have created codes that address the intent of the person in creating their work product. These often proclaim to be profession, but lack any enforcement whatsoever. For example this extract from the ACM Code of Ethics and Professional Conduct.

    Computing professionals are in a position of trust, and therefore have a special responsibility to provide objective, credible evaluations and testimony to employers, employees, clients, users, and the public. Computing professionals should strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting system descriptions and alternatives. Extraordinary care should be taken to identify and mitigate potential risks in machine learning systems. A system for which future risks cannot be reliably predicted requires frequent reassessment of risk as the system evolves in use, or it should not be deployed. Any issues that might result in major risk must be reported to appropriate parties.

Solutions

This is a list of some of the codes listed by their intended audience.

Healthcare

Aerospace and Defense

References