Code of Conduct

From IDESG Wiki
Jump to navigation Jump to search

Full Title or Meme

For the purposes of Identity Management, Code of Conduct applies to the actors in the identification of users and the protection of user data supplied during the process of Authentication or Authorization.

Actors

A typical list of actors in Identity Management which exhibits some overlap:

  1. User Agent
  2. Resource Server
  3. Identifier or Attribute Provider
  4. Authorization Server
  5. Credential Service Provider

Conext

Exisnging examples

Problems

The scope of a Code of Conduct is not always clear. In particular it can address either the intent of the actor, the actions of the actor, or the result of the action.

  • For example the Code of Hammurabi was thoroughly results oriented. The penalties are notoriously strict, often slavery or death.

    Law #53: "If any one be too apathetic to keep his dam in primly condition, and does not so keep it; if then the dam break and all the fields be flooded, then shall he in whose dam the break occurred be sold for money, and the money shall replace the crops which he has caused to be ruined."

  • Professions like Engineering focus on the actions of the engineers in creating the design. These codes are typically mandatory and violations can result in significant liability actions. a COMPARISON OF ENGINEERING SOCIETY CODES OF CONDUCT was created by the ASCE,

    It is perhaps not surprising that the two areas of greatest consistency among AAES member codes have to do with competence and objectivity, two areas that, it can be argued, have a pronounced effect on the reputation and integrity of the profession. Each of the society codes requires members to perform services only in their areas of competence, and each requires members to be truthful, objective, and honest in all public reports or statements. Several codes, ASCE's among them, provide express guidelines for engineers serving as expert witnesses. The American Society of Mechanical Engineers, for example, requires that "engineers...serving as expert or technical witnesses...shall express an engineering opinion only when it is founded on their adequate knowledge of the facts in issue, their background of technical competence in the subject matter, and their belief in the accuracy and propriety of their testimony."

  • Other groups have created codes that address the intent of the person in creating their work product. These often proclaim to be professional, but lack any enforcement whatsoever. For example this extract from the ACM Code of Ethics and Professional Conduct.

    Computing professionals are in a position of trust, and therefore have a special responsibility to provide objective, credible evaluations and testimony to employers, employees, clients, users, and the public. Computing professionals should strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting system descriptions and alternatives. Extraordinary care should be taken to identify and mitigate potential risks in machine learning systems. A system for which future risks cannot be reliably predicted requires frequent reassessment of risk as the system evolves in use, or it should not be deployed. Any issues that might result in major risk must be reported to appropriate parties.

It is instructive to review the effects of Hyatt Regency walkway collapse where 114 people died. Nothing like this has ever been levied against the creators of defective computer or communications products.

The Missouri Board of Architects, Professional Engineers, and Land Surveyors found the engineers at Jack D. Gillum and Associates who had approved the final drawings to be culpable of gross negligence, misconduct, and unprofessional conduct in the practice of engineering. They were acquitted of all the crimes with which they were initially charged, but the company lost its engineering licenses in the states of Missouri, Kansas, and Texas, as well as its membership with the American Society of Civil Engineers (ASCE).

Solutions

This is a list of some of the codes listed by their intended audience.

Healthcare

Aerospace and Defense

References