Taxonomy AHG Meeting 10/31/2013

From IDESG Wiki
Jump to navigation Jump to search


Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |




Attendees

Adam Madlin (Chair) Ryan Galluzzo
John Stearns Mike Garcia
Robert Faron Jim Fenton
Anne Racuya-Robins Cathy Tilton
Seethrama Durbha Christopher Spottiswoode
Suzanne Lightman Bev Corwin

Notes

Objectives

-Bring closure to any open items on glossary release one; specifically the issue of around identity/authentication and how best to incorporate the idea of pseudonymous and anonymous transactions.

Anonymity

  • Listserv has been very active over the past few days discussing the open issues around authentication, identity, and anonymity.
  • Anne Racuya-Robbins started a thread intended to define “anonymity/anonymous”; she sees this as a significant gap in both terminology and standards
  • She does not believe that we should include anonymity in the current set of terms up for review, but notify the other committees that we will keep working on it. She feels the release of the current glossary would need a disclaimer stating this. She also wishes to reach out to the other committees, SDOs, and other organizations to seek assistance and input.
  • Adam stressed that if we are going to define anonymity separately, we need to ensure that our current definitions of “identity” and “authentication” are inclusive enough to ensure that our later definition of anonymity does not conflict.
  • Seethrama suggested that anonymity is the absence of any identity, and if this is the definition we should simply include it in the current release of the glossary
  • Jim Fenton suggested that anonymity may take the form of asserting a trusted ID without a persistent identifier associated with the attribute or the transaction;
  • Seethrama feels as if this is the absence of identity. Attributes can stand by themselves and don’t necessarily need to be considered “part” of an identity.
  • Anne believes that “anonymity” is the inability to distinguish a user/transaction from any other user/transactions.
  • Jim suggested that if “anonymity” is the lack of identity then he is not sure it needs to be addressed in an ecosystem; can most anonymous use cases be addressed through pseudonymity?
  • Christopher would like to explore the issue of whether or not anonymity is by default or it is a controlled process within the identity ecosystem; he suggested that the system must take a positive view of anonymity and that transactions that are not anonymous must require explicit action by the user involved—essentially anonymity by default.
  • John believes that this must be designed into the system and it requires rules
  • Suzanne does not believe the current definition of “identity” allows for anonymity and will likely need to be changed if we take the approach that Anne suggested.
  • Mike does not want to separate the concept of anonymity from the current set of terms.
  • Jim believes that the AHG should seek further guidance from the NPO and others on what exactly is meant in the strategy by anonymous; he would also like to get further guidance from the Privacy Committee.
  • Mike believes that the difference between the two is the lack of linkability between sessions; essentially a non-persistent pseudonym
  • Jim suggested we take Mike’s distinction back to the Privacy Committee to get their opinion on it
  • Anne does not agree with this definition and believes it misses essential aspects of the human experience; she is not ready to define the term
  • Suzanne suggested that these terms may grow and change as the IDESG becomes more sophisticated; we need a starting point, but we don’t need to get locked into that starting point
  • -Seethrama suggested that we remove the word “anonymous” from the definition of identity; then take a definition of anonymity to the Privacy Committee for input

Identity

  • Does the current definition of Identity need to be updated to support the above course of action?
  • John Stearns believes that the current definition supports the approach outlined by Seethrama (above)
  • Mike disagrees, he believes that the “uniquely distinguishing an entity” does not support having pseudonymity—if you force and identity to link to an actual entity then there cannot be pseudonymity or anonymity
  • John pointed out that “entity” does not need to be a person; he used the example of PIV/PIV-I and the ability of devices to authenticate to each other
  • Jim also feels that “entity” should be included in the definition of identity; he is also unsure that we need the phrase “in a context”—he suggests that we change the proposed definition to, “an attribute set that is associated with a unique identifier or entity.”
  • Adam will review the notes from this meeting, provide a baseline of where we stand on these issues, and develop a set of actions for moving forward; he will also set a joint session with the Privacy Committee to try and discuss these issues.

Other Items

  • Bev and Anne would like to explore what we mean by taxonomy, vocabulary, ontology, thesauri, and metadata—why is the AHG undertaking this effort at all?
  • This will be discussed at a later date
  • Adam suggested the possibility of extending the meeting times and would like the members to comment on this proposal.


Actions

Action Owner Due Status
Rview notes and provide AHG with proposed next steps Adam Madlin 11/07/2013 In Progress




Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |