Taxonomy AHG Meeting 11/07/2013

Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |

Attendees

Adam Madlin (Chair)	Ryan Galluzzo	Naomi Lefkovitz
John Stearns	Mike Garcia	Bryan Russel
Robert Faron	Jim Fenton	Eric Krum
Anne Racuya-Robins	Cathy Tilton	Kaliya Hamlin
Seethrama Durbha	Christopher Spottiswoode	Stuart Shapiro
Suzanne Lightman	Bev Corwin	Winthrop Baylies

Notes

Objectives/Intro:

The focus of today’s meeting will be to continue to try and resolve existing concerns around the topic if identity and anonymity
There are several extra privacy committee members on today’s call to try and further the discussion
There have also been some recent contributions around the process of the committee; these will likely be discussed off line and during future conversations of the committee

Anonymity/Identity:

Adam raised this at the last chairs call and he requested additional support from the privacy committee; he believes that there needs to be a cross committee conversation in the short term as well as a full discussion at the Plenary
Anne has raised this topic in the standards committee as well
Adam requested that all comments during today’s call remain focused on the issues at hand and remain brief
Adam asked the group whether anyone objected to proceeding with discussion of Identity and Anonymity

Eric suggested we focus on the definitions and NOT on implementations or the work will bog down
Kaliya disagreed and stated that definitions are intimately interrelated with implementation and the two cannot be separated
There was some discussion, but no objections to proceeding

The current state of “Identity”:

Six terms were submitted to the Privacy committee for review; they felt that the term “authentication” was not inclusive of anonymous and pseudonymous transactions
After two meetings of conversation, the committee believed that the issue was actually with “identity”
The original “consensus” approved definition was: A set of attributes that uniquely distinguishes an entity in context
At last week’s meeting there was suggestion that the term “entity” should be dropped from this definition
The group also spent time on the concept of “anonymous identity” v. “anonymous interactions”

Bryan believes that the use of “in context” covers anonymity and pseudonymity; though there are others that don’t necessarily agree that the meaning of “in context” is clear enough
Mike believes the issue is the inclusion of entity; if you uniquely identify an “entity” then that entity is no longer anonymous or pseudonymous.
Bryan believes that “identity” is the root definition in the glossary and should be defined irrespective of policy and implementation considerations that can be handled elsewhere; anonymity can be accomplished through a credential
Naomi suggested that a credential is a way to assert attributes and that the focus on identity as the root is what is confusing some of the conversation
Jim Fenton reiterated the concept discussed last week that anonymous is a non-persistent pseudonym and that pseudonym is persistent

Kaliya suggested that this is not anonymous, but anonymous with verified attributes

At the moment, the group will not deal with the concept of “Anonymous Identity”
Mike suggested the following: An attribute set that can be uniquely distinguished in context, some identities may be used for pseudonymous or anonymous transactions

Bryan disagrees with this new definition. A set of attributes does not uniquely identify anything unless it is connected to a person or a thing…he thinks anonymity and pseudonymity will be handled through credentials not identity
Stuart thinks the issue may lie with “uniquely”— though he believes that it must be included in the definition of identity, it also seems to prohibit anonymity. He believes that identity can be decoupled from anonymity, as long as there are other terms and operational aspects that support anonymous interactions
Jim points out that we are not giving an identity over during a transaction; only needed information is passed to the RP. The identity itself is not pseudonymous or anonymous, but the way it is used can be. The ability to conduct these transactions will be defined by the relying party.
Eric suggested we keep with the current consensus version
Naomi is concerned that with identity as the “root” definition, over-engineering may impact others definitions that have already been approved; if the problem is not in “identity” then where is it?
Mike pointed out again that you can have an identity in a system that does not necessarily uniquely refer back to a person or a thing
Bryan believes that what is in these systems is an identifier which, eventually, points to an identity which is tied to an entity
There was discussion over whether a persona counts as an “entity”Mike believes that only really people and things are entities; Bryan disagrees

Mike believes if we continue to include entity in the definition of identity it will break all the other terms; if we remove it, we can continue forward
Bryan pointed out that he would be in favor of leaving the current definition (with the term “entity”) in based on input from the privacy committee that anonymity can be handled in other definitions
Jim believes that credential needs to be included in the initial set of definitions
Adam requested that Mike and Bryan work on discussing the issue on the list-serve to continue to drive towards conclusion
Stuart made a final point that the terms either need to be broad enough to by inclusive of many different implementations or the need to be “unpacked” and defined specifically to address individual cases
The meeting was adjourned with the decision to continue deliberation on this issue.

Actions

Action	Owner	Due	Status
Continue "Identity" discussion on the list serve	Mike Garcia/Bryan Russell	14-Nov-13	In Progress

Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |

Taxonomy AHG Meeting 11/07/2013

Attendees

Notes

Actions

Navigation menu

Search