Public Policy Issues in Identity

Session Topic: Public Policy around Identity (W2F)

Convener: Alan Friedman

Notes-taker(s): Kimberly White

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

What are the issues to be faced with NSTIC?

Govt. takeover/Corporate capture -Tension – protect consumer and citizen rights versus business model interests of very large international companies.

Govt. interest:consumer/citizen rights

Navigational globalized e-commerce

Privacy Principles – FIPS – decon value

Scale – proof of concept challenges

Model: -Contract

De facto

De jure – federal solution

All markets model –mechanism – liability – trust – some rules, sometimes written down for laws

Duties – contract or public law – market has combination of govt. law and contract

Market can drive single solution, not the best solution.

NSTIC = catalyst – best word –

Competition mentioned throughout NSTIC

Cases: Canadian health cards – massive fraud issue western most province of the country – authentication process within healthcare delivery system.

VA

PKI – failure case

SSO

Parallel efforts

Metrics

Four quadrant Snowden – Complex – Complicated, Chaos, Simple – (Complex to Complicated)

Eleanor Ostrum – Complicated solutions for complicated problems

Multiple solutions, multiple vectors – everything can function with problems.

Precedence – 1)metaphor/usability, 2)legal, established case law 3) major path dependence – once you get the ball rolling…

Second question – let’s go 4 years down the road

What does that look like? Stable equilibrium -

Liability

Market incentives for evaluations

Complexity is the enemy/entropy

Future State – Secure, Scoped past techies,

Data – ownership/property – off the session

Next steps – take the use case – and explore what world states….