The next workshop will be held at NIST in the US on March 13th and 14th, and I will be appearing as a panelist.
2012 NSTIC/IDtrust Workshop: “Technologies and Standards Enabling the Identity Ecosystem”
March 13-14, 2012
NIST – Administration Building – Green Auditorium – Gaithersburg, MD
| 8:45 am | Welcome – NSTIC GoalsJeremy Grant, NIST |
| 9:15 am | Level – Setting: “An Introduction to the 3rd Epoch of IDtrust”Ian Glazer, Gartner |
| 9:30 am | Keynote-Mapping the Global IDentity EcosystemSpeakers: Karen O'Donoghue, ISOC and Lucy Lynch, ISOC |
| 10:00 am | Panel: Gaps and Challenges for Advancing the Global Identity Ecosystem
Moderator: Lucy Lynch, ISOC Panelists: · Tom Smedinghoff, Edwards Wildman Palmer LLP · John Bradley, OpenID Foundation · Ken Klingenstein, Internet2 · Leif Johansson, NORDUnet · Nat Sakimura, NRI / OpenID Foundation |
I was the only one added in the Last Minutes[1], so I haven't posted it yet. Web Site It's not reflected in...
But it's always the same members...
Well, what shall I talk about?
Possible candidates are:
- Differences in consent principles between the US and Europe: The EU's Data Protection Regulation requires "Explicit Consent," whereas the US Consumer Privacy Bill of Rights allows for implicit consent if it is clear from the context.
- What is "meaningful consent"?
- Is it "Data Protection" or "Privacy Protection"?
- Level of protection, level of control.
- "Right to be forgotten" and "Right to withdraw consent"
- How realistic is it to be forgotten (data wiped)?
- Provider Linkability and Consumer Linkability [2]
- Cross-border data issues
- Business model for authentication and attribute data provision: Pareto improvement
And so on.
If you have any suggestions, please let me know in the comments section.
[1] I was approached quite early, but due to scheduling and other issues, I was only able to travel to the U.S. yesterday.
[2] It is a violation of privacy if different service providers collude to arbitrarily link users' information and generate arbitrary self-images. On the other hand, it can be said that centralized management of what information users themselves provide and where (= links are inevitably required) is essential for controlling self-images.
> "Right to be forgotten" and "Right to withdraw consent"
> How realistic is it to be forgotten (data erased)?
This is what I'm most interested in.
Hard-coding of terms of use and privacy policy (contract coding)
- Automatic execution of machine-to-machine contracts by user delegation
- Fully codify the right to be forgotten
If this were to happen, then a "reversal of consent" would mean that the command to delete all personal data would be retroactive to the original contract (= agreement to the terms of use = the point at which use began), for example.