Thursday and Friday of this week was the first Internet & Identity Workshop held on the east coast. This event was timely in that it as a time when citizen identity has some major interest in the White House and on Capitol Hill.
The event itself was not a large event. But the people that were there were engaged, involved and had interesting ideas, proposals and ongoing projects.
During the event the were lots of discussions on frameworks for identity and how to leverage these frameworks. In many cases these frameworks are centered around a community, albeit a potentially large community in some cases. There was considerable discussion on the legal and business aspects of being involved in the framework. Is there risk to a company in being involved and if so can it be mitigated or controlled and is there a reason to be involved? These types of questions are of interest to many companies in the arena and the American Bar Association and others are looking at how to help define the guidelines so there is less trepidation. One interesting discussion from Scott David centered around the leveraging of existing rules & tools and extending some new concepts. Today we have the idea of levels of assurance (LOAs) which help to define what companies duty is in identifying the entities it gives a credential to. The extension of this is to include levels of protection (LOPs) and levels of control (LOCs). LOPs would cover the duties in ensuring that third parties do not gain access to data that they should not have while LOCs cover the duties of organizations to make sure that their people, i.e. first parties, are doing things properly. Interesting enough there are laws and regulations that exist today that cover these things such as HIPAA and Graham-Leach-Bliley.
It is an interesting conversation to be had. There certainly is a evolving legal structure here that better defines things and growth in the overall sector will benefit from it.
- Posted using BlogPress from my iPad
No comments:
Post a Comment