Over the last year or so I have been involved in a number of initiatives that have privacy as a key aspect to it whether it was work on Attribute Exchange, NSTIC or FICAM Federal PKI policies. I am one of the people that has had their eyes opened more and more with respect to the aspects of privacy.
Yes I do understand there is a balance when it comes to privacy. Usability is a factor as well as governance and oversight. In that regard I read an interesting interview with Viviane Reding, Vice-President of the European Commission. It brings up some interesting ideas on privacy, especially in regards to the individual and data protection as well as governance/oversight.
One of the interesting aspects of this is the difference in governmental views on how to deliver on privacy. Recent White House discussions center around self-governance/monitoring while EC initiative are driven centrally through the Government. This tends to reflect the traditional view of European governments and identity while the US has been careful about any form of National Identity. The US political views seem to focus on commercial delivery of identity solutions. Not a bad thing when you are in the identity business but that business comes with risk, especially when federated identity requires interoperability of these identity infrastructures. How does one guarantee compliance without the external oversight? yes there are great organizations that can manage and police, ones like those structured around the Trusted Framework Providers program within the US Government but how does that match to what is happening in Europe and elsewhere? If an IDP has to build separate infrastructures for separate markets then how does that business truly operate globally?
I am not suggesting that the US approach is wrong or right - nor am I suggestion the EC has the perfect answer but there does need to be a way to marry the discussions so the questions of risk mitigation for companies, both IDPs and RPs can be managed. Lets hope that the discussions happening today get us toward that business nirvana.
No comments:
Post a Comment