Owen,

I think that you have lost the thrust of this thread.  The discussion is about responding to a regulator's (US FTC) request for comment.  The questions asked in their Request for Comment are not seeking technical solutions as much as they are looking into regulatory issues that will need to be solved -- regardless of the technical solution(s) that get implemented 

Whether Clique Space evolves into one of the technical solutions that people select is not at issue.  As the privacy regulator for the US, what is at issue for the FTC is what issues are ripe for them to address from a regulatory perspective to ensure adequate legal privacy protection is afforded to US citizens, residents, and visitors.  And, obviously, the same issues apply to every other nation, so it becomes important to get the regulatory regime right to minimize the variations in coverage (and even the conflicts in coverage) as other nations seek to provide regulatory protections to address the same issues.

Thank you.

Jeff


On Thu, Jun 13, 2013 at 4:46 AM, Tschofenig, Hannes (NSN - FI/Espoo) <hannes.tschofenig@nsn.com> wrote:

Hi Owen,

 

I am not saying that every electronic component will suddenly interconnected with the Internet by itself but if you just look at regular hardware that you can buy today (like an Arduino) then you will see that there are limitations and those force developers to select a subset of the features they normally have. So, you have to decide what you implement and there are consequences of doing so. For example, you may not have a certificate revocation built into these devices.

 

An example quote from an IETF mailing list discussion:

http://www.ietf.org/mail-archive/web/dtls-iot/current/msg00015.html

 

Zigbee IP does not mandate use of CRLs or OCSP for device certificates

(in IEEE 802.1AR-speak ... the UDevID). Supporting these mechanisms for

device certificates on constrained devices and networks, at mass scale,

is highly problematic.

 

Needless to say that there are security implications…

 

This is what the FTC is likely interested in.

 

Ciao
Hannes

 

 

From: ext Owen Thomas [mailto:owen.paul.thomas@gmail.com]
Sent: Thursday, June 13, 2013 9:51 AM
To: Tschofenig, Hannes (NSN - FI/Espoo)
Cc: Joni Brennan; community


Subject: Re: [Kantara - Community] Kantara Response to FTC IoT Privacy and Security Implications

 

Hi Hannes.

 

On 13 June 2013 01:47, Tschofenig, Hannes (NSN - FI/Espoo) <hannes.tschofenig@nsn.com> wrote:

Hi Owen,

 

While it may seem that the identity management system for things is the same as for people (on an abstract) there are a few additional requirements IoT brings along. The most important aspect is that there are various limitations (in terms of code size, memory, bandwidth, battery life) of these devices. For that reason not all of the work that was suitable for a laptop/tablet/smart phone environment is also immediately applicable to the IoT environment.

 

If you want to read more about it have a look at two workshop reports:

 

Smart Object Workshop Report:

http://tools.ietf.org/html/rfc6574

 

Smart Object Security Workshop Report:

http://tools.ietf.org/html/draft-gilger-smart-object-security-workshop-01

 

(Smart Objects = Internet of Things)

 

Ciao
Hannes

 

Certainly. connecting every diode, every capacitor, every transistor, and any other small electrical component to Clique Space would be an odd thing to consider reasonable. And surely, not every electronic component which may stand alone would be able to be connected. But the requirements for connecting components to a Clique Space are not onerous, and in most cases, I think connecting such components is reasonable.

The only thing a device has to do is to be able to do whatever function it does, AND 1: to be able to tell another device what it is doing. I think this is well within the conceivable realm for most devices. An additional advantageous characteristic a device might possess is 2: the ability to be controlled by another device. If a device has the characteristic 1, then it would be able to be modelled within a Clique Space. If a device has both 1 and 2, it could be modelled and controlled from a Clique Space. I don't think it conceivably useful that a device have 2 without having 1, but I could be wrong.

Amongst the large number of device types that can be connected to a Clique Space are devices which can render to a display screen or otherwise represent the activity of other devices. These devices are used by individuals to control the activity of all the devices they possess to meet their individual aims. I've called these type of devices View/Persistence Mechanism (V/PM) devices because the individual has available to them, the potential to view and persist the device activity stream as the capability of the device permits.

Perhaps a final relevant side-note to make is to underscore what a device is to a Clique Space. A device is anything which encloses a minimal functional state sufficiently capable of being represented as a set of Enabling Constraints in a node Media Profile. Media Profiles are hierarchical, so one device type might build on the functionality of one or more others simply by "inheriting" the node Media Profiles describing the functionality of these other devices. With this very loose, but systematic definition, any object physical or algorithmic, has the potential of becoming known to and aware of one or more Clique Spaces to which it is connected.

 

  Owen.


--
Employment-from-home. Make mine part-time. Yes you can.
Software developers certainly can be salaried and superannuated part-time from home. Make it so for this one.
Clique Space(TM): A seat for the soul.
www.owenpaulthomas.blogspot.com


_______________________________________________
Community mailing list
Community@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/community




--
Jeff Stollman
stollman.j@gmail.com
1 202.683.8699

Truth never triumphs — its opponents just die out.
Science advances one funeral at a time.
                                    Max Planck