Ingo, A few thoughts in the interest of trying to improve your paper. I think your paper doesn't quite pinpoint the the problems you go on to discuss. I think that you address three issues: 1. the need for identity and access management 2. device and data "ownership" 3. the need for a namespace convention. With regard to the identity issue, you might try the following: Historically the functions that are now migrating to the Internet of Things (thermostats, ovens, lighting systems, etc.) were standalone devices that were not accessible over the internet. To operate them required physical presence. And the ability to access them was mediated by physical access to the devices. As device access migrates to the internet, device "owners" gain the ability to control devices from afar. Physical presence is no longer necessary and ceases to be the determinant of device access and control. This is a boon for the device owner. But the new capability of remote access also exposes the device to control by third parties whose motives may not align with the owner. It is beneficial to be able to remotely tell your thermostat to raise the temperature in your home because you are returning from a trip a day ahead of schedule. But it could be problematic to have some devious person remotely turn your thermostat off in the dead of winter. Because of this new vulnerability, it becomes important to build into new "internet-enabled" devices some form of identity and access management to allow the device "owner" to manage who can and can't access the device and what privileges each might have upon accessing it. With regard to the ownership issue, I think it might be more clear to say something along the lines of the following: Ownership of a device on the Internet of Things is not always clear cut. If John purchases a new car, the ownership of the cart seems clear. But if the car includes a device that transmits data on the performance of the engine that is transmitted back to the manufacturer to help the manufacturer improve its products,the who owns the sensor and the ability to control where the data are sent becomes less clear. If the contract John signs when he purchased the car gives the manufacturer (or dealer) control of the sensor and the data it transmits, does this change if the sensor also records John's location, driving speed, and other factors that measure his "performance"? If the manufacturer has the right to these data, do they have a liability if John's enemy hacks into the database to discover John's location and then shoots him? If the contract also stipulates that if John wants to see the data, he must pay a subscription fee, is this reasonable? If John retains any ownership of the data, does this change if he resells the car to someone else? What if his driving record is still retained in the device in the car? If the manufacturer retains control of the data, does this require John to specify this fact when he goes to resell the car? If a weather sensor purchased with taxpayer dollars is installed by a government entity, do you have the right to access its data? What if you live outside the jurisdiction of the government entity? Should you be allowed to be a "free rider" and use the data for your own gain? With regard to the namespace convention, I think you need to first explain why a namespace is needed. Then you can describe the alternatives. With regard to the truck/logistics company example given under the heading "Governance of data and Privacy", I think you need to add that the data would also be valuable to the recipients of packages delivered by the logistics company who need to plan their production around receipt of materials. This opens up the driver's location to a much broader audience that has likely not be vetted by the logistics company, compounding the complexity of the problem. I hope that you find this to be of some value. Jeff On Tue, Feb 25, 2014 at 10:35 AM, <Ingo.Friese@telekom.de> wrote:
Dear All,
Find attached my paper for the IoT WF 2014.
In this paper I describe few challenges and give examples how to solve them.
I hope these examples inspire you to talk also your examples/problems to the group. We have currently a lack of attendance especially in our calls.
It would be great to get feedback regarding the paper in order to write an improved version
Ingo
Challenges from the Identities of Things (paper)<http://kantarainitiative.org/confluence/download/attachments/64389214/PID3057147.pdf?version=1&modificationDate=1393340914114&api=v2>
Challenges from the Identities of Things (slides)<http://kantarainitiative.org/confluence/download/attachments/64389214/20140217_IDoT_WF2014seoul_v1.0.pdf?version=1&modificationDate=1393341197305&api=v2>
_______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
-- Jeff Stollman stollman.j@gmail.com 1 202.683.8699 Truth never triumphs -- its opponents just die out. Science advances one funeral at a time. Max Planck