enclosed is an attempt to differentiate IoT use cases based on whether the thing 'operates' a) on behalf of the data subject(s) or b) some other entity paul On 3/25/15 7:57 AM, Simon Moffatt wrote:
Agree with the below.
The data owner is always the individual - albeit not necessarily the device owner! For example German law stipulates that the car driver owns the car data, not necessarily the car owner...think about stolen cars or family members sharing the car :-)
However...the individual owner, will always need to have a situation for data sharing, hence the roles of data custodians, where the data physically resides interacting with numerous data consumers. That entire framework, regardless of how simple or complex, requires identity components and authorization and sharing components such as UMA or OIDC.
With regards to the cloud aspect of custodianship, there will generally be a huge scale challenge when it comes to IoT data, hence many platform providers and large scale customers leverage host private cloud infrastructures.
I too have massive reservations regarding things like insurance usage of health and personal data. But a solution needs to address those use cases.
Regards
Simon
On 25/03/15 11:48, benoit.bailleux@orange.com wrote:
Hi all,
Le 25/03/2015 11:45, Ingo.Friese@telekom.de a écrit :
Hi Simon,
Thank you for sharing. The paper provides a very good overview. Here some rather personal comments:
I think the insurance use-case is very dangerous and I hope that laws prevent us from this scenario. This might endup in situations that “ill” persons do not get health insurances or jobs,
Because if these data are available they will be used. (when insurances use this for car insurances they want also use this for health insurance)
Can't agree more. BTW, I have read this on Monday: https://medium.com/message/dada-data-and-the-internet-of-paternalistic-thing... (less than 5mn reading) Probably what we must absolutely avoid.
I think also the scenario that a shoe manufacturer can get data from my shoes should be discussed under different angels.
When I buy a shoe, all data belong to me (at least I see the world that way) The manufacture can ask me for it, has to pay for it in some form. The access control should stay always in my hand.
This should be a principles we should clearly promote.
Even if data are uploaded to the provider's cloud, they must remain the solely property of the user. But they are in the premises of the provider. So a clear solution must be found. (that UC reminds me your example with harvester, Ingo...)
Another thought is data minimization and also data transport minimization. Try to keep many data local or nearby. Not all decisions (e.g. in the heating scenario) have to made in the cloud.
Btw. our sales guys talked to many small companies. They don’t like to put their data in a cloud.
[...]
Regards,
-- Benoît Bailleux Orange Labs, P&S / Architecture — Security — Enablers Open Source referent Phone: +33 2 96 07 20 37
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
-- ForgeRock <http://www.forgerock.com> *Simon Moffatt* Mob: +44 7903 347 240 Skype: simon.moffatt @simonmoffatt
_______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot