At the risk of being a kill joy, I think that Terry's list below, while worthy, won't get accepted by RSA's pretty ruthless submission acceptance process.

I expect they will say that all 4 are pretty well known..

1 and 2 have been the subject of VRM, PDEC and now Custome rCommons for some time

3 is less well known to the public, but to the RSA audience, I would have thought 'well known'.. if the panel had real answers to how to restrict or manage that, such as the European based PICOS and ABC4Trust groups have (google those with Kai Rannenburg) then we might have a chance with RSA.

4) is topical, but may not be in 6 months, and RSA may be sensitive around the topic for its own 'relationship managment' reasons .. :-). that said..yea, there is a wider Governance story to tell there..and a story about which is better? broad surveillance with very good governance? or peicemeal organically built up surveillance based on a concern from one party of another, that communicated to parties x, y, and z to enact the surveillance witha ll the risks of co-ordination, governance etc etc that that implies?...

But it's well off Kantara's patch... are you sure we are not better to start back with the IdoT problem space and build out to a place where we have both the expertise and it is relatively new territory?

No July 4th for me, you can tell, eh? :-)

Cheers
Colin

From: sal@idmachines.com
To: tgold@idanalyst.com; stollman.j@gmail.com; Ingo.Friese@telekom.de
Date: Tue, 2 Jul 2013 09:52:01 -0400
CC: joni@ieee-isto.org; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!

Terry, Jeff, Ingo,

Very good set of points Terry. Leakage in particular. UMA might help in that regard.

Identities of things is an interesting topic not the least in the sense that you have device, owners and users all of which bring their identities into things.

I would be interested in the panel as well. I have some experience around SCADA and transport to help bring those perspectives.

Look forward to the DG.

Sal

From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Terry Gold
Sent: Tuesday, July 02, 2013 9:13 AM
To: 'j stollman'; Ingo.Friese@telekom.de
Cc: 'Joni Brennan'; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!

Hi Jeff-

I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is:

a) The convenience and pervasiveness of connected services

b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc)

c) Identity ownership and control s: evolution, impact, possibilities

d) Challenges and impact on business models, and individuals as this battle looms.

From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:

1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it.

2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services).

3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem.

4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out.

I am interested in collaborating and/or participating in the panel as well, up to you.

Regards,

Terry

-------------------------------

Terry Gold

iDanalyst LLC, Founder

Identity, Security & Privacy

t: 213-341-0433

m: 949-310-5911

tgold@IDanalyst.com

www.IDanalyst.com

Twitter: @IDanalyst

From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of j stollman
Sent: Tuesday, July 02, 2013 5:50 AM
To: Ingo.Friese@telekom.de
Cc: Joni Brennan; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!

Ingo,

My personal bias would be to have a panel discussion on the implications of IoT on privacy. (We can submit more than one proposal and hold more than one panel.)

And I think some of the questions that we have already begun discussing (e.g., who controls the data for a ca?, will "things" have their own personal cloud or be part of a person's cloud?) that could provide fodder for a captivating discussion. . (We can submit more than one proposal and hold more than one panel.)

I have already begun drafting a proposal for a panel for which I am interested in other panelists. I have attached a draft. If you are interested in participating, let me know.

Thanks.

Jeff

On Tue, Jul 2, 2013 at 7:03 AM, <Ingo.Friese@telekom.de> wrote:

Hi all,

We’d like to propose a KI panel discussion at RSA 2014 around IDoT. This would be a great opportunity for our group to promote/discuss/get feedback for our work.

Joni was as friendly as to bring up this chance. She will help us to finish a one-pager for a proposed session.

I will start with a rough version putting in

e.g.

(Identity of Things – Access Management as usual or do we need something different

We have learned a lot about identity management for subjects in the past. We have well known approaches like RBAC or ABAC developed web protocols and mechanisms like OpenID, OAuth, UMA. But is this sufficient for the internet of things? What’s missing? What is so challenging about? Etc.) (just a very first draft and still rather an example)…thinking about other authentication methods than username/password, more than one owner/user of a thing, new mapping approaches etc.

As we are a group from different industries I’d like to ask you for other topics around Big Data, Privacy, Security etc….in conjunction with IDoT. Ideas are highly welcome!

I will aggregate/integrate them to a nice paper

IT would be great if you come up with few bullet points to support us. And If I get it right we also looking for panelists (correct me if I’m wrong Joni)

Thank you in advance!

Ingo

From: jonibrennan@gmail.com [mailto:jonibrennan@gmail.com] On Behalf Of Joni Brennan
Sent: Montag, 1. Juli 2013 20:42
To: Friese, Ingo
Subject: Re: U.S. Call for Speakers Now Open! Submit Today!

Could you start a rough draft for proposed session? IdOT can help but you'll need some staff and quick volunteers b/c the opp closes July 25. That comes fast!

If you can give a one page heather and I can help. I suggest proposing a panel as the mode for session. We can help you fill the panel when time comes.

Do you think its possible as a start?

I hope you get the opp AND selected!!

On Monday, July 1, 2013, wrote:

Joni,

I’d love to. Great opportunity to introduce / discuss / get feedback for IDoT!

Ingo

From: lc-bounces@kantarainitiative.org [mailto:lc-bounces@kantarainitiative.org] On Behalf Of Joni Brennan
Sent: Donnerstag, 27. Juni 2013 18:55
To: Nat Sakimura
Cc: Kantara Leadership Council Kantara; trustees@kantarainitiative.org; irb@kantarainitiative.org; arb
Subject: Re: [KI-LC] [BoT] Fwd: U.S. Call for Speakers Now Open! Submit Today!

In the same track of thought Nat, and in addition to Colin's well placed usual suspect assurance discussion, I think the Kantara IDoT might make some early proposal around Privacy, Big-Data and Identity of Things. Ingo would you be interested?

Joni Brennan
Kantara Initiative | Executive Director
voice:+1 732-226-4223
email: joni @ kantarainitiative.org

Building Trusted Identity Ecosystems - It takes a village!
Slides: http://bit.ly/ki-june-2013

On Thu, Jun 27, 2013 at 9:21 AM, Nat Sakimura <sakimura@gmail.com> wrote:

I am wondering if RSA is security only event.

When you talk about Big Data etc., you cannot dodge the privacy questions.

That might be another interesting topic.

2013/6/27 Colin Wallis <colin_wallis@hotmail.com>

I'm thinking there might be a play at the higher LOA approval level here.. a kind of Kantara Assurance. BBFA, MACCSA joint play.
The slight problem is that *that* thinking might be slightly premature (thinking of the July MACCSA meeting) ..
But I'm thinking that the RSA audience would find it interesting and offers presenting organizations a way to showcase an opportunity for the audience organizations to play in what is probably a new space for most of them... (says he choosing his words carefully..:-))
Cheers
Colin

From: joni@ieee-isto.org
Date: Wed, 26 Jun 2013 11:34:19 -0700
To: trustees@kantarainitiative.org; LC@kantarainitiative.org; arb@kantarainitiative.org; irb@kantarainitiative.org
Subject: [KI-LC] Fwd: U.S. Call for Speakers Now Open! Submit Today!

Dear All,
Which Kantara stakeholders seek to work toward Kantara proposals for RSA SFO 2014? Which WGs / DGs will seek to submit their own proposals?

The call opens now and closes July 25.

Best Regards,
Joni

RSA® Conference

Stay Connected

LinkedIn
Twitter
YouTube
Facebook
Asia Pacific
Europe

--
Joni Brennan
Kantara Initiative | Executive Director
voice:+1 732-226-4223
email: joni @ kantarainitiative.org

Building Trusted Identity Ecosystems - It takes a village!
Slides: http://bit.ly/ki-june-2013

_______________________________________________
DG-IDoT mailing list
DG-IDoT@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idot

--
Jeff Stollman
stollman.j@gmail.com
1 202.683.8699

Truth never triumphs — its opponents just die out.

Science advances one funeral at a time.

Max Planck

_______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot