FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Hi all,
We'd like to propose a KI panel discussion at RSA 2014 around IDoT. This would be a great opportunity for our group to promote/discuss/get feedback for our work.
Joni was as friendly as to bring up this chance. She will help us to finish a one-pager for a proposed session.
I will start with a rough version putting in
e.g.
(Identity of Things - Access Management as usual or do we need something different
We have learned a lot about identity management for subjects in the past. We have well known approaches like RBAC or ABAC developed web protocols and mechanisms like OpenID, OAuth, UMA. But is this sufficient for the internet of things? What's missing? What is so challenging about? Etc.) (just a very first draft and still rather an example)...thinking about other authentication methods than username/password, more than one owner/user of a thing, new mapping approaches etc.
As we are a group from different industries I'd like to ask you for other topics around Big Data, Privacy, Security etc....in conjunction with IDoT. Ideas are highly welcome!
I will aggregate/integrate them to a nice paper
IT would be great if you come up with few bullet points to support us. And If I get it right we also looking for panelists (correct me if I'm wrong Joni)
Thank you in advance!
Ingo
From: jonibrennan@gmail.com [mailto:jonibrennan@gmail.com] On Behalf Of Joni Brennan
Sent: Montag, 1. Juli 2013 20:42
To: Friese, Ingo
Subject: Re: U.S. Call for Speakers Now Open! Submit Today!
Could you start a rough draft for proposed session? IdOT can help but you'll need some staff and quick volunteers b/c the opp closes July 25. That comes fast!
If you can give a one page heather and I can help. I suggest proposing a panel as the mode for session. We can help you fill the panel when time comes.
Do you think its possible as a start?
I hope you get the opp AND selected!!
On Monday, July 1, 2013, wrote:
Joni,
I'd love to. Great opportunity to introduce / discuss / get feedback for IDoT!
Ingo
From: lc-bounces@kantarainitiative.orgjavascript:_e(%7b%7d,%20'cvml',%20'lc-bounces@kantarainitiative.org'); [mailto:lc-bounces@kantarainitiative.orgjavascript:_e(%7b%7d,%20'cvml',%20'lc-bounces@kantarainitiative.org');] On Behalf Of Joni Brennan
Sent: Donnerstag, 27. Juni 2013 18:55
To: Nat Sakimura
Cc: Kantara Leadership Council Kantara; trustees@kantarainitiative.orgjavascript:_e(%7b%7d,%20'cvml',%20'trustees@kantarainitiative.org');; irb@kantarainitiative.orgjavascript:_e(%7b%7d,%20'cvml',%20'irb@kantarainitiative.org');; arb
Subject: Re: [KI-LC] [BoT] Fwd: U.S. Call for Speakers Now Open! Submit Today!
In the same track of thought Nat, and in addition to Colin's well placed usual suspect assurance discussion, I think the Kantara IDoT might make some early proposal around Privacy, Big-Data and Identity of Things. Ingo would you be interested?
Joni Brennan
Kantara Initiative | Executive Director
voice:+1 732-226-4223
email: joni @ kantarainitiative.orghttp://kantarainitiative.org
Building Trusted Identity Ecosystems - It takes a village!
Slides: http://bit.ly/ki-june-2013
On Thu, Jun 27, 2013 at 9:21 AM, Nat Sakimura
Ingo,
My personal bias would be to have a panel discussion on the implications of
IoT on privacy. (We can submit more than one proposal and hold more than
one panel.)
And I think some of the questions that we have already begun discussing
(e.g., who controls the data for a ca?, will "things" have their own
personal cloud or be part of a person's cloud?) that could provide fodder
for a captivating discussion. . (We can submit more than one proposal and
hold more than one panel.)
I have already begun drafting a proposal for a panel for which I am
interested in other panelists. I have attached a draft. If you are
interested in participating, let me know.
Thanks.
Jeff
On Tue, Jul 2, 2013 at 7:03 AM,
Hi all,****
** **
We’d like to propose a KI panel discussion at RSA 2014 around IDoT. This would be a great opportunity for our group to promote/discuss/get feedback for our work.****
Joni was as friendly as to bring up this chance. She will help us to finish a one-pager for a proposed session. ****
I will start with a rough version putting in****
e.g.****
** **
(Identity of Things – Access Management as usual or do we need something different****
We have learned a lot about identity management for subjects in the past. We have well known approaches like RBAC or ABAC developed web protocols and mechanisms like OpenID, OAuth, UMA. But is this sufficient for the internet of things? What’s missing? What is so challenging about? Etc.) (just a very first draft and still rather an example)…thinking about other authentication methods than username/password, more than one owner/user of a thing, new mapping approaches etc.****
** **
As we are a group from different industries I’d like to ask you for other topics around Big Data, Privacy, Security etc….in conjunction with IDoT. Ideas are highly welcome!****
I will aggregate/integrate them to a nice paper****
IT would be great if you come up with few bullet points to support us. And If I get it right we also looking for panelists (correct me if I’m wrong Joni)****
** **
Thank you in advance!****
** **
Ingo****
** **
** **
*From:* jonibrennan@gmail.com [mailto:jonibrennan@gmail.com] *On Behalf Of *Joni Brennan *Sent:* Montag, 1. Juli 2013 20:42 *To:* Friese, Ingo *Subject:* Re: U.S. Call for Speakers Now Open! Submit Today!****
** **
Could you start a rough draft for proposed session? IdOT can help but you'll need some staff and quick volunteers b/c the opp closes July 25. That comes fast! ****
** **
If you can give a one page heather and I can help. I suggest proposing a panel as the mode for session. We can help you fill the panel when time comes. ****
** **
Do you think its possible as a start? ****
** **
I hope you get the opp AND selected!!
On Monday, July 1, 2013, wrote:****
Joni,****
****
I’d love to. Great opportunity to introduce / discuss / get feedback for IDoT!****
****
Ingo****
****
*From:* lc-bounces@kantarainitiative.org [mailto: lc-bounces@kantarainitiative.org] *On Behalf Of *Joni Brennan *Sent:* Donnerstag, 27. Juni 2013 18:55 *To:* Nat Sakimura *Cc:* Kantara Leadership Council Kantara; trustees@kantarainitiative.org; irb@kantarainitiative.org; arb *Subject:* Re: [KI-LC] [BoT] Fwd: U.S. Call for Speakers Now Open! Submit Today!****
****
In the same track of thought Nat, and in addition to Colin's well placed usual suspect assurance discussion, I think the Kantara IDoT might make some early proposal around Privacy, Big-Data and Identity of Things. Ingo would you be interested? ****
****
Joni Brennan Kantara Initiative | Executive Director voice:+1 732-226-4223 email: joni @ kantarainitiative.org
Building Trusted Identity Ecosystems - It takes a village! Slides: http://bit.ly/ki-june-2013****
****
On Thu, Jun 27, 2013 at 9:21 AM, Nat Sakimura
wrote:* *** I am wondering if RSA is security only event. ****
****
When you talk about Big Data etc., you cannot dodge the privacy questions. ****
That might be another interesting topic. ****
****
2013/6/27 Colin Wallis
**** I'm thinking there might be a play at the higher LOA approval level here.. a kind of Kantara Assurance. BBFA, MACCSA joint play. The slight problem is that *that* thinking might be slightly premature (thinking of the July MACCSA meeting) .. But I'm thinking that the RSA audience would find it interesting and offers presenting organizations a way to showcase an opportunity for the audience organizations to play in what is probably a new space for most of them... (says he choosing his words carefully..:-)) Cheers Colin**** ------------------------------
From: joni@ieee-isto.org Date: Wed, 26 Jun 2013 11:34:19 -0700 To: trustees@kantarainitiative.org; LC@kantarainitiative.org; arb@kantarainitiative.org; irb@kantarainitiative.org Subject: [KI-LC] Fwd: U.S. Call for Speakers Now Open! Submit Today!****
****
Dear All, Which Kantara stakeholders seek to work toward Kantara proposals for RSA SFO 2014? Which WGs / DGs will seek to submit their own proposals? ****
The call opens now and closes July 25. ****
Best Regards, Joni****
RSA® Conference http://www.rsaconference.com/?utm_source=exacttarget&utm_medium=CFS&utm_content=logo-header&utm_campaign=CFSEmail1
Stay Connected
LinkedIn http://www.linkedin.com/company/rsa-conference Twitter https://twitter.com/RSAconference YouTube http://www.youtube.com/rsaconference Facebook https://www.facebook.com/rsaconference****
Asia Pacifichttp://www.rsaconference.com/events/ap13?utm_source=exacttarget&utm_medium=CFS&utm_content=apac-banner&utm_campaign=CFSEmail1 Europe http://www.rsaconference.com/events/eu13?utm_source=exacttarget&utm_medium=CFS&utm_content=europe-banner&utm_campaign=CFSEmail1 ****
-- Joni Brennan Kantara Initiative | Executive Director voice:+1 732-226-4223 email: joni @ kantarainitiative.org
Building Trusted Identity Ecosystems - It takes a village! Slides: http://bit.ly/ki-june-2013****
_______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
-- Jeff Stollman stollman.j@gmail.com 1 202.683.8699 Truth never triumphs — its opponents just die out. Science advances one funeral at a time. Max Planck
Hi Jeff- I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is: a) The convenience and pervasiveness of connected services b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc) c) Identity ownership and control s: evolution, impact, possibilities d) Challenges and impact on business models, and individuals as this battle looms.
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting
everything, are bureaucratic, and monetize data in many ways. Facebook's
monetization model isn't new just the way they collect it.
2. Opt-in relationships: Such as Facebook. We may be opted-in when we
sign up (don't agree with that by the way) but we do consciously sign up for
the relationship and is intended to share on some level (unlike my mortgage
account or my vehicle records or services).
3. Leakage: The usage of a service that does not disclose that it is
collecting data, or irresponsibly leaks your data to another service (lots
of mobile apps are quite "chatty" in this way). Basically, any that are
"free" apps, are doing this so (and not disclosing) it's a BIG problem.
4. Government Surveillance: PRISM, etc. For me, the debate on this is
two-fold, not only the legality but the controlled usage of any collected
data. Obvious, but just to point out.
I am interested in collaborating and/or participating in the panel as well,
up to you.
Regards,
Terry
-------------------------------
Terry Gold
iDanalyst LLC, Founder
Identity, Security & Privacy
t: 213-341-0433
m: 949-310-5911
tgold@IDanalyst.com
www.IDanalyst.com http://www.idanalyst.com/
Twitter: @IDanalyst
From: dg-idot-bounces@kantarainitiative.org
[mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of j stollman
Sent: Tuesday, July 02, 2013 5:50 AM
To: Ingo.Friese@telekom.de
Cc: Joni Brennan; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit
Today!
Ingo,
My personal bias would be to have a panel discussion on the implications of
IoT on privacy. (We can submit more than one proposal and hold more than
one panel.)
And I think some of the questions that we have already begun discussing
(e.g., who controls the data for a ca?, will "things" have their own
personal cloud or be part of a person's cloud?) that could provide fodder
for a captivating discussion. . (We can submit more than one proposal and
hold more than one panel.)
I have already begun drafting a proposal for a panel for which I am
interested in other panelists. I have attached a draft. If you are
interested in participating, let me know.
Thanks.
Jeff
On Tue, Jul 2, 2013 at 7:03 AM,
Terry, Jeff, Ingo, Very good set of points Terry. Leakage in particular. UMA might help in that regard. Identities of things is an interesting topic not the least in the sense that you have device, owners and users all of which bring their identities into things. I would be interested in the panel as well. I have some experience around SCADA and transport to help bring those perspectives. Look forward to the DG. Sal From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Terry Gold Sent: Tuesday, July 02, 2013 9:13 AM To: 'j stollman'; Ingo.Friese@telekom.de Cc: 'Joni Brennan'; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today! Hi Jeff- I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is: a) The convenience and pervasiveness of connected services b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc) c) Identity ownership and control s: evolution, impact, possibilities d) Challenges and impact on business models, and individuals as this battle looms.
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting
everything, are bureaucratic, and monetize data in many ways. Facebook's
monetization model isn't new just the way they collect it.
2. Opt-in relationships: Such as Facebook. We may be opted-in when we
sign up (don't agree with that by the way) but we do consciously sign up for
the relationship and is intended to share on some level (unlike my mortgage
account or my vehicle records or services).
3. Leakage: The usage of a service that does not disclose that it is
collecting data, or irresponsibly leaks your data to another service (lots
of mobile apps are quite "chatty" in this way). Basically, any that are
"free" apps, are doing this so (and not disclosing) it's a BIG problem.
4. Government Surveillance: PRISM, etc. For me, the debate on this is
two-fold, not only the legality but the controlled usage of any collected
data. Obvious, but just to point out.
I am interested in collaborating and/or participating in the panel as well,
up to you.
Regards,
Terry
-------------------------------
Terry Gold
iDanalyst LLC, Founder
Identity, Security & Privacy
t: 213-341-0433
m: 949-310-5911
tgold@IDanalyst.com
www.IDanalyst.com http://www.idanalyst.com/
Twitter: @IDanalyst
From: dg-idot-bounces@kantarainitiative.org
[mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of j stollman
Sent: Tuesday, July 02, 2013 5:50 AM
To: Ingo.Friese@telekom.de
Cc: Joni Brennan; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit
Today!
Ingo,
My personal bias would be to have a panel discussion on the implications of
IoT on privacy. (We can submit more than one proposal and hold more than
one panel.)
And I think some of the questions that we have already begun discussing
(e.g., who controls the data for a ca?, will "things" have their own
personal cloud or be part of a person's cloud?) that could provide fodder
for a captivating discussion. . (We can submit more than one proposal and
hold more than one panel.)
I have already begun drafting a proposal for a panel for which I am
interested in other panelists. I have attached a draft. If you are
interested in participating, let me know.
Thanks.
Jeff
On Tue, Jul 2, 2013 at 7:03 AM,
At the risk of being a kill joy, I think that Terry's list below, while worthy, won't get accepted by RSA's pretty ruthless submission acceptance process. I expect they will say that all 4 are pretty well known.. 1 and 2 have been the subject of VRM, PDEC and now Custome rCommons for some time 3 is less well known to the public, but to the RSA audience, I would have thought 'well known'.. if the panel had real answers to how to restrict or manage that, such as the European based PICOS and ABC4Trust groups have (google those with Kai Rannenburg) then we might have a chance with RSA. 4) is topical, but may not be in 6 months, and RSA may be sensitive around the topic for its own 'relationship managment' reasons .. :-). that said..yea, there is a wider Governance story to tell there..and a story about which is better? broad surveillance with very good governance? or peicemeal organically built up surveillance based on a concern from one party of another, that communicated to parties x, y, and z to enact the surveillance witha ll the risks of co-ordination, governance etc etc that that implies?... But it's well off Kantara's patch... are you sure we are not better to start back with the IdoT problem space and build out to a place where we have both the expertise and it is relatively new territory? No July 4th for me, you can tell, eh? :-) Cheers Colin From: sal@idmachines.com To: tgold@idanalyst.com; stollman.j@gmail.com; Ingo.Friese@telekom.de Date: Tue, 2 Jul 2013 09:52:01 -0400 CC: joni@ieee-isto.org; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today! Terry, Jeff, Ingo, Very good set of points Terry. Leakage in particular. UMA might help in that regard. Identities of things is an interesting topic not the least in the sense that you have device, owners and users all of which bring their identities into things. I would be interested in the panel as well. I have some experience around SCADA and transport to help bring those perspectives. Look forward to the DG. Sal From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Terry Gold Sent: Tuesday, July 02, 2013 9:13 AM To: 'j stollman'; Ingo.Friese@telekom.de Cc: 'Joni Brennan'; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today! Hi Jeff- I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is: a) The convenience and pervasiveness of connected services b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc) c) Identity ownership and control s: evolution, impact, possibilities d) Challenges and impact on business models, and individuals as this battle looms.
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it.
2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services).
3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem.
4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out.
I am interested in collaborating and/or participating in the panel as well, up to you.
Regards,
Terry
-------------------------------
Terry Gold
iDanalyst LLC, Founder
Identity, Security & Privacy
t: 213-341-0433
m: 949-310-5911
tgold@IDanalyst.com
www.IDanalyst.com
Twitter: @IDanalyst
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of j stollman
Sent: Tuesday, July 02, 2013 5:50 AM
To: Ingo.Friese@telekom.de
Cc: Joni Brennan; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Ingo,
My personal bias would be to have a panel discussion on the implications of IoT on privacy. (We can submit more than one proposal and hold more than one panel.)
And I think some of the questions that we have already begun discussing (e.g., who controls the data for a ca?, will "things" have their own personal cloud or be part of a person's cloud?) that could provide fodder for a captivating discussion. . (We can submit more than one proposal and hold more than one panel.)
I have already begun drafting a proposal for a panel for which I am interested in other panelists. I have attached a draft. If you are interested in participating, let me know.
Thanks.
Jeff
On Tue, Jul 2, 2013 at 7:03 AM,
Hi Colin-
No buzzkill or offense taken. You raise really good and valid points.
I am not so convinced that RSA CFP committee however is as ruthless as they are political - am still reserving conclusions in that one.
As for the InfoSec community already being aware of the points 1-4, I would like to think I know the community well, and agree there is awareness, but it is context that is lacking. How 1-4 are inter related, progressions over time, and sequential progressions that got us here, and what pieces need to be clawed back for it to start to have a trajectory of balance.
There are some technical people in the RSA community, but many are not and not all are identity experts (or privacy beyond the corp enterprise) so I think there is value in discussing as long as it or not too high level and breaks things down quite more. It's easy to get lost in generalizations in panels where it's watered down and something g we wi work to avoid.
Lastly, my personal opinion is that Europe in general has a far better position on privacy than we do here in the US but if we go in guns blazing on a "how to do it like Europe" it will be counterproductive. Rather compare positions to expand the border beyond the US, as our data does as well.
My thoughts, although willing to accept I could be partly right or all wrong too -)
/t
Please excuse spelling errors - sent from my mobile device
On Jul 3, 2013, at 9:25 PM, Colin Wallis
At the risk of being a kill joy, I think that Terry's list below, while worthy, won't get accepted by RSA's pretty ruthless submission acceptance process.
I expect they will say that all 4 are pretty well known..
1 and 2 have been the subject of VRM, PDEC and now Custome rCommons for some time
3 is less well known to the public, but to the RSA audience, I would have thought 'well known'.. if the panel had real answers to how to restrict or manage that, such as the European based PICOS and ABC4Trust groups have (google those with Kai Rannenburg) then we might have a chance with RSA.
4) is topical, but may not be in 6 months, and RSA may be sensitive around the topic for its own 'relationship managment' reasons .. :-). that said..yea, there is a wider Governance story to tell there..and a story about which is better? broad surveillance with very good governance? or peicemeal organically built up surveillance based on a concern from one party of another, that communicated to parties x, y, and z to enact the surveillance witha ll the risks of co-ordination, governance etc etc that that implies?...
But it's well off Kantara's patch... are you sure we are not better to start back with the IdoT problem space and build out to a place where we have both the expertise and it is relatively new territory?
No July 4th for me, you can tell, eh? :-)
Cheers Colin
From: sal@idmachines.com To: tgold@idanalyst.com; stollman.j@gmail.com; Ingo.Friese@telekom.de Date: Tue, 2 Jul 2013 09:52:01 -0400 CC: joni@ieee-isto.org; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Terry, Jeff, Ingo,
Very good set of points Terry. Leakage in particular. UMA might help in that regard.
Identities of things is an interesting topic not the least in the sense that you have device, owners and users all of which bring their identities into things.
I would be interested in the panel as well. I have some experience around SCADA and transport to help bring those perspectives.
Look forward to the DG.
Sal
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Terry Gold Sent: Tuesday, July 02, 2013 9:13 AM To: 'j stollman'; Ingo.Friese@telekom.de Cc: 'Joni Brennan'; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Hi Jeff-
I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is:
a) The convenience and pervasiveness of connected services
b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc)
c) Identity ownership and control s: evolution, impact, possibilities
d) Challenges and impact on business models, and individuals as this battle looms.
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it.
2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services).
3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem.
4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out.
I am interested in collaborating and/or participating in the panel as well, up to you.
Regards,
Terry
-------------------------------
Terry Gold
iDanalyst LLC, Founder
Identity, Security & Privacy
t: 213-341-0433
m: 949-310-5911
tgold@IDanalyst.com
www.IDanalyst.com
Twitter: @IDanalyst
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org]
Yeaup, all fair points.
So if this was one submission where would the cross-over between known identity issues and IDoT be? 'Who owns and/or manages the light bulb's identity? (not being deliberatelty flippant!)
If we can find that cross-over, great. Otherwise it's probably two submissions..and nothing wrong in that of course..
Cheers
Colin
CC: sal@idmachines.com; stollman.j@gmail.com; ingo.friese@telekom.de; joni@ieee-isto.org; dg-idot@kantarainitiative.org
From: tgold@idanalyst.com
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Date: Wed, 3 Jul 2013 21:52:13 -0700
To: colin_wallis@hotmail.com
Hi Colin-
No buzzkill or offense taken. You raise really good and valid points.
I am not so convinced that RSA CFP committee however is as ruthless as they are political - am still reserving conclusions in that one.
As for the InfoSec community already being aware of the points 1-4, I would like to think I know the community well, and agree there is awareness, but it is context that is lacking. How 1-4 are inter related, progressions over time, and sequential progressions that got us here, and what pieces need to be clawed back for it to start to have a trajectory of balance.
There are some technical people in the RSA community, but many are not and not all are identity experts (or privacy beyond the corp enterprise) so I think there is value in discussing as long as it or not too high level and breaks things down quite more. It's easy to get lost in generalizations in panels where it's watered down and something g we wi work to avoid.
Lastly, my personal opinion is that Europe in general has a far better position on privacy than we do here in the US but if we go in guns blazing on a "how to do it like Europe" it will be counterproductive. Rather compare positions to expand the border beyond the US, as our data does as well.
My thoughts, although willing to accept I could be partly right or all wrong too -)
/t
Please excuse spelling errors - sent from my mobile device
On Jul 3, 2013, at 9:25 PM, Colin Wallis
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it. 2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services). 3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem. 4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out. I am interested in collaborating and/or participating in the panel as well, up to you. Regards, Terry ------------------------------- Terry Gold iDanalyst LLC, Founder Identity, Security & Privacy t: 213-341-0433 m: 949-310-5911 tgold@IDanalyst.com www.IDanalyst.com Twitter: @IDanalyst From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org]
Terry,
having been engaged as part of the RSA Conference track committee over ten
years I would suggest that your allusions to political decisions are highly
uninformed - if you have tried to reduce 1400 submissions to 20abstracts
for a single track you may gain some appreciation of the challenges.
Colins points are actually highly cogent and relevant, although there may
be more leeway if you decided to submit to the privacy track
While the privacy aspect is important and relevant the same issues already
exist in many different contexts my group at Google was already managing a
billion identities with many times that number of transactions taking place
monthly across 60 product areas
The management at scale of the collection of thing identities, the layering
of what an identity means from very low level devices and how they may be
connected to identified organizing identity such as a person (or house)
the authorization and relationship management is a pretty interesting
collection of security issues to deal with and could be proposed as a
reasonable abstract.
--Andrew
--Andrew
On Wed, Jul 3, 2013 at 9:52 PM, Terry Gold
Hi Colin-
No buzzkill or offense taken. You raise really good and valid points.
I am not so convinced that RSA CFP committee however is as ruthless as they are political - am still reserving conclusions in that one.
As for the InfoSec community already being aware of the points 1-4, I would like to think I know the community well, and agree there is awareness, but it is context that is lacking. How 1-4 are inter related, progressions over time, and sequential progressions that got us here, and what pieces need to be clawed back for it to start to have a trajectory of balance.
There are some technical people in the RSA community, but many are not and not all are identity experts (or privacy beyond the corp enterprise) so I think there is value in discussing as long as it or not too high level and breaks things down quite more. It's easy to get lost in generalizations in panels where it's watered down and something g we wi work to avoid.
Lastly, my personal opinion is that Europe in general has a far better position on privacy than we do here in the US but if we go in guns blazing on a "how to do it like Europe" it will be counterproductive. Rather compare positions to expand the border beyond the US, as our data does as well.
My thoughts, although willing to accept I could be partly right or all wrong too -)
/t
Please excuse spelling errors - sent from my mobile device
On Jul 3, 2013, at 9:25 PM, Colin Wallis
wrote: At the risk of being a kill joy, I think that Terry's list below, while worthy, won't get accepted by RSA's pretty ruthless submission acceptance process.
I expect they will say that all 4 are pretty well known..
1 and 2 have been the subject of VRM, PDEC and now Custome rCommons for some time
3 is less well known to the public, but to the RSA audience, I would have thought 'well known'.. if the panel had real answers to how to restrict or manage that, such as the European based PICOS and ABC4Trust groups have (google those with Kai Rannenburg) then we might have a chance with RSA.
4) is topical, but may not be in 6 months, and RSA may be sensitive around the topic for its own 'relationship managment' reasons .. :-). that said..yea, there is a wider Governance story to tell there..and a story about which is better? broad surveillance with very good governance? or peicemeal organically built up surveillance based on a concern from one party of another, that communicated to parties x, y, and z to enact the surveillance witha ll the risks of co-ordination, governance etc etc that that implies?...
But it's well off Kantara's patch... are you sure we are not better to start back with the IdoT problem space and build out to a place where we have both the expertise and it is relatively new territory?
No July 4th for me, you can tell, eh? :-)
Cheers Colin
------------------------------ From: sal@idmachines.com To: tgold@idanalyst.com; stollman.j@gmail.com; Ingo.Friese@telekom.de Date: Tue, 2 Jul 2013 09:52:01 -0400 CC: joni@ieee-isto.org; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Terry, Jeff, Ingo,
Very good set of points Terry. Leakage in particular. UMA might help in that regard.
Identities of things is an interesting topic not the least in the sense that you have device, owners and users all of which bring their identities into things.
I would be interested in the panel as well. I have some experience around SCADA and transport to help bring those perspectives.
Look forward to the DG.
Sal
*From:* dg-idot-bounces@kantarainitiative.org [ mailto:dg-idot-bounces@kantarainitiative.org
] *On Behalf Of *Terry Gold *Sent:* Tuesday, July 02, 2013 9:13 AM *To:* 'j stollman'; Ingo.Friese@telekom.de *Cc:* 'Joni Brennan'; dg-idot@kantarainitiative.org *Subject:* Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today! Hi Jeff-
I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is:
a) The convenience and pervasiveness of connected services
b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc)
c) Identity ownership and control s: evolution, impact, possibilities
d) Challenges and impact on business models, and individuals as this battle looms.
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it.
2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services).
3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem.
4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out.
I am interested in collaborating and/or participating in the panel as well, up to you.
Regards,
Terry
-------------------------------
Terry Gold
*iDanalyst LLC, **Founder***
*Identity, Security & Privacy*
t: 213-341-0433
m: 949-310-5911
tgold@IDanalyst.com
www.IDanalyst.com http://www.idanalyst.com/
Twitter: @IDanalyst
*From:* dg-idot-bounces@kantarainitiative.org [ mailto:dg-idot-bounces@kantarainitiative.org
] _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
Andrew, didn't mean to offend. Was intended to point out that CFP outcomes can occur aside from being rigid and to try anyway with best effort.
I pointed to politics as one other factor due to my own experiences (with RSA). We can take offline if you are interested.
Apologies.
On Jul 3, 2013, at 10:19 PM, Andrew Nash
Terry,
having been engaged as part of the RSA Conference track committee over ten years I would suggest that your allusions to political decisions are highly uninformed - if you have tried to reduce 1400 submissions to 20abstracts for a single track you may gain some appreciation of the challenges.
Colins points are actually highly cogent and relevant, although there may be more leeway if you decided to submit to the privacy track
While the privacy aspect is important and relevant the same issues already exist in many different contexts my group at Google was already managing a billion identities with many times that number of transactions taking place monthly across 60 product areas
The management at scale of the collection of thing identities, the layering of what an identity means from very low level devices and how they may be connected to identified organizing identity such as a person (or house) the authorization and relationship management is a pretty interesting collection of security issues to deal with and could be proposed as a reasonable abstract.
--Andrew
--Andrew
On Wed, Jul 3, 2013 at 9:52 PM, Terry Gold
wrote: Hi Colin-
No buzzkill or offense taken. You raise really good and valid points.
I am not so convinced that RSA CFP committee however is as ruthless as they are political - am still reserving conclusions in that one.
As for the InfoSec community already being aware of the points 1-4, I would like to think I know the community well, and agree there is awareness, but it is context that is lacking. How 1-4 are inter related, progressions over time, and sequential progressions that got us here, and what pieces need to be clawed back for it to start to have a trajectory of balance.
There are some technical people in the RSA community, but many are not and not all are identity experts (or privacy beyond the corp enterprise) so I think there is value in discussing as long as it or not too high level and breaks things down quite more. It's easy to get lost in generalizations in panels where it's watered down and something g we wi work to avoid.
Lastly, my personal opinion is that Europe in general has a far better position on privacy than we do here in the US but if we go in guns blazing on a "how to do it like Europe" it will be counterproductive. Rather compare positions to expand the border beyond the US, as our data does as well.
My thoughts, although willing to accept I could be partly right or all wrong too -)
/t
Please excuse spelling errors - sent from my mobile device
On Jul 3, 2013, at 9:25 PM, Colin Wallis
wrote: At the risk of being a kill joy, I think that Terry's list below, while worthy, won't get accepted by RSA's pretty ruthless submission acceptance process.
I expect they will say that all 4 are pretty well known..
1 and 2 have been the subject of VRM, PDEC and now Custome rCommons for some time
3 is less well known to the public, but to the RSA audience, I would have thought 'well known'.. if the panel had real answers to how to restrict or manage that, such as the European based PICOS and ABC4Trust groups have (google those with Kai Rannenburg) then we might have a chance with RSA.
4) is topical, but may not be in 6 months, and RSA may be sensitive around the topic for its own 'relationship managment' reasons .. :-). that said..yea, there is a wider Governance story to tell there..and a story about which is better? broad surveillance with very good governance? or peicemeal organically built up surveillance based on a concern from one party of another, that communicated to parties x, y, and z to enact the surveillance witha ll the risks of co-ordination, governance etc etc that that implies?...
But it's well off Kantara's patch... are you sure we are not better to start back with the IdoT problem space and build out to a place where we have both the expertise and it is relatively new territory?
No July 4th for me, you can tell, eh? :-)
Cheers Colin
From: sal@idmachines.com To: tgold@idanalyst.com; stollman.j@gmail.com; Ingo.Friese@telekom.de Date: Tue, 2 Jul 2013 09:52:01 -0400 CC: joni@ieee-isto.org; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Terry, Jeff, Ingo,
Very good set of points Terry. Leakage in particular. UMA might help in that regard.
Identities of things is an interesting topic not the least in the sense that you have device, owners and users all of which bring their identities into things.
I would be interested in the panel as well. I have some experience around SCADA and transport to help bring those perspectives.
Look forward to the DG.
Sal
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Terry Gold Sent: Tuesday, July 02, 2013 9:13 AM To: 'j stollman'; Ingo.Friese@telekom.de Cc: 'Joni Brennan'; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Hi Jeff-
I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is:
a) The convenience and pervasiveness of connected services
b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc)
c) Identity ownership and control s: evolution, impact, possibilities
d) Challenges and impact on business models, and individuals as this battle looms.
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it.
2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services).
3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem.
4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out.
I am interested in collaborating and/or participating in the panel as well, up to you.
Regards,
Terry
-------------------------------
Terry Gold
iDanalyst LLC, Founder
Identity, Security & Privacy
t: 213-341-0433
m: 949-310-5911
tgold@IDanalyst.com
www.IDanalyst.com
Twitter: @IDanalyst
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org]
_______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
So taking a step back and moving on..... :-)...
I got a reminder note today about the deadline being 25th July.
So do we have one or two submissions on the go? from Terry, Sal, Jeff Ingo?
Cheers
Colin
CC: colin_wallis@hotmail.com; joni@ieee-isto.org; dg-idot@kantarainitiative.org
From: tgold@idanalyst.com
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Date: Wed, 3 Jul 2013 23:17:02 -0700
To: andrew.nash@gmail.com
Andrew, didn't mean to offend. Was intended to point out that CFP outcomes can occur aside from being rigid and to try anyway with best effort.
I pointed to politics as one other factor due to my own experiences (with RSA). We can take offline if you are interested.
Apologies.
On Jul 3, 2013, at 10:19 PM, Andrew Nash
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it. 2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services). 3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem. 4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out. I am interested in collaborating and/or participating in the panel as well, up to you. Regards, Terry ------------------------------- Terry Gold iDanalyst LLC, Founder Identity, Security & Privacy t: 213-341-0433 m: 949-310-5911 tgold@IDanalyst.com www.IDanalyst.com Twitter: @IDanalyst From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
I am intending to submit a proposal. The panel I am proposing will not all
be members of the Kantara IoT discussion group.
Jeff
On Tue, Jul 16, 2013 at 1:31 AM, Colin Wallis
So taking a step back and moving on..... :-)...
I got a reminder note today about the deadline being 25th July.
So do we have one or two submissions on the go? from Terry, Sal, Jeff Ingo?
Cheers Colin
------------------------------ CC: colin_wallis@hotmail.com; joni@ieee-isto.org; dg-idot@kantarainitiative.org From: tgold@idanalyst.com
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today! Date: Wed, 3 Jul 2013 23:17:02 -0700 To: andrew.nash@gmail.com
Andrew, didn't mean to offend. Was intended to point out that CFP outcomes can occur aside from being rigid and to try anyway with best effort.
I pointed to politics as one other factor due to my own experiences (with RSA). We can take offline if you are interested.
Apologies.
On Jul 3, 2013, at 10:19 PM, Andrew Nash
wrote: Terry,
having been engaged as part of the RSA Conference track committee over ten years I would suggest that your allusions to political decisions are highly uninformed - if you have tried to reduce 1400 submissions to 20abstracts for a single track you may gain some appreciation of the challenges.
Colins points are actually highly cogent and relevant, although there may be more leeway if you decided to submit to the privacy track
While the privacy aspect is important and relevant the same issues already exist in many different contexts my group at Google was already managing a billion identities with many times that number of transactions taking place monthly across 60 product areas
The management at scale of the collection of thing identities, the layering of what an identity means from very low level devices and how they may be connected to identified organizing identity such as a person (or house) the authorization and relationship management is a pretty interesting collection of security issues to deal with and could be proposed as a reasonable abstract.
--Andrew
--Andrew
On Wed, Jul 3, 2013 at 9:52 PM, Terry Gold
wrote: Hi Colin-
No buzzkill or offense taken. You raise really good and valid points.
I am not so convinced that RSA CFP committee however is as ruthless as they are political - am still reserving conclusions in that one.
As for the InfoSec community already being aware of the points 1-4, I would like to think I know the community well, and agree there is awareness, but it is context that is lacking. How 1-4 are inter related, progressions over time, and sequential progressions that got us here, and what pieces need to be clawed back for it to start to have a trajectory of balance.
There are some technical people in the RSA community, but many are not and not all are identity experts (or privacy beyond the corp enterprise) so I think there is value in discussing as long as it or not too high level and breaks things down quite more. It's easy to get lost in generalizations in panels where it's watered down and something g we wi work to avoid.
Lastly, my personal opinion is that Europe in general has a far better position on privacy than we do here in the US but if we go in guns blazing on a "how to do it like Europe" it will be counterproductive. Rather compare positions to expand the border beyond the US, as our data does as well.
My thoughts, although willing to accept I could be partly right or all wrong too -)
/t
Please excuse spelling errors - sent from my mobile device
On Jul 3, 2013, at 9:25 PM, Colin Wallis
wrote: At the risk of being a kill joy, I think that Terry's list below, while worthy, won't get accepted by RSA's pretty ruthless submission acceptance process.
I expect they will say that all 4 are pretty well known..
1 and 2 have been the subject of VRM, PDEC and now Custome rCommons for some time
3 is less well known to the public, but to the RSA audience, I would have thought 'well known'.. if the panel had real answers to how to restrict or manage that, such as the European based PICOS and ABC4Trust groups have (google those with Kai Rannenburg) then we might have a chance with RSA.
4) is topical, but may not be in 6 months, and RSA may be sensitive around the topic for its own 'relationship managment' reasons .. :-). that said..yea, there is a wider Governance story to tell there..and a story about which is better? broad surveillance with very good governance? or peicemeal organically built up surveillance based on a concern from one party of another, that communicated to parties x, y, and z to enact the surveillance witha ll the risks of co-ordination, governance etc etc that that implies?...
But it's well off Kantara's patch... are you sure we are not better to start back with the IdoT problem space and build out to a place where we have both the expertise and it is relatively new territory?
No July 4th for me, you can tell, eh? :-)
Cheers Colin
------------------------------ From: sal@idmachines.com To: tgold@idanalyst.com; stollman.j@gmail.com; Ingo.Friese@telekom.de Date: Tue, 2 Jul 2013 09:52:01 -0400 CC: joni@ieee-isto.org; dg-idot@kantarainitiative.org Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Terry, Jeff, Ingo,
Very good set of points Terry. Leakage in particular. UMA might help in that regard.
Identities of things is an interesting topic not the least in the sense that you have device, owners and users all of which bring their identities into things.
I would be interested in the panel as well. I have some experience around SCADA and transport to help bring those perspectives.
Look forward to the DG.
Sal
*From:* dg-idot-bounces@kantarainitiative.org [ mailto:dg-idot-bounces@kantarainitiative.org
] *On Behalf Of *Terry Gold *Sent:* Tuesday, July 02, 2013 9:13 AM *To:* 'j stollman'; Ingo.Friese@telekom.de *Cc:* 'Joni Brennan'; dg-idot@kantarainitiative.org *Subject:* Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today! Hi Jeff-
I think you are spot-on. We can continue to define technical frameworks (and we will ;-) but the big storm brewing is:
a) The convenience and pervasiveness of connected services b) Collection and monetization of data (can debate and categorize what is PII or not and how it is still usable, etc) c) Identity ownership and control s: evolution, impact, possibilities d) Challenges and impact on business models, and individuals as this battle looms.
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it. 2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services). 3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem. 4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out.
I am interested in collaborating and/or participating in the panel as well, up to you.
Regards, Terry
------------------------------- Terry Gold *iDanalyst LLC, **Founder*** *Identity, Security & Privacy* t: 213-341-0433 m: 949-310-5911
tgold@IDanalyst.com www.IDanalyst.com http://www.idanalyst.com/ Twitter: @IDanalyst
*From:* dg-idot-bounces@kantarainitiative.org [ mailto:dg-idot-bounces@kantarainitiative.org
] _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
_______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
-- Jeff Stollman stollman.j@gmail.com 1 202.683.8699 Truth never triumphs — its opponents just die out. Science advances one funeral at a time. Max Planck
Thanks Jeff
Good to know.
Regardless of panel members, if the submission is successful, there's case for developing it a bit in the IDOT, if it's relevant.
There may be other background materials and things that folks can surface for you..
Cheers
Colin
Date: Tue, 16 Jul 2013 06:23:01 -0400
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
From: stollman.j@gmail.com
To: colin_wallis@hotmail.com
CC: tgold@idanalyst.com; andrew.nash@gmail.com; joni@ieee-isto.org; dg-idot@kantarainitiative.org
I am intending to submit a proposal. The panel I am proposing will not all be members of the Kantara IoT discussion group.
Jeff
On Tue, Jul 16, 2013 at 1:31 AM, Colin Wallis
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook’s monetization model isn’t new just the way they collect it. 2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don’t agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services). 3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite “chatty” in this way). Basically, any that are “free” apps, are doing this so (and not disclosing) it’s a BIG problem. 4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out. I am interested in collaborating and/or participating in the panel as well, up to you. Regards, Terry ------------------------------- Terry Gold iDanalyst LLC, Founder Identity, Security & Privacy t: 213-341-0433 m: 949-310-5911 tgold@IDanalyst.com www.IDanalyst.com Twitter: @IDanalyst From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot -- Jeff Stollman stollman.j@gmail.com 1 202.683.8699 Truth never triumphs — its opponents just die out. Science advances one funeral at a time. Max Planck
Hi Collin,
I'll submit a 20 min speaker proposal. I thought of a panel discussion first, but it's really hard to bring friction in the discussion.
To introduce concepts of "IDoT" to me a 20 min session seems to be more appropriate.
Best,
Ingo
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Colin Wallis
Sent: Dienstag, 16. Juli 2013 07:31
To: Terry Gold; Andrew Nash
Cc: Joni Brennan; dg-idot@kantarainitiative.org
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
So taking a step back and moving on..... :-)...
I got a reminder note today about the deadline being 25th July.
So do we have one or two submissions on the go? from Terry, Sal, Jeff Ingo?
Cheers
Colin
________________________________
CC: colin_wallis@hotmail.commailto:colin_wallis@hotmail.com; joni@ieee-isto.orgmailto:joni@ieee-isto.org; dg-idot@kantarainitiative.orgmailto:dg-idot@kantarainitiative.org
From: tgold@idanalyst.commailto:tgold@idanalyst.com
Subject: Re: [DG-IDoT] FW: RSA U.S. Call for Speakers Now Open! Submit Today!
Date: Wed, 3 Jul 2013 23:17:02 -0700
To: andrew.nash@gmail.commailto:andrew.nash@gmail.com
Andrew, didn't mean to offend. Was intended to point out that CFP outcomes can occur aside from being rigid and to try anyway with best effort.
I pointed to politics as one other factor due to my own experiences (with RSA). We can take offline if you are interested.
Apologies.
On Jul 3, 2013, at 10:19 PM, Andrew Nash
From my perspective, there are four levels to this dilemma that should be reviewed/clarified for the audience:
1. Legacy models like the credit bureaus. They have long collecting everything, are bureaucratic, and monetize data in many ways. Facebook's monetization model isn't new just the way they collect it. 2. Opt-in relationships: Such as Facebook. We may be opted-in when we sign up (don't agree with that by the way) but we do consciously sign up for the relationship and is intended to share on some level (unlike my mortgage account or my vehicle records or services). 3. Leakage: The usage of a service that does not disclose that it is collecting data, or irresponsibly leaks your data to another service (lots of mobile apps are quite "chatty" in this way). Basically, any that are "free" apps, are doing this so (and not disclosing) it's a BIG problem. 4. Government Surveillance: PRISM, etc. For me, the debate on this is two-fold, not only the legality but the controlled usage of any collected data. Obvious, but just to point out. I am interested in collaborating and/or participating in the panel as well, up to you. Regards, Terry ------------------------------- Terry Gold iDanalyst LLC, Founder Identity, Security & Privacy t: 213-341-0433 m: 949-310-5911 tgold@IDanalyst.commailto:tgold@IDanalyst.com www.IDanalyst.comhttp://www.idanalyst.com/ Twitter: @IDanalyst From: dg-idot-bounces@kantarainitiative.orgmailto:dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] _______________________________________________ DG-IDoT mailing list DG-IDoT@kantarainitiative.orgmailto:DG-IDoT@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-idot
participants (6)
-
Andrew Nash
-
Colin Wallis
-
Ingo.Friese@telekom.de
-
j stollman
-
Salvatore D'Agostino
-
Terry Gold