I'm interested in contributing an answer: - I can't see any incentives for other providers to be "disintermediated" by a broker entity :-) An alternate model is to define the "broker" as a P2P network of nodes that must collaborate to maintain (their client's) data privacy. /thomas/ ________________________________________ From: wg-uma-bounces@kantarainitiative.org [wg-uma-bounces@kantarainitiative.org] on behalf of Adrian Gropper [agropper@healthurl.com] Sent: Saturday, October 24, 2015 11:27 AM To: Justin P Richer Cc: wg-uma@kantarainitiative.org UMA Subject: Re: [WG-UMA] NIST Seeks Comments on New Project Aimed at Protecting Privacy Online I'm interested in contributing to this comment and a session at IIW. Adrian On Sat, Oct 24, 2015 at 11:24 AM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote: My view on this remains “to increase privacy get rid of brokers”. A full mesh SAML or PKI federation is untenable, so that’s why we’ve deployed brokers in the past. But OIDC, with dynamic client registration and server discovery, is built for this. I believe wee need to move towards this model. Is anyone interested in writing up a response to that effect with me? Perhaps we could run a session on it at IIW this week for those of us that will be there (including myself). — Justin On Oct 23, 2015, at 8:29 AM, Andrew Hughes <andrewhughes3000@gmail.com<mailto:andrewhughes3000@gmail.com>> wrote: Hi UMAnitarians - not sure if you've seen this notice yet I'm vice-chair of IAWG & we are probably going to assemble comments on this. "Privacy-Enhanced Identity Brokers" Comments to inform a new collaborative project & eventual 1800 series Practice Guide at the NIST NCCoE Due 18 December http://www.nist.gov/itl/acd/ncce/20151022privacy.cfm Andrew Hughes CISM CISSP Independent Consultant In Turn Information Management Consulting o +1 650.209.7542<tel:%2B1%20650.209.7542> m +1 250.888.9474<tel:%2B1%20250.888.9474> 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com<mailto:AndrewHughes3000@gmail.com> ca.linkedin.com/pub/andrew-hughes/a/58/682/<http://ca.linkedin.com/pub/andrew-hughes/a/58/682/> Identity Management | IT Governance | Information Security _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org<mailto:WG-UMA@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/wg-uma _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org<mailto:WG-UMA@kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/wg-uma -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/