How To Prevent The World Wild Web Identity Crisis

  • 534 views
Uploaded on

Mission statement idplatform.eu

Mission statement idplatform.eu

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
534
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Goedendag, mijn naam is Helmer Wieringa en ik vertegenwoordig een stichting in oprichting met de naam idcomons europa. Doel en functie van die stichting zal hopelijk in de loop van de presentatie duidelijk worden. We hebben geen tijd te verliezen want er dreigt een wereld wijde identitetscrisis. Daar wordt overal ter wereld aangewerkt idcommons wil een bescheiden steentje bijdragen. De presentatietekst is in het Engels, maar ik doe mijn toelichting naar k euze in het Engels of Nederlands.
  • Hoe zit de presentatie in elkaar? Eerst een overzicht van problemen daarna wat we hebben geleerd tot nu toe. De oplossingsrichting die Idcommons voorstaat. Hoe idcommons wil helpen een deel van de oplossing te realiseren. En aanbevelingen voor Internationale Samenwerkling 2.0
  • Maaer eerst even een aantal definities van een aantal begrippen
  • Wat is persoonlijke informatie?
  • Deze informatie word op dit moment over u verzameld. Samengesteld uit lijstjes en standaards die ik vond op internet. Een van reviewers van de presentatie stelde de term emotional toe te voegen. Terecht: een voorbeeld: Google wil in de nabije toekomst gaan proberen om je stemming te af te leiden vanuit het bewegingspatroon van je mobile telefoon.
  • Er zijn vele definitie van privacy in omloop. Hier is er een : privacy is vermogen van een indivdu om het wegstromen van, de grenzen van gebruik en bewaartermijn van persoonlijke informatie te kunnen controleren
  • Gebruikers balen van registrerer en de eindeloze lijsten met vragen die daarmee gepaard gaan en haken daarom vaak af.
  • Onthouden van gebruikersnamen en wachtwoorden is een probleem
  • Gemiddeld wel 100 gebruikersnamen en wachtwoorden.
  • Identiteits diefstal: De omzet die in dit marktsegment is in de USA alleen al ….
  • Privacy statements bestaan uit lange en meeste burgers onverterbare juridische teksten. Men weinig vetrouwen in dienstverleners op het web.
  • En men heeft gelijk wat te denken dat dienstverleners zonder dit duidelijk aan te kondigen privacy policies veranderen. Bijvoorbeeld het sociale netwerk Hyves dat dit jaar zonder dit duidelijk mede te delen echte namen van Hyves leden laat indexeren door Google.
  • De burger heeft zo-wie-zo geen idee wat anderen weten over hem en waarom. Informatie over burger staan opgeslagen in 300 verschillende bestanden bij de Nederlandse overheid Waarom zoveel, is die informatie correct? Electronisch kinddossier kan meer dan 2500 gegevens opslaan per kind, een foutje is snel gemaakt en ouders en kind hebben geen inzage.
  • Probeer maar eens af te komen van een email nieuwsbrief…
  • Het is vaak ondoenlijk om informatie gecorrigeerd te krijgen, voorbeeld bureau kredietregistratie en de 13 jaar van terrorisma verdachte nnnn….nnnnn die uiteindelijk failiet is gegaan en nu in een complexe rechtszaak is verwikkeld met de Nederlandse staat.
  • Ik krijg regelmatig spam met mijzelf als afzender
  • Yahoo.com,Linkedin.com; Salesforce.com; Google.com; Youtube.com Tripadvisor.com en nog veel meer
  • Ok je kunt die supercookies wel verwiideren, maar je moet daarvoor eerst een speciale add-on laden die alleem maar voor firefox. Leg dat maar eens uit aan je ouders of kinderen.
  • Privacy wetgeving is vrij complex; het onderwerp staat op vaak de agenda, de vrees de wet te overtreden vormt een blokkade voor innovatiie. Aktiegroepen zijn succesvol om projecten te laten stoppen. De slimme meter is een (al gemoemd) voorbeeld.
  • Berichten van data opstraat zijn aan de orde van de dag. State officials are notifying more than a half-million Virginians that their Social Security numbers may have been contained in a prescription drug database that was targeted by a computer hacker April 30. The hacker gained access to the Prescription Monitoring Program computer system, which is designed to deter prescription drug abuse, and demanded a $10 million ransom. The hacker has not been identified. A criminal investigation has not yet determined what, if any, personal information was put at risk in the incident, said Sandra Whitley Ryals, director of the Virginia Department of Health Professions, on Wednesday. Nevertheless, the state is mailing individual notifications to 530,000 people whose prescription records may have contained Social Security numbers, in order to alert them to the potential for identity theft, Ryals said. In addition, 1,400 registered users of the database, mostly doctors and pharmacists, who may have provided Social Security numbers when they registered for the program are being notified. The database contains records of more than 35 million prescriptions dispensed since 2006 for certain federally controlled drugs with a high potential for abuse, such as OxyContin, Vicodin and Xanax. The records include patients' name, address and date of birth, the name and quantity of the drug prescribed, and identifying numbers for the doctor and pharmacist. Each record also includes an optional field for an identifying patient number. All patients identified by a nine-digit number, which could be a Social Security number, are receiving the mailed notifications, said Kathy Siddall, a department spokeswoman. The mailing advises patients to check their bank statements and credit reports for signs of identity theft and report any suspicious activity to their local police department. The prescription database was shut down in the wake of the hacker attack.
  • Handhaven van de wet is praktische gesproken nauwelijks haalbaar.
  • Er is dus nogal veel mis.
  • Hoe moeten de problemen aanpakken? we moeten de kosten en moeite van een aantal aspecten verlagen…
  • Maak het gebruikersvriendelijker voor gebruikers voor een dienst te registreren
  • Maak het veel gemakkelijker voor gebruikers om een dienst stop te zetten, en zorg dat de dienstverlener no-trace no-spamgarantie kan afgeven hetgeen uiteidelijk leidt tot meer openheid. Voorbeeld als je staat voor de beslissing om een auto te kopen, wil je wel gespamed worden, is de auto aangeschaft dan niet meer.
  • Maak het makkelijker om data te corrigeren, geef toegang tot alle verzamelde gegevens
  • Maak veel gemakkelijker om registratieprocedures te implementeren door vergaande standaardisatie van registratie scenarios.
  • Verlaag de drempel voor gebruikers om kenbaar te maken wat men wil op consistente manier.
  • Maak het gemakkelijker voor dienstverleners om doelgerichte informatie te versturen.
  • Maak het gemakkelijker voor dienstverleners om zich te houden aan de wet
  • Verwijder privacykopzorg uit projecten waardoor een baaierd aan innovatieve diensten mogelijk wordt
  • maak het gemakkelijker om standaarrd privacy beschermende technology te implementeren waardoor het vetrouwen bij de consument kan worden terug gewonnen.
  • Ontwikkel standaard berichten waardoor duidelijkheid wordt geschapen voor gebruikers
  • Maak het gemakkelijker voor de overheid om de wet te handhaven
  • Resulterend in een wederzijds vertrouwen en effectieve communicatie tussen gebruikers en dienstverleners
  • Even een samenvatting van aspecten
  • Een kort overzicht van de partijen die met het probleem worstelen.
  • Kafka, Georg Orwell Aldous Huxley om er maar een paar te noemen… In 1970 is er een advocaat in Australie [naam?] die het privacy en data protectie probleem aansnijdt. Informatie technologie is intrinsiek archiverend daar zit o.a. het probleem.
  • Er zij veel partijen die de problemen proberen op te lossen.
  • Een paar voorbeelden
  • Het zal u niet verassen , dat er nog geen consensus is bereikt…
  • Maar we hebben wel een aantal zaken geleerd sinds 2000
  • Een zeer belangrijk principe is dat de gebruiker zelfbeschikkingsrecht over in persoonlijke informatie wordt gegegeven.
  • Dit is een kritische succesfaktor voor identity management systemen
  • En als een partij dat probeert zal die partij falen.
  • In het onderhavige domein kunnen we niet volstaan met vage zelf regulerende maatregelen. Klinkt dit u bekend in de oren? We hadden te weinig aandacht voor financiele transacties, hoe zit het dan met transacties met uw persoonlijke gegevens?
  • Technologie om je te helpen aan de wet te houden moet worden ingebouwd… zonder dat we de vrijheid van Internet gaan beperken
  • Informationele machtpositie van een of een beperkt aantal partijen wordt domweg niet geaccepteerd,
  • In het electronisch kind dossier EKD kunnen meer dan 2500 gegevens per kind worden opgeslagen.
  • Niet wanhopen de oplossing is relatief eenvoudig….

Transcript

  • 1. How to prevent the World Wild Web Identity Crisis By idplatform.eu a non-profit organization in the process of foundation Presented by Helmer Wieringa Contact details: [email_address]
  • 2. Structure of this presentation
    • What is the problem anyway?
    • Identity and privacy problems
    • The struggle to solve the problems
    • Learned lessons
    • Solution direction: certified open identity providers
    • How would that work
    • Some innovations
    • Recommendations for International Collaboration 2.0
    • How could idplatform.eu help
  • 3.
    • What is the problem anyway?
  • 4. Privacy?!... I don’t care; I have nothing to hide…
  • 5. WANTED: YOUR IDENTITY BY Criminals Government Employers Business Relations Service Providers Family & Friends TO CONTROL YOU
  • 6. But first some definitions… Identity Personal information Privacy
  • 7. There are two sides of the identity coin…
  • 8. idem identity, meaning an identity based on an arrangement; the purpose is persistent identification Idem identity Individual
  • 9. ipse identity meaning the way you are identified and categorized by your self and others; the purpose is the construction of the self See summary of Future of Identity In the information Society FDIS The concept identity Ricoeur ; Beller ; Leerssen Ipse identity Individual
  • 10. What includes personal information ?
  • 11. Some Personal Information Facets *) *) Reference: Privacy in the clouds, A. Cavoukian, Office of the Information and Privacy Commissionar, Toronto, Canada – combined with p3p categories
    • Administrational
    • Computational
    • Historical
    • Transactional
    • Locational
    • Emotional
    • Attentional
    • Preferential
    • Biological
    • Biographical
    • Demographical
    • Genealogical
    • Professional
    • Reputational
    • Relational
    • Political
  • 12. Many definitions of privacy here follows just one…
  • 13. An individual's privacy is their ability to control the flow , boundary , and persistence of their personal information*) *) Privacy in the Clouds A. Cavoukian
  • 14. So, do you want still to be identified without knowing this and why and to be constructed by others?
  • 15. I still don’t care That’s fine but stop listening to or reading of this presentation
  • 16. We return now to the daily problems...
  • 17. Users hate to register for services and are frustrated by lengthy enquiries and often back off
  • 18. Users can’t remember user names and passwords
  • 19. … and have on average hundreds of those user/name password combinations
  • 20. Users are exposed to the risk of identity theft The number of US adult victims of identity fraud 8.4 million in 2007. Total one year fraud $49.3 billion in 2007 The mean fraud amount per fraud victim $5,720 in 2007.
  • 21. Users don’t read privacy policies and don’t trust service providers anyway…
  • 22. … and they are right… service providers change privacy policies without notification
  • 23. Individuals have no idea what others think to know about them and why
  • 24. It is often impossible to unsubscribe from e-newsletters
  • 25. Often impossible to correct personal information in databases Kowsoleea is een Nederlandse ondernemer van Surinaamse afkomst die ten onrechte bij veel overheids- instanties te boek stond als een harddrugscrimineel . De reden hiervan was identiteitsfraude: een verslaafde aan verdovende middelen gaf zich met regelmaat voor hem uit. De overheid slaagde er niet in om de negatieve en zeer belastende registraties op naam van meneer Kowsoleea op de juiste naam, namelijk die van de echte dader te zetten .
  • 26. Spam is distributed by the use of your own email address
  • 27. Service providers - even with “good” reputation - track your behavior across websites by use of super cookies ...
  • 28. ... only to be removed by special browser add-ons like Better Privacy for Firefox
  • 29. Privacy legislation is too complex and is an obstacle for business and innovation; projects with insufficient privacy are rolled back.
  • 30. Most organizations are not able to protect confidential data; information breaches are daily news
  • 31. April 30, 2009 State officials are notifying more than a half-million Virginians that their Social Security numbers may have been contained in a prescription drug database that was targeted by a computer hacker April 30 . The hacker gained access to the Prescription Monitoring Program computer system, which is designed to deter prescription drug abuse, and demanded a $10 million ransom . The hacker has not been identified Virginia patients warned about hacking of state drug Web site http://hamptonroads.com/2009/06/officials-hacker-may-have-stolen-social-security-numbers
  • 32. “ Almost one in five businesses in the UK has unwittingly breached the Data Protection Act meaning illegal data transfer to third party” according to research of the British Standards institute
  • 33. Enforcement of privacy legislation is practically impossible
  • 34. IN SHORT: IT IS A MESS
  • 35. We need fundamental change…
  • 36. To summarize: we should reduce the cost and effort for…
  • 37. … user enrollment and participation in a community, by improving usability and transparency about what is agreed on
  • 38. … users to cancel a service and give them assurance that they can….
  • 39. … leave without a trace and fear of stalking, r esulting in more trust and openness
  • 40. users to correct their personal information, by offering read/write access on their data
  • 41. … service providers to effectively engage prospects and increase # of registrations , by rigorous standardization of procedures
  • 42. … users to receive relevant and effective service and information by giving them control to define their needs in a consistent way.
  • 43. … service providers to distribute targeted and effective information
  • 44. … service providers to comply to data protection legislation
  • 45. … service providers to design innovative personalized services by removing privacy headaches out of development projects
  • 46. … service providers to regain trust by their users by embedding privacy enhanced technology
  • 47. … providing transparency for users regarding service providers behavior by easy to understand standard notifications PRIVACY HIGH PRIVACY MEDIUM PRIVACY LOW PRIVACY ASSURED
  • 48. … governments to enforce data protection and privacy legislation by embedding real-time auditability
  • 49. All these improvements are necessary for two-way trust and effective communication
  • 50. We have to reduce the cost and effort for:
    • Participation
    • Correcting personal data
    • Preventing spam & stalking
    • Canceling services
    • Engagement
    • Data collection
    • Data destruction
    • Personalization
    • Compliance
    • Obligation management
    • Privacy assurance
    • Enforcement
    That is quite a lot… Do you really think that it will sort itself out? And leave it to some legislation & complying service providers?
  • 51.
    • World Wild Web Identity Struggle
    The struggle to solve the problems
  • 52. The problems have been predicted by writers, philosophers but have been actually addressed since 1970 in the information technology domain.
  • 53. Explosion of activities to solve the problem…
  • 54. … of any scope, shape and form driven by
    • Governments
      • As legislation developer
      • As service provider
      • As funding provider for programmes
    • Universities
    • Standardization organizations
    • Multi stake holder platforms
    • Innovation institutes
    • Technology vendors
    • Service providers
    • Online Child protection organizations
    • Self regulation
    • Open source communities
    • Hackers
    • Criminals
    • Human rights organizations
    • Political parties
    • Citizens
    Many at the table but the main stakeholder: the citizen is missing
  • 55. And no surprise: no consensus yet
  • 56.
    • World Wild Web Identity Lessons
    Five main learned lessons
  • 57.
    • Everything should be done to give the user control over the collection, use and disclosure of their personal information by others…
  • 58. … which is a critical success factor for any digital identity system to be built
  • 59. … ignoring this lesson will result in projects doomed to fail
  • 60.
    • Self regulation has failed in the privacy and identity domain (does this sound familiar?)
  • 61. … so compliance to legislation should be embedded in the technology without losing the freedom of the current Internet practice
  • 62.
    • Informational dominance of one or a limited group of parties will not be accepted in the context of personal information…
  • 63.
    • Storage of personal information should be reduced as much as possible…
  • 64. … service providers should adopt the just-enough-data-to-do-the job principle and work with partial identity
  • 65.
    • Migration strategy & tactics should be very smart and the execution should be a like a military operation…
  • 66. … and develop a practical and feasible approach for semantically interoperability (shared profile)
  • 67.
    • World Wild Web Identity Solutions
    idplatform.eu solution directions
  • 68. Introduce the concept Certified Open Identity Provider which…
  • 69. … acts on behalf of the individual
  • 70. … is a trusted custodian of a part of individuals personal information
  • 71. … can be compared to a financial bank : protecting personal information instead of money
  • 72. … is intermediary for all personal data transactions
  • 73. … should also be able to assure anonymity of users
  • 74. … should provide personal information to third parties only with explicit consent of the user
  • 75. … should store the history of personal information transactions, only to show the user who knows what about me
  • 76. … notify me when a service provider is changing a privacy policy
  • 77. … should - if desired - send legal request to delete information about me, as part of a service cancellation
  • 78. Service providers can outsource a lot of data protection and privacy compliance headaches to an Identity Provider
  • 79. … and focus on their core services
  • 80. Some rules and principles for identity providers
  • 81. Everybody is allowed to act as an Identity Provider…
  • 82. … but there should be some rules…
  • 83. … IDPs should be certified by an organization which is installed by government but independent of it (like the legal power)
  • 84. Some criteria for certification…
    • Accessibility
    • Usability
    • Transparency
    • Security
    • Reliability
    • Resilience
    • Interoperability
    • Identity portability
    • Data protection
    • Privacy assurance
    • Fraud detection policy
    That is quite a lot… Do really think that it will sort itself out? And leave it to some legislation & complying service providers?
  • 85. Users can choose a Identity Provider they trust and should be able to switch/migrate data to another Identity Provider if they wish
  • 86. Expectation: individuals will use 5-10 Identity Providers for special domains like travel.id; volunteers.id; financial.id; care.id, ngo.id, governement.id
  • 87. Still a lot to remember but better than hundreds of passwords
  • 88. Advantages
    • Assurance of
      • Privacy
      • Security
      • Accessibility
    • Enabling
      • Effective communication
      • Sustainable commerce
      • Better services
      • Innovation
    • Cost reduction
  • 89.
    • How would that work?
  • 90. Alice stumbles upon an access controlled site schools4africa.com which is member of i2c.com federation
  • 91. Alice enters only i2c.com in a login field on the site school4africa.com and clicks on the let me in button I2C.com Let me in Schools4africa is member of i2c learn more>>>
  • 92. … .meaning: hey schools4africa.com, you don’t know me yet, but let me in quickly the guys at i2c.com know some information about me
  • 93. School4africa.com notices some knocking on the door, it is a stranger which is claiming to be member of i2c.com
  • 94. Schools4Africa.com goes to i2c.com verify the identity of the stranger and requests do you know this person?
  • 95. Two possibilities A. Alice is already logged on at i2c.com B. Alice is not yet logged on at i2c.com
  • 96. If Alice is not logged on at i2c.com, 12c.com just requests to log on in traditional way user name/password
  • 97. I2C.com does knows Alice’s identifying personal information
  • 98. Alice’s identifying information at I2C
    • MasterID: 5r7jd0spmas56dsffgh3ssapg
    • Real name: Alice Waters
    • Date of birth: 19-06-1970
    • Nationality: Gambia
    • Email address [email_address]
    • Profession: school director
    • Organization: Water management University
    • ……
    • ……
  • 99. By the way: Alice does trust I2C because they assure privacy PRIVACY ASSURED
  • 100. I2C.com confirms to Schools4Africa: we know the stranger knocking at your door, what do you want to know about this person?
  • 101. Schools4africa to i2c.com: that is great, we need only information about the profession and nationality and the right to contact Alice. Can you ask this on our behalf to Alice?
  • 102. I2C.com to Alice: For getting access to Schools4Africa this site would like to know the following information: Profession = “ school director ” Nationality = “ Gambia ” and they would like also the right to contact you Alice is that ok with you? … just click OK
  • 103. I2C.Com to Alice …and by the way we don’t provide any further information to schools4africa other than an unique, dedicated reference number only known to you and schools4africa an us…
  • 104. Assume this number to be an unique number representing your relationship with schools4africa; by the way you don’t have to remember this number : i2c does this for you Your relation number at school4Africa.com is http://i2c.com/re6tgw787w9hdh78wggfew555hh6hhh333656
  • 105. Alice thinks that’s cool fasttrack registration! I like those smart guys at Schools4Africa now already. Of course are they allowed to know my nationality and profession.
  • 106. So Alice is ok with School4Africa’s requests and confirms with one-click Profession = Schoolteacher Nationality = Gambia Right to contact = yes OK Alice if you click ok, this information is sent to schools4africa.com
  • 107. Schools4Africa receives just partial information and redirects Alice to the special area about school projects in Gambia
  • 108. In future sessions between Schools4Africa and Alice, more information can be requested; But future personal transactions will all be logged by i2c.com
  • 109. Schools4Africa does not have Alice’s email address but they have the right to contact…
  • 110. … this means that schools4africa can only send messages via the identity provider: [email_address]
  • 111. Alice can cancel the account at Schools4Africa and request to delete every data stored about her at Schools4Africa
  • 112. It is a pity for Schools4Africa but they can easily fulfill this delete request, because every piece of data is stored under the relation number.
  • 113. School4Africa can’t contact Alice anymore the relation number is canceled, but if would illegally an email, they would get caught by I2C.com and receive a warning or a fine. The message will not be forwarded to Alice.
  • 114.
    • Some innovations
  • 115. Facebook connect a transparent user interface…
  • 116. Showing the user what is happening
  • 117. Vidoop smart password management
  • 118. Only three categories to remember Keys, Castles, Beverages Q Y P Every day a different password!
  • 119. Confirmation of Vidoop registration
  • 120.
    • Recommendations to parties that want to federate
  • 121. Establish an really independent organization to become the Certified Open Identity Provider as described
  • 122. 1 standard agreement instead of 36 approaches negotiations & contracts 2 1 3 5 6 4 IDP independent neutral governance 
  • 123. … and assure interoperability
  • 124. Sharing partial identity across service providers 2 1 3 5 6 4 IDP independent neutral governance  Individual: Yes provider 2 and 3 sharing information about me is fine
  • 125. One interoperability example
  • 126. Interoperability: User attribute verification I2C.ID GAMBIA.GOV.ID CARE.ID Schools4Africa re6tgw787 Nationality = Gambia Federated Services providers I2C.ID has requested us to confirm your nationality for an unknown service provider logged on gambia.gov.id Yes, confirm my nationality I2C can you confirm nationality of the individual with # re6tgw787…. 1 2 Gambia.Gov.id can you confirm nationality ? 3 4 5 6 Nationality = Gambia Heath4Africa f45dlnqs9 logged on Government departments
  • 127. Start simple and implement incremental improvements against a roadmap
  • 128.
    • The professional voluntary network organized by Idplatform.eu can help you with the roadmap and development
  • 129. An overview of inspiration, relationships and activities of the IdPlatform.eu Initiative IdPlatform.eu Developing awareness Political parties Public Governments Companies Non-Profit Funding Gouvernement Commercial Private Standards Protocols Semantics Interoperability Security Legal Obligations Enforcement Liability Portability Certification Idcommons.org (mainly focused on developments in the usa) Development Open source Usability Accessibility Project: European Digital Identity Innovation Virtual relation management Privacy enhancement e-Democracy includes activities : inspired by seeks collaboration with (?) Idealism Human digital rights organizations Knowledge Virtual communities Universities Innovation institutes Government programmes Standard organizations Commercial innovation inspired by: Knowledge management Conferences wiki.idplatform.eu Workshops DevCamps includes: Potential Identity Providers & Software vendors can support Potential Relying Service Providers invited to contribute
  • 130. Prototype development
    • Purpose: digital identity awareness and learning
    • Goal: build an operational identity provider prototype
    • Getting there:
      • Preparation Aug - Oct 2009
        • (Roadmap, Working groups, Wiki, Con calls, Open Source Store )
      • Prototyping
        • Kick-off 9 – November
        • Two weekends
        • Delivery end of November
  • 131. Roadmap [draft] Shared Rules & terminology E-Citizen Rights Shared approach Enrollment & password management device independent Shared user attribute profile schema approach Shared rules & terminology privacy policy & privacy assurance Shared Rules & terminology identifiers Select one of more code sets as starting point European Privacy Data Protection Directives 7-Laws of Identity XDI OpenID/OAuth PRIME Privacy and identity management for Europe Collect usability and accessibility guidelines Usability review Usability review Usability review Usability review Shared general architecture & terminology Shared approach User Data Exchange Federation rules European Digital Identity month location? Thursday Nov 5 Identity debate Weekend Nov 6-8 Devcamp Nov 9-21 Documentation Evaluation Weekend 23-25 Devcamp Aug Sept Oct 09 preparation phase
  • 132.
    • Start with available Open Source Code:
      • www.idkee.nl
        • An OpenId/SREG prototype
        • Hosting sponsor
        • Ruby code available
        • Currently operational
  • 133. Proposed prototype extensions
    • Legal framework
    • General usability improvements
    • Identifier management
      • Directed Identity
      • Anonymous, Pseudonyms, Real-names
    • Proxy email/Right-to-contact
    • Device independent password challenge
      • Mobile phone, Phone, Desktop
    • Semantic profile transformation