El 03/05/2009, a las 5:51, Malcolm Crompton escribió: > Jose et al - thanks for addressing this issue. > > I have quite a number of comments to make so won't waste the time of > the > wider group by copying them in unless you think it is worthwhile > bringing > them in. > > I found that I could not deal with the drafting without going back > to the > beginning of the section titled Identification and Authentication > starting > at www.w3.org/2007/eGov/IG/Group/docs/note#idauth. > > The first point where I would suggest change is under the heading > The Myth > versus the reality, at > www.w3.org/2007/eGov/IG/Group/docs/note#idauth.what.myth. > > Right at that point, we need to have a sentence or two on why > globally we > are getting IDM wrong & hence how to avoid contributing to it. And > the > error is not just that it is easier to forge on a mass scale. It is > massively compounded by making the value of such forgery worthwhile > doing. > And this is happening because we have introduced a vast range of new > circumstances where the claim requiring authentication is an identity > assertion rather than some other assertion. > > [in the meat world, to buy a book all I have to do is produce a > token that > is unlikely to have been forged (ie money) and is likely to be mine > to give > (ie I have not stolen it) and combine this with a process that makes > it > unlikely I will repudiate the transaction (eg snatch back the money > after > the book gets in my hand). But online, we have to produce identity > claims > to do this as well. Hence the trick will be to make any one > authenticated > claim not worth stealing. And we are just beginning to work out how > to do > this at the technology layer (eg the PRIME & PrimeLife projects in > Europe & > the work of many others such as Higgins & MS CardSpace).] > > Thus one recommendation in this work is to recommend very strongly a > principle that parties only require identity claims to be presented & > authenticated when no other claim will do AND that when an identity > claim > does need to be presented, it is a context specific claim (eg my > health > identifier is useless & not copyable in any other circumstance). > > At that point as well, it is vital to introduce the concept of mutual > authentication as a matter of mutual respect and as an essential > security > requirement. It is just as important that the citizen be able to > see proof > that it is dealing with a government agency in a legitimate > circumstance as > it is for the government agency to be able to see proof that it is > dealing > with the right citizen. The most obvious manifestation of failing > to do > this is phishing, where the individual is tricked into thinking that > they > are dealing with a legitimate organisation (see the short paper at > www.iispartners.com/downloads/user_centric_id.pdf). Once this is > done, there > are a whole series of places where redrafting & re-balancing is > needed. For > example, the emphasis in the later para beginning "Personal identity > verification is not the only aspect of identity in online > transactions ..." > is all wrong because it is dealing only with the citizen identifying > itself > to government, not the equally important part of government > recognising it > needs to be just as careful in identifying itself to the citizen. > > Under the heading What Public Policy Outcomes are Related ..., at > http://www.w3.org/2007/eGov/IG/Group/docs/note#idauth.policy, I would > rephrase away from suggesting that identity & privacy must be > 'balanced' > against each other. That immediately implies sub optimal outcomes > because > it limits thinking to trade off options. But there are also options > where > BOTH can be enhanced at once. The example given above is one. If > we can > limit the number of circumstances when the same identity claim has > to be > presented & authenticated, we are likely to have improved privacy AND > security. > > Hence rather than the words "the need for authentication and > identity should > be balanced with:", why not words such as "the need to ensure that > authentication and identity are designed with privacy in mind from > the very > start so that it is not compromised". > > Under the heading at > http://www.w3.org/2007/eGov/IG/Group/docs/note#idauth.benefits, the > big > missing drawback is the transfer of power to any trusted third party > that > can decide to bring you into digital existence, wipe you out and track > everything that you do in between (in fact, a digital god). This is > probably the most worrying thing about ID management where > government is the > trusted third party doing this, especially when done wrongly. The > Potential > Drawbacks list does not reflect this concern. Arguably this is > covered by > the words "decreased privacy" but it doesn’t really get the message > across > because most readers will read "decreased privacy" as involving > insufficient > notice or too much information sharing, all of which can be > components of > the larger concern but that's all. Perhaps words along the lines of > "perceptions or even the reality of Big Brother surveillance and > control". > > Somewhere at about this point, we also need to introduce the extreme > importance of allowing anonymous or pseudonymous transactions wherever > possible. The para underneath that list can be interpreted to be > seeking to > exclude this vital part of human existence. > > Bearing all this in mind, under the heading > http://www.w3.org/2007/eGov/IG/Group/docs/note#idauth.how, Legal > Dependencies cannot be limited to the considerations currently listed. > Legal dependencies also include appropriate legal frameworks to > protect the > citizen from misuse by others and misuse by government. [Part of > the debate > in the UK about the identity card there has come from the inadequate > legal > protections being offered to the citizen should the card go ahead.] > > Under the next heading Technological Methods ..., there is no need > for the > word "restrictive" because it implies a step backwards. Rather, > such law > may in fact be a step forward to ensure that government is kept in its > place. > > Then we get to the Safe to Play words. > > Perhaps a better formulation goes along the following lines: > > * Fair Risk Allocation (essentially proved consumer protection so that > citizens do not take on an undue burden of risk). > > * Control (essentially ensuring that citizens can be assured that > information about them is under control and not in a weak security > environment or will be used in a way that was not expected; if this > is not > possible then the citizen will expect to be able to exert a greater > degree > of control personally) > > * Accountability (an important way of ensuring that government does > in fact > bear an appropriate burden of risk by paying for and responding to > governance mechanisms that ensure that its operations are working as > intended; unintended consequences are identified and addressed and the > chances of things going wrong minimised) > > * Safety net (given that all human built systems fail at some time or > another and that the citizen is likely to be the party most affected > & least > able to withstand a failure, how to ensure that the citizen is well > looked > after when things go wrong: in the case of identity management how to > ensure that a lost or compromised identity is dealt with as an > 'innocent > until proven guilty' event rather than the other way round. The way > in > which an organisation, public or private sector, manages failure is > one of > the most important contributors to its perceived trustworthiness. An > organisation that is arrogant & won't admit failure let alone > contribute to > addressing its consequences will be considered vastly less > trustworthy than > an organisation that acts in the opposite way.) > > I am sorry if this looks hastily written. It is. It seemed better to > provide some thoughts quickly rather than nothing at all which was the > alternative just at present at this end. > > Regards > > Malcolm Crompton > > Managing Director > Information Integrity Solutions Pty Ltd > ABN 78 107 611 898 > > T: +61 407 014 450 > > MCrompton@iispartners.com > www.iispartners.com > > > > > -----Original Message----- > From: Jose M. Alonso [mailto:josema@w3.org] > Sent: Friday, May 01, 2009 9:26 PM > To: MCrompton@iispartners.com > Cc: 'Daniel Bennett'; 'John Sheridan'; 'eGovernment Interest Group WG' > Subject: Re: ISSUE-17 (safetoplay): safe to play [Identification + > Authentication] > > Malcolm, > > Daniel has added some here: > http://www.w3.org/2007/eGov/IG/Group/docs/note#idauth.issues.citizen > > Is that enough to satisfy your comments? If not, could you please > provide replacement text? > > We have a very tight schedule so if we don't hear any objection from > you by May, 5th, we'll understand is fine enough and go ahead as is. > > Thanks much, > Jose. > > > El 17/04/2009, a las 13:54, Malcolm Crompton escribió: >> Jose - thanks. I will follow responses & comment on input if that >> would be >> helpful. >> >> Malcolm Crompton >> >> Managing Director >> Information Integrity Solutions Pty Ltd >> ABN 78 107 611 898 >> >> T: +61 407 014 450 >> >> MCrompton@iispartners.com >> www.iispartners.com >> >> >> >> >> -----Original Message----- >> From: public-egov-ig-request@w3.org [mailto:public-egov-ig-request@w3.org >> ] >> On Behalf Of Jose M. Alonso >> Sent: Friday, April 17, 2009 8:30 PM >> To: Daniel Bennett; John Sheridan >> Cc: eGovernment Interest Group WG >> Subject: Re: ISSUE-17 (safetoplay): safe to play [Identification + >> Authentication] >> >> Daniel, John, >> >> I raised this one on behalf of Malcolm. I attached it to Id&Auth for >> now, although I believe it touches on other sections such as Social >> Media. >> >> Please, take a look and see if/where a paragraph or two and reference >> should be addded. >> >> -- Jose >> >> >> El 17/04/2009, a las 12:26, eGovernment Interest Group Issue Tracker >> escribió: >>> ISSUE-17 (safetoplay): safe to play [Identification + >>> Authentication] >>> >>> http://www.w3.org/2007/eGov/IG/track/issues/17 >>> >>> Raised by: Malcolm Crompton >>> On product: Identification + Authentication >>> >>> The importance of 'Safe to Play' from a citizen's perspective as we >>> get into >>> eGov. The most relevant paper is 'Safe to Play' which is >>> available at: >>> >>> >> > http://www.iispartners.com/downloads/2008-02Safe-to-play-white-paper-V9POST- >> NOBELFINALVERSIONFeb08.pdf >>> >>> Jose is raising this one on behalf of Malcolm Crompton >>> >>> >>> >> >> >