Re: [public-credentials] <none>

I'm very disappointed by the ambitions suggested by this article.

I'm currently preparing proposals for an interest group with the internet
society (au), an auIGF session, and on-going workshops between between now
and the 2015 IGF (all of which is still being defined ATM); I am very
worried about the possibilities of something being implemented quickly
(noting vendor interactions / existing products), that may not serve the
best interests of citizens.

I would very much appreciate some discourse within this group of Subject
Matter Experts.  Given assistance, i should be able to follow-up, and at a
minimum, allay my concerns, which extend far beyond the *relatively*
*simple* issues of privacy specifically.

Some of the solutions orientated thinking includes;

The introduction of Web Science curricula being important;

discourse around data-rights,

improving communication of 'what is linked-data', and an array of other
concepts that support knowledge economy.  Oftentimes the term 'metadata' is
used; albeit, moreso in relation to 'mandatory data retention'[1] [2]

Means to communicate these very complex issues to laypeople. ie: building
UI examples, etc. EXAMPLE: make a mock-up ledger, outlining the costs from
all forms of tax upon citizens, and present it as a % of total income /
expenditure.  Use info-graphics to show cost of life, as defined by
payments to gov.

Perhaps also, show citizens rights in terms of data-accessibility, reuse,
etc.

could create means to show how to scrap all other forms of ID, using one
centralised credential.  That way, a ledger could include info about other
taxes... Perhaps associate to devices linked via [1][2].

Thinking on a higher-level again, it could certainly provide interesting
information about the function of a fiat economy...  Perhaps info-graphics
could show black-spots, where the data is 'missing'.

Whilst these are farcical concepts, I have concerns.  I can appreciate that
my responses may put forward views in form of  </rant>; overall, it does
worry me.

As noted; i would appreciate the views of others on the topic.

Do you believe the proposed structure is a SECURE and SAFE approach?

What Accountability Systems do you believe should be in-place, and how to
these accountability requirements extend as these services become more
highly integrated across the multi-functional use-cases, of every-arm of
government...?

Tim.H.

[1]
https://www.getup.org.au/campaigns/privacy/mandatory-data-retention-efa--2/sign-the-petition
[2]
http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5375

On 23 January 2015 at 23:28, <Joerg.Heuer@telekom.de> wrote:

> Hello Tim,
>
>
>
> While I share the idea to have easy access to governmental services and a
> way to refer to my citizenship-based identity, we should be cautious about
>
> a) connecting them too tightly, and
>
> b) assuming it works the same for the industry and people’s relationship
> to services and merchants.
>
>
>
> With respect to our history, Germany has a strong federalist setup for
> many processes. Centralization is prohibited in several instances. Again, I
> think modern identity management technology and authentication methods can
> help across almost all thinkable states services. Taking a user-centric
> course could help to make things acceptable in a variety of legislations
> and cultures.
>
>
>
> Our electronic ID project has resulted in a pretty secure, but for
> non-governmental services nearly inacceptable overhead and costs.
> Furthermore, handling for users (including the fact that you have to buy an
> NFC reader) is pretty much a no-go. Alas, for the ‘business case’ (as far
> as governments have to have and fulfill one ;-) industrial take-up would be
> crucial.
>
>
>
> This is, why we tend to separate identity and entitlement as good as we
> can. Entitlements work even under severest privacy restrictions and
> verification of identity can always be added if needed – but you have to
> have it, of course (so de-facto, Germany doesn’t have a ‘working’ online-ID
> solution). And again, if the government
>
> 1st) accepts their role as an identity provider for a person’s legal
> identity which is
>
> 2nd) usable for all digital transactions which require some quality of it,
>
> 3rd) is under full control of the user and
>
> 4th) also supports government services
>
> I’d be very happy.
>
>
>
> The tendency to first think of ID proofs for governmental services usually
> creates ‘closed shop’ approach and renders these solutions often useless
> for further applications. (BTW: this works in many companies just the same
> – focusing on ‘own customers’.)
>
>
>
> So far my theory ;-) What are your experiences?
>
>
>
> Cheers,
>
>                 Jörg
>
>
>
> *From:* Timothy Holborn [mailto:timothy.holborn@gmail.com]
> *Sent:* Freitag, 23. Januar 2015 13:06
> *To:* W3C Credentials Community Group
> *Subject:* [public-credentials] <none>
>
>
>
> FYI
>
>
>
>
>
> "My ideal is to be in a situation where the MyGov platform was available
> to every level of government and people could have a single, secure,
> digital identity that enabled transactions from the local council, the
> state government, so everything from childcare allowances, to your rates,
> stamp duty, traffic fines," he said."
>
>
>
> SOURCE:
> http://www.smh.com.au/it-pro/government-it/tony-abbott-promotes-malcolm-turnbull-to-take-charge-of-egovernment-20150123-12wstp.html
>
>
>
> Tim.H.
>