Re: GGIE Identity Use Case Requirements v.1

A couple of thoughts:

1/ Probably need to add a requirement that pseudonyms need to be 
ephemeral.  Even tracking the same pseudonym across multiple sessions 
likely reveals more than the user wants.  (For an example, where “MAC 
addresses” in fitness trackers are effectively pseudonyms, see:  
https://openeffect.ca/reports/Every_Step_You_Fake.pdf ).

2/ I get that the make & model of the device are PII for the hardware.  
But ISTM that make, model and software version must be revealed 
accurately in order to carry out appropriate delivery of the content.  
Perhaps we need to make the distinction between what will not be 
revealed/relied up on in the transaction, versus what will not be 
stored/used for other purposes.  Make/model/software may be revealed and 
used for the purpose of the transaction but not stored, for eg.

Leslie.

-- 

-------------------------------------------------------------------
Leslie Daigle
Principal, ThinkingCat Enterprises
ldaigle@thinkingcat.com
-------------------------------------------------------------------
On 23 Feb 2016, at 20:48, Bill Rose wrote:

> Attached is a first pass at a requirements document for GGIE Identity 
> Use
> Cases for tomorrow's call.
>
> Best Regards,
>
> Bill Rose
> President
> WJR Consulting, Inc.
> (860) 313-8098

Received on Wednesday, 24 February 2016 16:06:49 UTC