Identity Lifecycle
Monday Session 4 Space E
Conference: IIW10 May 17-19, 2009 this is the complete Complete Set of Notes
We have several classes of data:
Uncontrollably exposed - Here we are throwing up our hands.
Controllably exposed (for example by contract) retrievable/withdraw able/erasable - Vanish is an example of a product here.
Is there another level here which is "Assured destruction"
Disappearing Ink was a company in this space. Data security becomes very much like a DRM system.
How do we apply this to Identity Information?
Another taxonomy:
- Permanent data that we might want to withdraw.
- Transient data that should have a limited life.
What controls do we have here?
- Contract
- Legal obligation
Can a trusted 3rd party help ensure te dustruction/privacy/revocation.
A key question, "what is the incentive for people to be good actors?" or what's the penalty for not obeying privacy restrictions?
Another interestion question of information lifecycle: when the data changes context you may really care. It can be a big problem. The privacy boundaries here are significant and the user needs to be in control.