Shopping for Identity Providers – What do I need to know before I put my identity in your provider
Session Topic: Shopping for an Identity Providers: What do I need to know before I put my identity in your provider?
Wednesday 3E
Convener: Matt Berry
Notes-taker(s): Dan Sanford
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Things to consider
nsio
strong authentication
privacy policy
protocols
guarantees
operational security
scopes and types of information
relevancy
information required for identity proofing
How do I measure it?
Could certify operational security and privacy policy
Lots of discussion - what is an IDP (e.g. )
- abiility to export data
- ability to provide data to a third party'
how (when and why) will privacy policy change? Lots of discussions about who measures, what and how much IdP describes this information? Are we willing to pay for it?
Government or others can monitor changes and/or validating that entities do what they intend to, or possibly even meet some standard (e.g. w3c recommended policy standards for website - has gone nowhere)
Lots of discussion of standards for these things to consider that we would want that don't exist right now - which is something that we would want to consider if they were available.