IIW - User contributions [en]

IIW 26 Session Notes

2018-04-06T15:24:36Z

=markus: Marcus -> Markus

=Tuesday April 3, 2018=
===Session 1===
11:00 - 12:00

1A/[[3D’s of Identity (agents, relationships, ATTR’s)]]

1B/ [[101 Session / Introduction to OAuth 2.0]]

1D/[[A Primer on Verifiable Credentials and Decentralized Identifiers]]

1F/[[GDPR What (Identity Stuff) is it GOOD for?]]

1H/[[Identity Agents & HUBS: Messaging API’s & the “Layer Model” & Functional Architecture for S.S.I. Blockchain – working session]]

===Session 2===
12:00 - 1:00

2A/[[IDPro Organization]]

2B/[[101 Session / Open ID Connect]]

2C/[[RWOT 6 Biometric Principles White Paper Review]]

2D/[[Identity Wallets are not Crypto Wallets]]

2F/[[Cat Herding – Building Consensus]]

2G/[[Capabilities 101]]

===Lunch===
1:00 - 2:00

Lunch B/[[Functional Identity 101]]

Lunch H/[[Use = Self Sovereign Bill of Rights = To Update Real Estate Consumer Bill of Rights]]

===Session 3===
2:00 - 3:00

3A/[[Self-Sovereign Agent Communication]]

3B/[[101 Session / Introduction to UMA = User Managed Access]]

3C/[[Yo GDPR: Terms WE Assert and Sites & Services Agree to Check]]

3D/[[Distributed Social Networks (Activity Pub etc…)]]

3F/[[Could Native Secure Access]]

3I/[[Mobile Driver’s License (mDL)]]

===Session 4===
3:00 - 4:00

4A/[[What Are The ‘Wallets’ visions/projects – Do We Need a Working Group?]]

4B/[[101 Session / NIST Digital Identity Guidelines]]

4C/[[Digital Puerto Rico]]

4D/[[User-Managed Access: The BLT Sandwich – Business, Legal, Technical – Use Cases Mappings]]

4F/[[Intro to DID Auth]]

4G/[[Fedromp High FAL3 + AAL3 What is Required?]]

4H/[[Decentralizing Reputation (with blockchains?)]]

4J/[[The Future Of PRIVACY While Accessing PUBLISHED CONTENT]]

===Session 5===
4:00 - 5:00

5A/[[Fast Fed – Making SSO Easier to Set Up. Intro and Looking for Others Who Are Interested]]

5B/[[101 Session / Self-Sovereign Identity (SSI) DID’s, Verifiable Claims etc…]]

5C/[[Building A Sovrin Linked Permissionless Ledger for Data Analytics]]

5E/[[Compatibility JSON-LD & Indy Proof Request Exchange]]

5F/[[Armor Up – The Gravity Wars ~ Real World vs Virtual Reality and the Human OS]]

5G/[[SISA’s = Standard Information Sharing Agreements]]

5H/[[OAuth + SPA (Single Page Apps) Can We Just Use Code Flow Everywhere]]

5I/[[Digital ID for Stateless Refugees]]

=Wednesday April 4, 2018=

[[8:00 - 9:00 Women's Breakfast]]

===Session 1===
9:30 - 10:30

1A/[[What is Sovrin? How to become a Sovrin Steward. Self Sovereign Identity 102]]

1C/[[WebAuthn + DID Auth]]

1E/[[Agent/Wallet? What is Agent? What is Wallet? Are They The Same?]]

1F/[[Decoupled Flow for OAuth (AKA CIBA)]]

1G/[[Zero Knowledge Proofs 101]]

1H/[[Native SSO for Mobile Apps]]

1I/[[Agent Communication Message Types + Names Spaces]]

===Session 2===
10:30 - 11:30

2A/[[DKMS Demo]]

2C/[[TheOrgBook / Permitify – Bootstrapping SSI Using A Gov DID/Ver Cred Workflow Implementation]]

2D/[[DID Ledger Lightening Talks]]

2F/[[What Do You HATE about OAuth?]]

2G/[[Publishing & /Advertising After 25 May ADPR Day]]

2I/[[Consent As A Service: Making Consent Compliant & Effective]]

2J/[[MyCUID/CU Ledger Update & Workshop]]

2K/[[Path To Adoption for Self-Sovereign Identity & An Idea For Soverin / Use Cases For]]

2L/[[Digital Puerto Rico Part 3]]

===Session 3===
11:30 - 12:30

3A/[[Quest For The Mnemon Seed #1]]

3C/[[Bringing The Best of IIW to India / Making IIW a Global Decentralized Community]]

3D/[[Open ID Foundation – Fast Fed & DIDC Federations = Enough Similarities to Share/Merge?]]

3E/[[Philosophy of Conscious Body w/Tech, ID Experience & S.O.U. Sovereign Ownership Under Law Prize 10M]]

3F/[[Saving Democracy What Could Happen]]

3G/[[DID Auth Workflows (Part 2)]]

3I/[[IaM and IoT]]

3J/[[Digital Guardianship]]

3K/[[Outsourcing GDPR Using UMA]]

3L/[[IAB Transparency and Consent Framework]]

3M/[[Sovrin – Exploring Building an Alliance Wants & Needs (especially if you aren’t Evernym)]]

===Session 4===
2:30 - 3:30

4A/[[The Business of Self-Sovereign Identity]]

4B/[[Kantara Consent Receipts – Communicating User Consent Between Data Controllers]]

4C/[[The “ID” of KIDS]]

4D/[[Expanding Language = The Identity of Words ~ Amebic / Shape Shifting]]

4E/[[Discussing + Examining CULTURAL BIAS In Specifications and Other Technical Documents]]

4F/[[An Analysis of S.S.I. Using Appreciative Inquiry]]

4G/[[Mobile APP - APP OAuth]]

4H/[[SAML Interoperability Deployment Profile]]

4I/[[DID Resolvers & DID JWT]]

4J/[[Easy POST Quantum Signature with Block Chain]]

4K/[[Separable Identifiers & Intersectional Collaboration]]

4M/[[Do-It-Yourself password free! – Cryptographic Authentication for Web Apps]]

===Session 5===
3:30 - 4:30

5B/[[Indy 301: Attribute Based Credentials & Zero Knowledge Proofs – Secret Contracts Private Computation]]

5C/[[Secure Elements DICE & TPM]]

5D/[[Communications Words Storytelling For Humans]]

5E/[[GDPR AEORR (requirements + capabilities) Interactive Design Session]]

5F/[[Consequential I.D. – How Not To Reinforce Power Imbalances in the Systems You Implement]]

5G/[[Phone # Global Identifier]]

5H/[[ORCID: What Should It Be Considering?]]

5I/[[Veres One (DID Ledger) Deep Dive]]

5J/[[Open ID v. FIDO v. SSI]]

5L/[[TLS Flex Expanded Library Support For Alternate Certificate Sources]]

5M/[[How Are You Making Money In The Sovereign Ecosystem?]]

=Thursday April 5, 2018=
===Session 1===
9:30 - 10:30

1A/[[Solving Professional Credentialing – A Dialogue w/Projects & Companies]]

1C/[[Soliciting YOUR Input (help a newbie!) How do You Want To Wield Your Data To Get Things Done? Commerce & ID]]

1F/[[Zero-Knowledge Prof’s 101 ENCORE – Only Highschool Math]]

1G/[[User-Controlled GDPR Consent Cookie]]

1H/[[Cooperation Among Our Communities Owning Interoperable Identities. A Cooperative?]]

===Session 2===
10:30 - 11:30

2A/[[InSide Out SID’s (Standard Immutable Delegation) & Trustless Distributed Computing]]

2C/[[Future of SSI: Tech Scalability & Onboarding Issuers & Identity Holders to Identity Blockchains]]

2D/[[REAL Federation]]

2E/[[PDX – Personal Data Exchanges – Possibilities Why/What]]

2F/[[Addhaar Pros + Cons]]

2G/[[Contributing to W3C Standards]]

2H/[[Comparing Info Without Revealing It]]

2I/[[Agent-Centric v Data-Centric Reality]]

2J/[[Digital Puerto Rico – Part 4 of 3]]

2K/[[Beyond Early Adopters – Getting the World to Inform What We Build!]]

2M/[[Identity Hub Personal Data Store – Soverin Agents – The Grand Unification]]

===Session 3===
11:30 - 12:30

3A/[[Mydata Movement – Looking at Identity from the Perspective of Human Centric Personal Data Management.]]

3C/[[eIDAS & SSI]]
3D/[[Self Sovereign – Reputation – Radical – Disintermediation + 2 Sided Networks]]

3E/[[Using Identity Tech To Keep People Safe in the Real World]]

3F/[[How Agents + Decentralized Interfaces Help The De-Siloazation of IoT]]

3G/[[Designing Ourselves Into The Future & Humanizing DID’s + VC’s]]

3H/[[Hyperledger – Who/What/Where/Why Open Source]]

3J/[[Breaking Digital Gridlock – Banking and Identity]]

===Session 4===
12:30 - 2:00 (Working Lunch)

4D/[[Massively Multiplayer Online Secure Environments (Games!)]]

4F/[[Who Am I? (story time with Markus)]]

4G/[[A Self Sovereign Technology of Stack HIE of ONE]]

4I/[[Digital Divide & Gender Equality in Indian Emerging Markets]]

4J/[[Value Network Mapping Market Models 4 Self Sovereign Ecosystem]]

4K/[[A Conversation About RECOVERING…. A Forgotten Credential Security]]

===Session 5===
2:00 - 3:00

5A/[[CRBAC An Introduction]]

5B/[[The Sovereign Web-Of-Trust Model / Dynamic Web of Trust?

5C/[[ID & Connected Vehicle]]

5F/[[”Machine Readable User Asserted Terms for Privacy” An IEEE Standard Working Group]]

5G/[[Delegation of Authority for Organizations + Services w/DID’s + VerfCreds]]

5K/[[WHAT IS YOUR PROBLEM? (Bring Me Research) ]]

DIF – Universal Resolver + Universal Registrar (DID’s across blockchains)

2017-10-18T18:29:01Z

=markus:

'''App Auth RFC8292 BCP212 Q&A'''

'''Wednesday 1D '''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: '''

Several communities are making progress on specifying "methods" such as '''btcr''', '''sov''', etc. for Decentralized Identifiers (DIDs) in different blockchains, DLTs, and other decentralized storage systems.

The Decentralized Identity Foundation (DIF - http://identity.foundation/) is now working on a "Universal Resolver" that can resolve DIDs to their DID Documents in a unified way, by exposing an abstract interface that is implemented by a "driver" for each DID method.

The Universal Resolver can be deployed as a web service, and drivers can be implemented as docker containers. For some DID methods such as '''btcr''' and '''sov''', a driver has to go through a number of steps to dynamically assemble the DID Document. In other cases such as '''v1''' and '''ipid''', the DID method actually stores the DID Document that can be returned by the Universal Resolver directly.

Right now, preliminary drivers exist for '''btcr''', '''sov''', '''ipid''', '''uport''', '''ipid'''.

Corresponding to the Universal Resolver, there will also be a Universal Registrar that can cover registration (and updates, and revocation) of identifiers, using a similar architecture involving an abstract interface and a set of drivers. Depending on the method, this may require the user to take certain action (e.g. send funds to a Bitcoin address, or contact a Sovrin trust anchor).

* https://github.com/decentralized-identity/universal-resolver/
* https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/tree/master/draft-documents/UniversalResolver

DIF – Universal Resolver + Universal Registrar (DID’s across blockchains)

2017-10-18T18:28:28Z

=markus:

'''App Auth RFC8292 BCP212 Q&A'''

'''Wednesday 1D '''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: '''

Several communities are making progress on specifying "methods" such as '''btcr''', '''sov''', etc. for Decentralized Identifiers (DIDs) in different blockchains, DLTs, and other decentralized storage systems.

The Decentralized Identity Foundation (DIF - http://identity.foundation/) is now working on a "Universal Resolver" that can resolve DIDs to their DID Documents in a unified way, by exposing an abstract interface that is implemented by a "driver" for each DID method.

The Universal Resolver can be deployed as a web service, and drivers can be implemented as docker containers. For some DID methods such as '''btcr''' and '''sov''', a driver has to go through a number of steps to dynamically assemble the DID Document. In other cases such as v1 and ipid, the DID method actually stores the DID Document that can be returned by the Universal Resolver directly.

Right now, preliminary drivers exist for '''btcr''', '''sov''', '''ipid''', '''uport''', '''ipid'''.

Corresponding to the Universal Resolver, there will also be a Universal Registrar that can cover registration (and updates, and revocation) of identifiers, using a similar architecture involving an abstract interface and a set of drivers. Depending on the method, this may require the user to take certain action (e.g. send funds to a Bitcoin address, or contact a Sovrin trust anchor).

* https://github.com/decentralized-identity/universal-resolver/
* https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/tree/master/draft-documents/UniversalResolver

DIF – Universal Resolver + Universal Registrar (DID’s across blockchains)

2017-10-18T18:28:01Z

=markus:

'''App Auth RFC8292 BCP212 Q&A'''

'''Wednesday 1D '''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: '''

Several communities are making progress on specifying "methods" such as '''btcr''', '''sov''', etc. for registering Decentralized Identifiers (DIDs) in different blockchains, DLTs, and other decentralized storage systems.

The Decentralized Identity Foundation (DIF - http://identity.foundation/) is now working on a "Universal Resolver" that can resolve DIDs to their DID Documents in a unified way, by exposing an abstract interface that is implemented by a "driver" for each DID method.

The Universal Resolver can be deployed as a web service, and drivers can be implemented as docker containers. For some DID methods such as '''btcr''' and '''sov''', a driver has to go through a number of steps to dynamically assemble the DID Document. In other cases such as v1 and ipid, the DID method actually stores the DID Document that can be returned by the Universal Resolver directly.

Right now, preliminary drivers exist for '''btcr''', '''sov''', '''ipid''', '''uport''', '''ipid'''.

Corresponding to the Universal Resolver, there will also be a Universal Registrar that can cover registration (and updates, and revocation) of identifiers, using a similar architecture involving an abstract interface and a set of drivers. Depending on the method, this may require the user to take certain action (e.g. send funds to a Bitcoin address, or contact a Sovrin trust anchor).

* https://github.com/decentralized-identity/universal-resolver/
* https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/tree/master/draft-documents/UniversalResolver

DIF – Universal Resolver + Universal Registrar (DID’s across blockchains)

2017-10-18T18:27:07Z

=markus: Created page with "'''App Auth RFC8292 BCP212 Q&A''' '''Wednesday 1D ''' '''Convener:''' Markus Sabadello '''Notes-taker(s):''' Markus Sabadello '''Discussion notes, key understandings..."

'''App Auth RFC8292 BCP212 Q&A'''

'''Wednesday 1D '''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: '''

Several communities are now working on specifying "methods" such as '''btcr''', '''sov''', etc. for registering Decentralized Identifiers (DIDs) in different blockchains, DLTs, and other decentralized storage systems.

The Decentralized Identity Foundation (DIF - http://identity.foundation/) is now working on a "Universal Resolver" that can resolve DIDs to their DID Documents in a unified way, by exposing an abstract interface that is implemented by a "driver" for each DID method.

The Universal Resolver can be deployed as a web service, and drivers can be implemented as docker containers. For some DID methods such as '''btcr''' and '''sov''', a driver has to go through a number of steps to dynamically assemble the DID Document. In other cases such as v1 and ipid, the DID method actually stores the DID Document that can be returned by the Universal Resolver directly.

Right now, preliminary drivers exist for '''btcr''', '''sov''', '''ipid''', '''uport''', '''ipid'''.

Corresponding to the Universal Resolver, there will also be a Universal Registrar that can cover registration (and updates, and revocation) of identifiers, using a similar architecture involving an abstract interface and a set of drivers. Depending on the method, this may require the user to take certain action (e.g. send funds to a Bitcoin address, or contact a Sovrin trust anchor).

* https://github.com/decentralized-identity/universal-resolver/
* https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/tree/master/draft-documents/UniversalResolver

IIW 25 Session Notes

2017-10-18T18:14:57Z

=markus:

=Tuesday October 17, 2017=
===Session 1===
11:00 - 12:00

1B/ [[101 Introduction to OAuth2]]

1C/ [[DHS S&T IDM Program’s R&D]]

1F/ [[DIF Technical/Recap and Roadmap Discussion]]

1G/ [[App Auth Q & A RFC 8292 BCP 212]]

1H/ [[Blockchain Democracy]]

===Session 2===
12:00 - 1:00

2A/ [[Self-Sovereign Identity #]]

2B/ [[101 Introduction to OpenID Connect]]

2C/ [[Is Your Data Legal? Meaningful (oxymoron?) Consent]]
2D/ [[‘Fixing’ The Consumer IOT/Smart Home User Experience]]

2E/ [[6 Degrees of Identity Freedom]]

2F/ [[DIF Did’s In-Depth (w/Review of Contentious Bits)]]

2G/ [[Token Binding for Cookies – OpenID Command OAuth]]

2H/ [[Intro to Hyperledger “So you think you need a Blockchain…”]]

===Session 3===
2:00 - 3:00

3A/ [[Mutual OAuth Distributed OAuth]]

3B/ [[101 All Things UMA (user managed access)]]

3C/ [[Concerned About Centralized Authority? Let’s Make It Participatory]]

3D/ [[Implications for the End User of How You Design A Blockchain For Digital Identity]]

3F/ [[Aadhaar]]

3G/ [[Information Sharing Agreements (ISA) – First Party Terms That YOU & I Proffer: V2.0 of the Commercial Web]]

3I/ [[The Big, Big Picture = Identity Money Topology – A Conversation]]

3J/ [[Identity Agents: It’s not just what you know, it is what you can DO – Personal Data Stores—Extensible API’s]]

===Session 4===
3:00 - 4:00

4A/[[RISC – Working Session]]

4B/ [[101 NIST – Digital Identity Guidelines ‘101’]]

4C/ [[Blockchain Security & Privacy R&D Lessons Learned and Gaps]]

4D/ [[Fixing Social Security Numbers = Blockchain, Good Identity, Don’t Break Existing SW]]

4F/ [[Functional Idenity]]

4G/ [[Public Blockchains AND – Private UMA) User Managed Access]]

4H/ [[Open ID Connect CIBA Explained]]

4I/ [[Identity Concepts Around The World]]

===Session 5===
4:00 - 5:00

5A/[[Public Blockchain Addresses FOR User-Centered Digital Signatures]]

5B/ [[101 Introduction to DID’s, Verifiable Claims and Blockchains]]

5E/ [[Blockchain Interop Chameleon Nodes?]]

5F/ [[HOLOCHAIN P2P Apps Without the Blockchains Problems for Scale, Speed, Cost & Governance]]

5G/ [[Next Gen Phishing (all your OTP belongs to us)]]

5H/ [[Yubikey Usability Study – Results for lab + longitudinal study]]

5I/ [[IDPro = Help Build Next Gen of ID Professionals]]

=Wednesday October 18, 2017=

[[8:00 - 9:00 Women's Breakfast]]

===Session 1===
9:30 - 10:30

1A/ [[Intro to Sovrin]]

1B/ [[Two Short Talks on Capabilities]]

1C/ [[Distributed ID System Patterns with Distributed Systems]]

1D/ [[DIF – Universal Resolver + Universal Registrar (DID’s across blockchains)]]

1G/ [[Minute Money? A new currency based on A NEW PARADIGM – Time AS Money]]

1H/ [[DNS Based OpenID Connect Discovery]]

===Session 2===
10:30 - 11:30

2A/ [[Triple-blind Brokered Identity Federation]]

2B/ [[First Party World: People in charge via GDPR by 25 May 2018 – Calling Lawyers & Geeks]]

2C/ [[Ecosystem Map – Explore Where Could It Go – Insight Treasure Hunt]]

2D/ [[Estonian ID Cards Internet Voting]]

2G/ [[DIF Identity Hubs Deep Dive & Spec Feedback]]

2H/ [[NO Identity – ID As A Collection of Verifiable Claims]]

2I/ [[Gender and Diversity in the Valley – A Listening Circle to talk about all the stuff]]

===Session 3===
11:30 - 12:30

===Session 4===
2:30 - 3:30

===Session 5===
3:30 - 4:30

=Thursday October 19, 2017=
===Session 1===
9:30 - 10:30

===Session 2===
10:30 - 11:30

===Session 3===
11:30 - 12:30

===Session 4===
12:30 - 2:00 (Working Lunch)

===Session 5===
2:00 - 3:00

IIW 23 Demo's

2016-10-20T15:15:14Z

=markus: removing demo entry again and sending info to Heidi instead

== IIW XXIII #23 DEMO LIST - Wednesday October 26, 2016 ==

'''TABLE #'''

'''1. Verifiable Claims Ecosystem Demo:''' Manu Sporny
URL: http://w3c.github.io/webpayments-ig/VCTF/architecture
See a demo of the Verifiable Claims Ecosystem in action. Part of this
work is proposed for standardization at W3C. The 5 minute demo covers a
self-sovereign verifiable claim being issued, stored, and used.

'''2. YubiKey Demo:''' Stina Ehrensvard, CEO and Founder & Chris Streeks, Solutions Engineer
URL: https://www.yubico.com/products/yubikey-hardware
We'll demo the versatile YubiKey, which supports open standards such as PIV, OATH, OpenPGP and FIDO U2F. Use U2F strong authentication to log into Gmail, Dropbox and now Salesforce among others. See PIV capabilities for MacOS Sierra log in. Use the same YubiKey with Windows Hello to unlock your Windows desktop.

'''3. HIE of One, PBC and HIE of One:''' Adrian Gropper
URL: http://hieofone.org
HIE of One is a proof of concept for self-sovereign support technology based on UMA. Using healthcare as the demo domain, Alice operates her own authorization server and manages policies re: OpenID Connect. Soon, we will also include blockchain standards for self-sovereign ID.

'''4. Lumenous, the first credit "non-bureau,":''' LaVonne Reimer
URL: http://www.lumenous.net
The first credit bureau launched in 1841. The model has not been rethought, until now. Lumenous puts business owners in charge of personal and business data used to verify identity and decide on credit terms, loans, and more. See how first user value will turn into trust graph.

'''5. ÆVATAR , your Digital Companion:''' David ROBERT President & Founder ÆTERNAM
URL: http://www.aevatar.com http://www.aeternam.eu ÆTERNAM a “Common Interest Cooperative”
ÆVATAR is the first self-Sovereign Identity management Companion offered to each EU Citizens, conforming to EU Privacy Regulation ( GDPR, eIDAS) and UN ID2020 recommendations for Self-Sovereign Identities. ÆVATAR is govern by a Common Interest Cooperative (1 person, 1 vote).

'''6. digi.me –current PC/Mac, iOS and Android version application:''' Jim Pasquale & Julian Ranger
URL: http://get.digi.me for product and https://blog.digi.me/2016/09/29/who-am-i-iamdata-a-new-digi-me-campaign/ for vision
Demo shows what users can do when they own and control their own data on their own devices(s), initially with social data aggregation of different accounts, which is fully curated – providing peace of mind, flashback perspectives on social interactions with likes, comments and photos including meta data, universal search, customizable widgets for building collections, creating journals, empowering individuals to make better decisions.

IIW 23 Demo's

2016-10-20T15:04:03Z

=markus: line breaks

IIW 23 Demo's

2016-10-20T15:02:52Z

=markus: added XDI Demos by Markus Sabadello

IIW 20 Proposed Topics

2015-03-27T08:51:47Z

=markus:

'''What topics are you planning to present about or lead a discussion about at this IIW?'''

*Notification management - Notifs
*unhosted identity
*Redelegation of OAuth bearer tokens
*"OpenID Connect certification
*Proof of Possession"
*Trust-elevation (adaptive access)
*IdM for future scientific collaborations
*I am a member of the W3C Credentials Community Group (http://opencreds.org) and will present status/progress/goals/roadmap/use cases and how they relate to other identity initiatives.
*OpenID Connect mobile profile
*"Consent management UI and internals International consent issues"
*consumer consent interoperability
*"UMA IoT authorization HEART"
*Looking forward to collaborating on OAuth2 technologies, like OpenID Connect, UMA and multi-party federation.
*Scoring AuthN
*Meeco - Life Management Platform
*distributed governance, sociotechnical controls for sociotechnical systems, hybrid approaches to complexity and risk
*IoT, scim
*IDM strategies used successfully by NetIQ customers
*Privacy protecting discovery
*Anonymity, security
*"future of money identity internet of things"
*Organic governance; Collaborative systems of credit and trust; Data-sharing platforms
*Lightweight UMA and HEART Authorization Server for Authorization Management and the IoT
*"Credential Trust Elevation standards @ OASIS ID Ecosystem Steering Group"
*IoT without the cloud
*Internet of Things
*FreedomBox update

'''What are you hoping to learn about or hear a presentation about at IIW?'''

*what's new in identity protocols, VRM, ...
*Trust Frameworks including Public and Private Sector organizations and international governments
*http-free protocols http://www.wavis.org/blog/http-free-web-protocols"
*SCIM, OpenID Connect
*UMA - VRM - OIDF Certification Threat Management Reputation Management
*What others are doing
*OAuth OpenID Connect and FIDO profiles
*OpenID Connect, OAuth 2.0, UMA
*Federated and delegated IdM
*How other technologies overlap and can potentially integrate with the Credential CG standards.
*"Personal control of data sharing OAuth/OpenID Connect"
*SCIM extensions or anything SCIM
*OpenID Connect, UMA, vectors of trust
*Others working on consent management
*"OAuth, OpenID Connect, and UMA used together
*Healthcare use cases for identity"
*OpenID Connect Logout / OAuth2 for IOT / latest and greatest in new authentication protocols (i.e. FIDO...)
*OpenPDS, anonymous authentication, XDI, PDS, Personal Data EcoSystem
*Progress with eco-system & XDI
*everything !
*IoT, scim
*VRM, privacy, secure data access, future of Identity
*IoT, biometrics
*All kinds of things!
*Privacy architectures; Alternative currencies and related ecosystem and trust verification models
*"VoT/Vectors of Trust OIDC"
*Truly decentralized social identity

'''What are the critical questions about user-centric identity and data you hope to discuss with peers at IIW?'''

*social physics consensus and collaboration using decentralized mechanisms (e.g. blockchain)
*How to have identity without subscription to a service. IE How to have a service recognize rather than authenticate.
*Password management use cases with SCIM OpenID Connect NAPPS Profile
*User Centric Business Models
*What are the remaining roadblocks to adoption of higher LOA BYOI
*"Identity Management as a Service - Use Cases Attribute based credentials - Use casesMulti factor authentication on Mobile Devices"
*Consent
*"Multiple authorization servers for access tokens
*IoT security and authorization"
*How can I secure all the API's in my household IOT devices?
*New OAuth Profiles, Personal Data Stores, Privacy Engineering
*What are folks current challenges?
*How should data storage systems change to accommodate better Identity models? Castle Wall versus Las Vegas Casino models. The Castle checks the identity at the gate and gives access to the castle. The Casino allows anyone to come inside but monitors every movement, performs facial recognition, etc..
*Universal IDM taxonomy
*Can biometrics be used safely and securely in security products?
*All of above
*Communication of attributes using metadata for provenance and assurance info
*How do you enable ad-hoc, quasi spontaneous social networks?
*I would like to progress the work on OAuth.

IIW 18 Proposed Topics

2014-04-07T20:16:15Z

=markus:

'''What topics are you planning to present about or lead a discussion about at this IIW?'''
* Authentication
* Privacy enabled identity solutions
* Not sure yet. Need to think about this
* Open Architectures for Personal Clouds
* Project Eureka
* XDI and Personal Clouds
* Diversity, interoperability and standards: how the VRM supply community can work together
* Extreme Relevancy
* OpenID Connect, JWT, JOSE, Proof-of-Possession (PoP)
* Privacy manager deployments and adaptation to other attribute flows
* Trustmarks 2.0
* Points of Individual Control in Identity Systems, Outsourcing Moral Authority
* Derived credentials, secure and private mobile messaging, secure enterprise mobile SSO
* Use cases for nymity in civic identity systems
* FreedomBox

'''What are you hoping to learn about or hear a presentation about at IIW?'''
* NSTIC, FIDO etc...
* OpenID Connect, Accountchooser, UMA VRM
* New ideas and updates from many areas
* Udate on E-ID initiatives
* Personal Clouds
* sharing experience with others about actual technology and standards implementations
* VRM, personal clouds
* ROI of VPI
* Identity protocol work
* OpenID Connect
* Standards, OpenID, mobile, authN, authZ, NSTIC,
* Identity
* Balancing Zero Trust with Cloud Identity.
* Private compute platforms, unhosted apps, non-sharing uses of personal data

'''What are the critical questions about user-centric identity and data you hope to discuss with peers at IIW.'''
* Internet of things
* Personal Clouds
* Ways in which we can work with others in this space
* Does an ID document has to play a role in online ID verification
* Unlocking VRM market
* Privacy and technology in practice
* Case Studies
* OpenID Connect adoption, Proof-of-Possession (PoP)
* Consent, attribute management, linkability
* proof of knowledge
* 2FA, MFA
* Balancing Zero Trust with Cloud Identity.
* What are the moral hazards of identity systems?

IIW 17 Proposed Topics

2013-10-17T01:01:10Z

=markus:

'''What topics are you planning to present about or lead a discussion about at this IIW?'''
* Personal Cloud
* Alternative concepts to data "ownership"
* StarTier
* Attribute Assurance, Publicly Discoverable ePayment Addresses; Private cloud; Revocation issues in globally synchronized registries; Regulatory issues in globally synchronized registries
* Attribute Exchange
* Security, Internet of Things, Personal Clouds
* Privacy of deceased users
* government use-cases in identity
* CSPs (Cloud Service Providers) for personal cloudsRespect ConnectPractical XDI
* Mobile MDM vs Sandbox - Which is best for BYOD?Business-centric Identity Policies - Will IT have to give up control?Identity Cube -Describing multidimensional relationships.Merging Identity rules, policies, entitlements with workflows.Case Study: How the IRS of Mexico is re-inventing with IdentityBYOD Identity is in it's infancy. What's coming next?
* OpenID Connect, JWT, JOSE
* Individual sovereignty over ID, Data and Communication - concepts and technology
* Using Personal Clouds to remove the need for usercodes/passwordsFinancing Development through issuing interest bearing, inflation adjusted creditsPaying people for personal information
* OpendID Connect
* Personal Clouds
* We'll be presenting our Personal Cloud Appliance.
* Personal Data @ Rest
* Personal data monetization models
* Getting involved in the IDESG - Identity Ecosystem Steering Group/NSTIC
* How Religion and Cultural Context influence Identity System Architecture and Design
* Paddy. Private Clouds.
* verified identityself identity
* OAuth, especially its security properties
* personal clouds
* Alignment Trust Frameworks
* How to introduce new identity technologies, standards and expectations to 6-20% of the online US population in one fell swoop.
* FreedomBox, IndieBox, etc.

'''What are you hoping to learn about or hear a presentation about at IIW?'''
* vendor relation management personal clouds openid connect account chooser
* Application architectures for the next internet.
* Private Cloud; Open Access
* Trust frameworks,
* Personal Clouds, Federated Identity
* trust frameworks; business development, ecosystem operations, socialization of identity ecosystems
* How to create first class digital citizens
* The latest trend of identity, privacy and users' behavior
* I hope to learn about the new trends and ideas in identity management.
* government use-cases in identity
* Liability for CSPs
* Broaden my knowledge of the project in the community.
* Collaborate with others to advance the state of digital identity
* Legal/security/international aspects of privacy
* Cooperation between suppliers of identity servicesMeasuring trust
* NSTIC, privacy, ID and mobile, OAuth, SCIM, FIDO, OpenID, two-factor authN, authorization,
* OIX, OpenID Connect, and mostly learning more about what our peers are doing in this space.
* Find Likeminds and connect with the Personal Cloud movement.
* anything that will usher in the personal data ecosystem and the API of Me
* OAuth Interop Requirements Discussion
* Trends in social login (adoption, consent rejection, etc.); new developments in identity management; consumer sentiment of social logins
* Emerging technologies in the web federated identity space.
* Personal data stores, models for personal data monetization
* Open ID Connect 101Fido Alliance 101OAuth 101SCIM 101Identity Governance and Compliance Regulations
* 2FA
* PDEC. Emmet. Personal Clouds.
* identity issues
* new initiatives and frameworks
* personal clouds
* UMA, OIDC, patient consent, ABAC
* standards, interop, peer-to-peer solution

'''What are the critical questions about user-centric identity and data you hope to discuss with peers at IIW.'''
* how to kickstart user centric solutions
* Ostracism enabling structures for stronger privacy management. Graph Databases Management Systems. Approaches to user controlled indexing in a federated web.
* How to assert ownership of one's own Digital Breadcrumbs
* Authentication level
* How to activate free market for personal data - what could be biggest enablers
* Who has working code and where can I download/test it?
* Device centric authentication
* how to socialize trust frameworks between private corporations and public government?- what are the implications of economy of scale of maturing ecosystem onboarding additional participants in regards to early adopters?
* How can the current system of walled-garden approach of digital commence be changed to allow for digital identity autonomy and dignity
* Will new cryptographic technologies, like Attribute Based Credentials (Anonymous Credentials) like U-Prove and Identity Mixer change the picture of identity management?
* trusted identities, provenance of data
* What are the best initial apps for personal clouds?What's the best way to drive adoption of personal clouds?
* How can Identity migrate to business-centric controls?BYOD Identity management is in its infancy. What's next?
* How can Identity migrate to business-centric controls?
* OpenID Connect, Account Chooser, JWT, JOSE
* Nature of identity - it's not your name!
* All the above
* The obstacles to adoption of Federated Identity.
* How to improve the experience around authorized sharing of customer information while maintaining customer trust.
* Once we build Personal Data Stores, and the ability for individuals to choose how to share there data... what regulations and laws need to be in place to make sure those who the data is shared with don't miss use or use without individual's permission? What laws/regulations do we as an industry need to be lobbing for now and in the future?
* IDP/RP longterm relationship
* How to build apps and business models that don't leak our data into the world.
* how we can make assertions about ourselves and have them verified
* personal clouds
* UMA, OIDC, patient consent, ABAC
* standards, interop, peer-to-peer

IIW 17 Proposed Topics

2013-10-17T01:00:43Z

=markus: FreedomBox, IndieBox, etc.

'''What topics are you planning to present about or lead a discussion about at this IIW?'''
* Personal Cloud
* Alternative concepts to data "ownership"
* StarTier
* Attribute Assurance, Publicly Discoverable ePayment Addresses; Private cloud; Revocation issues in globally synchronized registries; Regulatory issues in globally synchronized registries
* Attribute Exchange
* Security, Internet of Things, Personal Clouds
* Privacy of deceased users
* government use-cases in identity
* CSPs (Cloud Service Providers) for personal cloudsRespect ConnectPractical XDI
* Mobile MDM vs Sandbox - Which is best for BYOD?Business-centric Identity Policies - Will IT have to give up control?Identity Cube -Describing multidimensional relationships.Merging Identity rules, policies, entitlements with workflows.Case Study: How the IRS of Mexico is re-inventing with IdentityBYOD Identity is in it's infancy. What's coming next?
* OpenID Connect, JWT, JOSE
* Individual sovereignty over ID, Data and Communication - concepts and technology
* Using Personal Clouds to remove the need for usercodes/passwordsFinancing Development through issuing interest bearing, inflation adjusted creditsPaying people for personal information
* OpendID Connect
* Personal Clouds
* We'll be presenting our Personal Cloud Appliance.
* Personal Data @ Rest
* Personal data monetization models
* Getting involved in the IDESG - Identity Ecosystem Steering Group/NSTIC
* How Religion and Cultural Context influence Identity System Architecture and Design
* Paddy. Private Clouds.
* verified identityself identity
* OAuth, especially its security properties
* personal clouds
* Alignment Trust Frameworks
* How to introduce new identity technologies, standards and expectations to 6-20% of the online US population in one fell swoop.

'''What are you hoping to learn about or hear a presentation about at IIW?'''
* vendor relation management personal clouds openid connect account chooser
* Application architectures for the next internet.
* Private Cloud; Open Access
* Trust frameworks,
* Personal Clouds, Federated Identity
* trust frameworks; business development, ecosystem operations, socialization of identity ecosystems
* How to create first class digital citizens
* The latest trend of identity, privacy and users' behavior
* I hope to learn about the new trends and ideas in identity management.
* government use-cases in identity
* Liability for CSPs
* Broaden my knowledge of the project in the community.
* Collaborate with others to advance the state of digital identity
* Legal/security/international aspects of privacy
* Cooperation between suppliers of identity servicesMeasuring trust
* NSTIC, privacy, ID and mobile, OAuth, SCIM, FIDO, OpenID, two-factor authN, authorization,
* OIX, OpenID Connect, and mostly learning more about what our peers are doing in this space.
* Find Likeminds and connect with the Personal Cloud movement.
* anything that will usher in the personal data ecosystem and the API of Me
* OAuth Interop Requirements Discussion
* Trends in social login (adoption, consent rejection, etc.); new developments in identity management; consumer sentiment of social logins
* Emerging technologies in the web federated identity space.
* Personal data stores, models for personal data monetization
* Open ID Connect 101Fido Alliance 101OAuth 101SCIM 101Identity Governance and Compliance Regulations
* 2FA
* PDEC. Emmet. Personal Clouds.
* identity issues
* new initiatives and frameworks
* personal clouds
* UMA, OIDC, patient consent, ABAC
* standards, interop, peer-to-peer solution

'''What are the critical questions about user-centric identity and data you hope to discuss with peers at IIW.'''
* how to kickstart user centric solutions
* Ostracism enabling structures for stronger privacy management. Graph Databases Management Systems. Approaches to user controlled indexing in a federated web.
* How to assert ownership of one's own Digital Breadcrumbs
* Authentication level
* How to activate free market for personal data - what could be biggest enablers
* Who has working code and where can I download/test it?
* Device centric authentication
* how to socialize trust frameworks between private corporations and public government?- what are the implications of economy of scale of maturing ecosystem onboarding additional participants in regards to early adopters?
* How can the current system of walled-garden approach of digital commence be changed to allow for digital identity autonomy and dignity
* Will new cryptographic technologies, like Attribute Based Credentials (Anonymous Credentials) like U-Prove and Identity Mixer change the picture of identity management?
* trusted identities, provenance of data
* What are the best initial apps for personal clouds?What's the best way to drive adoption of personal clouds?
* How can Identity migrate to business-centric controls?BYOD Identity management is in its infancy. What's next?
* How can Identity migrate to business-centric controls?
* OpenID Connect, Account Chooser, JWT, JOSE
* Nature of identity - it's not your name!
* All the above
* The obstacles to adoption of Federated Identity.
* How to improve the experience around authorized sharing of customer information while maintaining customer trust.
* Once we build Personal Data Stores, and the ability for individuals to choose how to share there data... what regulations and laws need to be in place to make sure those who the data is shared with don't miss use or use without individual's permission? What laws/regulations do we as an industry need to be lobbing for now and in the future?
* IDP/RP longterm relationship
* How to build apps and business models that don't leak our data into the world.
* how we can make assertions about ourselves and have them verified
* personal clouds
* UMA, OIDC, patient consent, ABAC
* standards, interop, peer-to-peer
* FreedomBox, IndieBox, etc.

Self-Hosted Personal Clouds (FreedomBox and Raspberry PI)

2013-05-16T13:52:14Z

=markus:

'''Session Topic:''' Self-Hosted Personal Clouds (FreedomBox and Raspberry PI)

'''Thursday 4F'''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

There are still many different ideas around personal clouds, but what everybody agrees on is that they are about giving individuals more control over their personal data and identity online. Therefore it seems logical that it should be possible to self-host personal clouds using appropriate hardware+software at home.

During this lunch session, we looked at two different projects that could be relevant for this purpose.

1. [http://ark-os.org/ http://ark-os.org/] is a Linux image for the Raspberry Pi. On its website it uses language very similar to the personal cloud community ("ensure your privacy", "decentralize your web"). During the session we got arkOS up and running on a Pi and were able to access its web interface "Genesis", and we experimented with some of its functionality. We couldn't find a lot of software related to the idea of "personal clouds", but we agreed that integrating ownCloud or Tent or similar packages with Genesis would be very attractive.

2. We set up a combination of FreedomBox + Unhosted + PageKite. The idea of the Unhosted initiative is that on the web, apps should be separate from data. When using an Unhosted app, then that app doesn't have its own backend storage. Instead, you tell it the location of your storage provider ("remoteStorage") which you can choose yourself. Several companies currently offer remoteStorage. Your FreedomBox at home can also be your remoteStorage and therefore provide the storage for Unhosted web apps, if it runs appropriate software. In this case, the PageKite tunneling software gives your box a public IP address through which it can be reached from the Internet. During the session, we successfully set up this stack of FreedomBox, remoteStorage and PageKite, and we used the "SharedStuff" Unhosted web app as an example, which allows you to request and offer physical assets for sharing with friends.

Self-Hosted Personal Clouds (FreedomBox and Raspberry PI)

2013-05-16T12:51:39Z

=markus:

'''Session Topic:''' Self-Hosted Personal Clouds (FreedomBox and Raspberry PI)

'''Thursday 4F'''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

There are still many different ideas around personal clouds, but what everybody agrees on is that they are about giving individuals more control over their personal data and identity online. Therefore it seems logical that it should be possible to self-host personal clouds using appropriate hardware+software at home.

During this lunch session, we looked at two different projects that could be relevant for this purpose.

1. [http://ark-os.org/ http://ark-os.org/] is a Linux image for the Raspberry Pi. On its website it uses language very similar to the personal cloud community ("ensure your privacy", "decentralize your web"). During the session we got ark-os up and running on a Pi and were able to access its web interface "Genesis", and we experimented with some of its functionality.
However we couldn't quite understand what it is that qualifies it as a "personal cloud".

2. We set up a combination of FreedomBox + Unhosted + PageKite. The idea of the Unhosted initiative is that on the web, apps should be separate from data. When using an Unhosted app, then that app doesn't have its own backend storage. Instead, you tell it the location of your storage provider ("remoteStorage") which you can choose yourself. Several companies currently offer remoteStorage. Your FreedomBox at home can also be your remoteStorage and therefore provide the storage for Unhosted web apps, if it runs appropriate software. In this case, the PageKite tunneling software gives your box a public IP address through which it can be reached from the Internet. During the session, we successfully set up this stack of FreedomBox, remoteStorage and PageKite, and we used the "SharedStuff" Unhosted web app as an example, which allows you to request and offer physical assets for sharing with friends.

Self-Hosted Personal Clouds (FreedomBox and Raspberry PI)

2013-05-16T12:38:44Z

=markus: Created page with "'''Session Topic:''' Self-Hosted Personal Clouds (FreedomBox and Raspberry PI) '''Thursday 4F''' '''Convener:''' Markus Sabadello '''Notes-taker(s):''' Markus Sabadello Th..."

'''Session Topic:''' Self-Hosted Personal Clouds (FreedomBox and Raspberry PI)

'''Thursday 4F'''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

There are still many different ideas around personal clouds, but what everybody agrees on is that they are about giving individuals more control over their personal data and identity online. Therefore it seems logical that it should be possible to self-host personal clouds using appropriate hardware+software at home.

During this lunch session, we looked at two different projects that could be relevant for this purpose.

1. [http://ark-os.org/] is a Linux image for the Raspberry Pi. On its website it uses language very similar to the personal cloud community ("ensure your privacy", "decentralize your web"). During the session we got ark-os up and running on a Pi and were able to access its web interface "Genesis", and we experimented with some of its functionality.
However we couldn't quite understand what it is that qualifies it as a "personal cloud".

2. We set up a combination of FreedomBox + Unhosted + PageKite. The idea of the Unhosted initiative is that on the web, apps should be separate from data. When using an Unhosted app, then that app doesn't have its own backend storage. Instead, you tell it the location of your storage provider ("remoteStorage") which you can choose yourself. Several companies currently offer remoteStorage. Your FreedomBox at home can also be your remoteStorage and therefore provide the storage for Unhosted web apps, if it runs appropriate software. In this case, the PageKite tunneling software gives your box a public IP address through which it can be reached from the Internet. During the session, we successfully set up this stack of FreedomBox, remoteStorage and PageKite, and we used the "SharedStuff" Unhosted web app as an example, which allows you to request and offer physical assets for sharing with friends.

IIW 15 Notes

2012-10-30T16:54:15Z

=markus: fixed the "XDI Personal Cloud Desktop" entry

= Tuesday, October 23, 2012 =

== Session 1 11:00 – 12:00 ==

T1A: [[Identity Clearing House – Loosely Coupled open standards based architecture for Identiy in the extendedenterprise]]

T1B: [[A2P3]]

T1D: [[Rhetoric – How do we talk plain language about Identity and Personal Data?]]

T1C: [[Privacy by Design – New Oasis Tech comm.. for Sotware Engineers]]

T1F: [[Focus on Consumer – Turning fear into excitement, delight about Personal Data]]

== Session 2 12:00 – 1:00 ==

T2A: [[Respect Network Founding Partners]]

T2B: [[IDESG – Mgt Council CAll]]

T2F: [[VRM Challenge: Let’s Fix Subscription Bin from Customer Side]]

T2G: [[IDP - Initiated Layin and Deep Linking for Open ID Connect]]

T2H: [[Mobile Specific Open ID Connect use Cases]]

T2I: [[Anonymous – political, institutional, cultural and memitc organization without identity]]

== Session 3 2:00 – 3:00 ==

T3A: [[Connect Me and miiCard “Trusted Reputations”]]

T3B: [[Account Chooser Launching – Taking the AC Show on the road this autumn – help write the show]]

T3D: [[Authentication on Mobile Devices – Crypto and]]

T3E: [[Collaboration, Forking, and organic proliferation in the age of the personal cloud]]

T3F: [[Customer Commons plus VRM Brainstorm]]

T3G: [[Death To NSTIC -2- Long Live NSTIC]]

T3H: [[Use Cases for Personal Clouds, Community Clouds, Family Clouds]]

T3I: [[Reputation Consulting .05 cents]]

== Session 4 3:00 – 4:00 ==

T4A: [[OAuth Security (Beyond Bearer Tokens)]]

T4B: [[NSTIC Pilot Overview – Attribute Exchange Network (AXN) / Demo]]

T4C: [[Unleashing the Multimind – What’s next – or could be – in our most personal daily experience and utilization of all this stuff]]

T4D: [[Building the Identity Ecosystem Framework]]

T4F: [[Kynetx – Personal Cloud Prototype]]

T4G: [[Consuming OpenID Connect 101]]

== Session 5 4:00 – 5:00 ==

T5A: [[OX Open Source – OpenID Connect and UMA / Demo]]

T5B: [[Personal Analytics and Insight for Consumers – using Personal Data to Enlighten the Individual]]

T5D: [[How will Identity plus VRM Change Real Estate and Mortgage Banking]]

T5F: [[Secure Identity Without Username or Password]]

T5J: [[Location = Control Control = Ownership – How addressing establishes ownership and what to do about it]]

T5H: [[XDI Personal Cloud Desktop]]

= Wednesday Oct 24 =

== Session 1 9:30 -10:30 ==

W1A: [[Sales Force Identity – The Facebook for Business (Part 2)]]

W1B: [[OpenID Connect Session – Management and Login]]

W1C: [[External Browser and Mobile Apps]]

W1F: [[Identity and API Economy plus Privacy by Design]]

W1G: [[The New Privacy]]

W1H: [[Manufacturing, Registration Cards and Digital Birth Certificates]]

== Session 2 10:30-11:30 ==

W2A: [[Sales Force Identity – The Facebook for Business (Part 2)]]

W2B: [[Hybrid Mobile/Nets App Auth With Oauth2 Trickery]]

W2C: [[Liberating Personae from Identity]]

W2E: [[OAOTH 2.0 RS – AS Token Query Flows]]

W2F: [[Customer Commons - The Magic Wand Project]]

W2G: [[Consumers and Public Records]]

W2I: [[Personal Cloud Obstacles (continued from Tuesday)]]

W2J: [[Personal Data Startups Connect and Catalyze – next steps and PDEC StartUp Map (stages, models, patterns)]]

== Session 3 11:30-12:30==

W3A: [[Education Customers and Companies]]

W3B: [[Google Identity Toolkey – What other problems should we research?]]

W3C: [[Mobile SSO Password Proliferation…. Any solutions??]]

W3D: [[SCIM]]

W3G: [[The act1v8 Project (VRM and Trust for Charity and Community Services]]

W3H: [[DATA COOPS and BIZ Models]]

W3I: [[Customer 2 Business – Will Federation Really work?]]

W3J: [[Social Intentions – Private App on Facebook to express your true intentions]]

W3K: [[Personal Cloud Prototype (Reprise)]]

W3L: [[Opportunities for Developers around Personal Cloud Cloudstore]]

== Session 4 2:30-3:30==

W4A: [[Trusted Identities “You are who you say you are”]]

W4B: [[OIX (Axw6) Attribute Exchange Trust Framework – Progress Report]]

W4C: [[Attribute Exchange Technical Overview]]

W4D: [[Health Record Banks – Personal Cloud for Health]]

W4E: [[Investors Corner / Where Investors and Entrepreneurs Come Together]]

W4F: [[MAKE HISTORY – Be the 1st to get a User-centric Next-gen Secure Private Identity]]

W4G: [[Security and Permission in Personal Cloud Connections]]

W4H: [[SCIM – As An ATTRUBUTE Provider?]]

W4J: [[World Economic Forum: Update on ‘Rethinking Personal Data’]]

W4L: [[Freedom Box Workshop]]

== Session 5 3:30-4:30==

W5A: [[OpenID Graph 1.0]]

W5B: [[OIDF Workgroup – Account Chooser]]

W5C: [[Beyond Prophylaxis – Next Steps post ad and tracking blocking]]

W5F: [[KRL – XDI Integration]]

W5G: [[correct house battery staple: Strong Passwords…. Passphrases.. are they still relevant/necessary?]]

W5H: [[Personal Data and Gamification---Consumer use case Brainstorming focus on *Fun *Beneficial *Opt-In]]

W5I: [[OATH 2 Dynamic Client Registration]]

= Thursday Oct 25 =

== Session 1 ==

TH1D: [[Mapping the Identity Ecosystem Framework ‘A Whiter Shade of Gray” – (Input for NSTIC Plenary Next Week)]]

TH1F: [[OAuth2 Chaining and Re-Delegation]]

TH1G: [[Personal.Com Blog Post]]

TH1H: [[11 Models of “Trust”]]

TH1I: [[Education and beyond… How to mamage new Privacy Risks on Rapid Moving trends]]

== Session 2 ==

TH2D: [[IDESG Mapping Prep… Source Documents and SEEDS for Mapps (NSTIC)]]

TH2F: [[Wallets - Ours OR Google, Apple, ? (VRM)]]

TH2G: [[A Trust Framework for Open ID Connect AND beyond…. (with Unicorns)]]

TH2H: [[What is ‘Real Name” ?]]

TH2I: [[High Level Programming]]

TH2J: [[Webfinger]]

== Session 3 ==

TH3F: [[OIDF Board Meeting]]

TH3G: [[UE for ID/PDE or UX plud Tech for IDENTITY across Devices ‘1 Enterprise Experience from Browsers to Washing Machines?]]

TH3H: [[Account Recovery: How can we do better? Without back doors?]]

TH3I: [[Ultimate Realization of User Managed Contract / Terms and Policies Proffered by individuals]]

TH3J: [[FED. SOC. WEB SUM.]]

== Session 4 ==

TH4A: [[OAuth RoadMap (new specs, more interop, additional use cases)]]

TH4F: [[OIDF MTG #2]]

TH4G: [[Interesting Challenges of Bi-Directional Federated and Delegations]]

TH4H: [[Freedom Box Workshop]]

TH4I: [[Open Source Personal Clouds / What, Why, How]]

== Session 5 ==

TH5A: [[Intent Casting Prototype]]

TH5H: [[‘Group Therapy’ Being a Pioneer and Communicating You Vision to Stakeholders]]

TH?: [[REDDIT are there lessons for the Identity Community in recent events?]]

IIW 15 Notes

2012-10-30T16:53:47Z

=markus:

= Tuesday, October 23, 2012 =

== Session 1 11:00 – 12:00 ==

T1A: [[Identity Clearing House – Loosely Coupled open standards based architecture for Identiy in the extendedenterprise]]

T1B: [[A2P3]]

T1D: [[Rhetoric – How do we talk plain language about Identity and Personal Data?]]

T1C: [[Privacy by Design – New Oasis Tech comm.. for Sotware Engineers]]

T1F: [[Focus on Consumer – Turning fear into excitement, delight about Personal Data]]

== Session 2 12:00 – 1:00 ==

T2A: [[Respect Network Founding Partners]]

T2B: [[IDESG – Mgt Council CAll]]

T2F: [[VRM Challenge: Let’s Fix Subscription Bin from Customer Side]]

T2G: [[IDP - Initiated Layin and Deep Linking for Open ID Connect]]

T2H: [[Mobile Specific Open ID Connect use Cases]]

T2I: [[Anonymous – political, institutional, cultural and memitc organization without identity]]

== Session 3 2:00 – 3:00 ==

T3A: [[Connect Me and miiCard “Trusted Reputations”]]

T3B: [[Account Chooser Launching – Taking the AC Show on the road this autumn – help write the show]]

T3D: [[Authentication on Mobile Devices – Crypto and]]

T3E: [[Collaboration, Forking, and organic proliferation in the age of the personal cloud]]

T3F: [[Customer Commons plus VRM Brainstorm]]

T3G: [[Death To NSTIC -2- Long Live NSTIC]]

T3H: [[Use Cases for Personal Clouds, Community Clouds, Family Clouds]]

T3I: [[Reputation Consulting .05 cents]]

== Session 4 3:00 – 4:00 ==

T4A: [[OAuth Security (Beyond Bearer Tokens)]]

T4B: [[NSTIC Pilot Overview – Attribute Exchange Network (AXN) / Demo]]

T4C: [[Unleashing the Multimind – What’s next – or could be – in our most personal daily experience and utilization of all this stuff]]

T4D: [[Building the Identity Ecosystem Framework]]

T4F: [[Kynetx – Personal Cloud Prototype]]

T4G: [[Consuming OpenID Connect 101]]

== Session 5 4:00 – 5:00 ==

T5A: [[OX Open Source – OpenID Connect and UMA / Demo]]

T5B: [[Personal Analytics and Insight for Consumers – using Personal Data to Enlighten the Individual]]

T5D: [[How will Identity plus VRM Change Real Estate and Mortgage Banking]]

T5F: [[Secure Identity Without Username or Password]]

T5J: [[Location = Control Control = Ownership – How addressing establishes ownership and what to do about it

T5H: [[XDI Personal Cloud Desktop]]

= Wednesday Oct 24 =

== Session 1 9:30 -10:30 ==

W1A: [[Sales Force Identity – The Facebook for Business (Part 2)]]

W1B: [[OpenID Connect Session – Management and Login]]

W1C: [[External Browser and Mobile Apps]]

W1F: [[Identity and API Economy plus Privacy by Design]]

W1G: [[The New Privacy]]

W1H: [[Manufacturing, Registration Cards and Digital Birth Certificates]]

== Session 2 10:30-11:30 ==

W2A: [[Sales Force Identity – The Facebook for Business (Part 2)]]

W2B: [[Hybrid Mobile/Nets App Auth With Oauth2 Trickery]]

W2C: [[Liberating Personae from Identity]]

W2E: [[OAOTH 2.0 RS – AS Token Query Flows]]

W2F: [[Customer Commons - The Magic Wand Project]]

W2G: [[Consumers and Public Records]]

W2I: [[Personal Cloud Obstacles (continued from Tuesday)]]

W2J: [[Personal Data Startups Connect and Catalyze – next steps and PDEC StartUp Map (stages, models, patterns)]]

== Session 3 11:30-12:30==

W3A: [[Education Customers and Companies]]

W3B: [[Google Identity Toolkey – What other problems should we research?]]

W3C: [[Mobile SSO Password Proliferation…. Any solutions??]]

W3D: [[SCIM]]

W3G: [[The act1v8 Project (VRM and Trust for Charity and Community Services]]

W3H: [[DATA COOPS and BIZ Models]]

W3I: [[Customer 2 Business – Will Federation Really work?]]

W3J: [[Social Intentions – Private App on Facebook to express your true intentions]]

W3K: [[Personal Cloud Prototype (Reprise)]]

W3L: [[Opportunities for Developers around Personal Cloud Cloudstore]]

== Session 4 2:30-3:30==

W4A: [[Trusted Identities “You are who you say you are”]]

W4B: [[OIX (Axw6) Attribute Exchange Trust Framework – Progress Report]]

W4C: [[Attribute Exchange Technical Overview]]

W4D: [[Health Record Banks – Personal Cloud for Health]]

W4E: [[Investors Corner / Where Investors and Entrepreneurs Come Together]]

W4F: [[MAKE HISTORY – Be the 1st to get a User-centric Next-gen Secure Private Identity]]

W4G: [[Security and Permission in Personal Cloud Connections]]

W4H: [[SCIM – As An ATTRUBUTE Provider?]]

W4J: [[World Economic Forum: Update on ‘Rethinking Personal Data’]]

W4L: [[Freedom Box Workshop]]

== Session 5 3:30-4:30==

W5A: [[OpenID Graph 1.0]]

W5B: [[OIDF Workgroup – Account Chooser]]

W5C: [[Beyond Prophylaxis – Next Steps post ad and tracking blocking]]

W5F: [[KRL – XDI Integration]]

W5G: [[correct house battery staple: Strong Passwords…. Passphrases.. are they still relevant/necessary?]]

W5H: [[Personal Data and Gamification---Consumer use case Brainstorming focus on *Fun *Beneficial *Opt-In]]

W5I: [[OATH 2 Dynamic Client Registration]]

= Thursday Oct 25 =

== Session 1 ==

TH1D: [[Mapping the Identity Ecosystem Framework ‘A Whiter Shade of Gray” – (Input for NSTIC Plenary Next Week)]]

TH1F: [[OAuth2 Chaining and Re-Delegation]]

TH1G: [[Personal.Com Blog Post]]

TH1H: [[11 Models of “Trust”]]

TH1I: [[Education and beyond… How to mamage new Privacy Risks on Rapid Moving trends]]

== Session 2 ==

TH2D: [[IDESG Mapping Prep… Source Documents and SEEDS for Mapps (NSTIC)]]

TH2F: [[Wallets - Ours OR Google, Apple, ? (VRM)]]

TH2G: [[A Trust Framework for Open ID Connect AND beyond…. (with Unicorns)]]

TH2H: [[What is ‘Real Name” ?]]

TH2I: [[High Level Programming]]

TH2J: [[Webfinger]]

== Session 3 ==

TH3F: [[OIDF Board Meeting]]

TH3G: [[UE for ID/PDE or UX plud Tech for IDENTITY across Devices ‘1 Enterprise Experience from Browsers to Washing Machines?]]

TH3H: [[Account Recovery: How can we do better? Without back doors?]]

TH3I: [[Ultimate Realization of User Managed Contract / Terms and Policies Proffered by individuals]]

TH3J: [[FED. SOC. WEB SUM.]]

== Session 4 ==

TH4A: [[OAuth RoadMap (new specs, more interop, additional use cases)]]

TH4F: [[OIDF MTG #2]]

TH4G: [[Interesting Challenges of Bi-Directional Federated and Delegations]]

TH4H: [[Freedom Box Workshop]]

TH4I: [[Open Source Personal Clouds / What, Why, How]]

== Session 5 ==

TH5A: [[Intent Casting Prototype]]

TH5H: [[‘Group Therapy’ Being a Pioneer and Communicating You Vision to Stakeholders]]

TH?: [[REDDIT are there lessons for the Identity Community in recent events?]]

Freedom Box Workshop

2012-10-30T11:34:18Z

=markus:

'''Session Topic: FreedomBox Workshop'''

'''Thursday 4H'''

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

During this relaxed lunchtime session, we looked at the current state of the FreedomBox project, which is about creating a simple plug computer that protects your privacy online and gives you control over your personal data. Among other things, a FreedomBox can be used as a Personal Data Store / Personal Cloud.

We had 2 Dreamplugs, 3 Guruplugs and a Raspberry Pi, which are all potential hardware platforms for the project.

We discussed two basic functions of the FreedomBox:

# The FreedomBox can be used as a gateway between one's home network and an Internet connection. In this case, the purpose of the FreedomBox is to filter Internet traffic, and to remove ads as well as tracking scripts from web pages. This is done using a variant of the Privoxy software.
# The FreedomBox also aligns well with the Unhosted project, whose idea is to separate applications from data on the Internet. With Unhosted apps, a user is given a "remoteStorage" account (i.e. a kind of personal data store). Unhosted apps then use that remoteStorage for all their data storage needs. RemoteStorages can be chosen from a number of existing providers, or self-hosted. Or in our case, the FreedomBox could be one's remoteStorage, which basically means that you can run applications on the web, but have their associated data stored on your box at home.

Many more plans and ideas for the FreedomBox exist.

We had great discussions about some of these ideas, and we considered the feasibility of productizing the FreedomBox.

[[File:iiw15-freedombox.jpg]]

File:Iiw15-freedombox.jpg

2012-10-30T11:33:21Z

=markus:

Freedom Box Workshop

2012-10-30T11:32:10Z

=markus: Created page with "'''Session Topic: FreedomBox Workshop''' '''Thursday 4H''' '''Convener:''' Markus Sabadello '''Notes-taker(s):''' Markus Sabadello During this relaxed lunchtime session, w..."

File:Iiw15-fedsocweb.jpg

2012-10-30T08:54:42Z

=markus:

Webfinger

2012-10-30T08:54:24Z

=markus:

'''Session Topic: Webfinger'''

'''Thursday 2J'''

'''Convener:''' Evan Prodromou

'''Notes-taker(s):''' Markus Sabadello

Evan gave an overview of the Webfinger process.
The idea is that you discover information about an entity in a two-step process, which involves retrieving XRD documents from a well-known location.
Problem: 2 round trips are required.

There's a philosophical difference between Webfinger and Simple Web Discovery (SWD).
* Webfinger: You retrieve a document.
* SWD: You ask for a specific thing.

In more recent drafts of Webfinger however, the query parameters "resource" and "rel" are supported, which pushes work to the server and eliminates one roundtrip. This makes it more similar to SWD.

The concern within the OpenID Connect community is that the discovery process must be simple enough.

Likely scenario: Have both in the foreseeable future?

Webfinger has JSON now, but didn't have it when SWD was invented.

Latest Webfinger draft:
* XRD is moved to appendix, JSON is preferred
* It's possible to retrieve either host-meta.json or host-meta with "json" Accept header. --> confusing?
* JRD should be required, XRD optional

Both Webfinger and SWD are likely to co-exist for a while.

Questions about the case when multiple links/locations are discovered:

# Which one should be picked?
# In the original XRDS format, there was "priority".
# Maybe in Webfinger just try the locations sequentially?

Doubts whether major players will support the latest Webfinger?

Major players currently don't support SWD, but will probably in the future.

Kynetx use-case: Need to discover someone's Personal Cloud, which involves an "event channel" GUID. A custom "rel" type is used in the JRD. The GUID is stored as the "href" field in the JRD. You can also have "properties" in an XRD/JRD, i.e. key/value pairs associated with the resource.

Advice: Vision of Webfinger is that you would have many more "rel"s for everything, e.g. blog updates, profile page, etc., rather than just the "event channel".

Reminder: Webfinger addresses are not necessarily e-mail addresses. The idea was to use identifiers that look familiar to users. Internally, they use the acct: URI scheme, but that's not exposed to the user. Webfinger can not only be used with acct: URIs, but with any URI from which you can extract a domain name.

All information in Webfinger is public, which may be a good or bad thing. Is there a need for private discovery? Is there a need to authenticate a client before formulating the Webfinger response?

Another related effort: Dialback Access Authentication, to authenticate HTTP requests based on a Webfinger discovery system. Drawback: A roundtrip is required to verify the request.

Webfinger

2012-10-30T08:52:23Z

=markus: Created page with "'''Session Topic: Webfinger''' '''Thursday 2J''' '''Convener:''' Evan Prodromou '''Notes-taker(s):''' Markus Sabadello Evan gave an overview of the Webfinger process. The ..."

'''Session Topic: Webfinger'''

'''Thursday 2J'''

'''Convener:''' Evan Prodromou

'''Notes-taker(s):''' Markus Sabadello

Evan gave an overview of the Webfinger process.
The idea is that you discover information about an entity in a two-step process, which involves retrieving XRD documents from a well-known location.
Problem: 2 round trips are required.

There's a philosophical difference between Webfinger and Simple Web Discovery (SWD).
* Webfinger: You retrieve a document.
* SWD: You ask for a specific thing.

In more recent drafts of Webfinger however, the query parameters "resource" and "rel" are supported, which pushes work to the server and eliminates one roundtrip. This makes it more similar to SWD.

The concern within the OpenID Connect community is that the discovery process must be simple enough.

Currently: 3rd IETF draft.

Likely scenario: Have both in the foreseeable future?

Webfinger has JSON now, but didn't have it when SWD was invented.

Latest Webfinger draft:
* XRD is moved to appendix, JSON is preferred
* It's possible to retrieve either host-meta.json or host-meta with "json" Accept header. --> confusing?
* JRD should be required, XRD optional

Both Webfinger and SWD are likely to co-exist for a while.

Questions about the case when multiple links/locations are discovered:

# Which one should be picked?
# In the original XRDS format, there was "priority".
# Maybe in Webfinger just try the locations sequentially?

Doubts whether major players will support the latest Webfinger?

Major players currently don't support SWD, but will probably in the future.

Kynetx use-case: Need to discover someone's Personal Cloud, which involves an "event channel" GUID. A custom "rel" type is used in the JRD. The GUID is stored as the "href" field in the JRD. You can also have "properties" in an XRD/JRD, i.e. key/value pairs associated with the resource.

Advice: Vision of Webfinger is that you would have many more "rel"s for everything, e.g. blog updates, profile page, etc., rather than just the "event channel".

Reminder: Webfinger addresses are not necessarily e-mail addresses. The idea was to use identifiers that look familiar to users. Internally, they use the acct: URI scheme, but that's not exposed to the user. Webfinger can not only be used with acct: URIs, but with any URI from which you can extract a domain name.

All information in Webfinger is public, which may be a good or bad thing. Is there a need for private discovery? Is there a need to authenticate a client before formulating the Webfinger response?

Another related effort: Dialback Access Authentication, to authenticate HTTP requests based on a Webfinger discovery system. Drawback: A roundtrip is required to verify the request.

FED. SOC. WEB SUM.

2012-10-30T08:41:08Z

=markus: Created page with "'''Session Topic: Federated Social Web Summit''' '''Thursday 3J''' '''Convener:''' Evan Prodromou '''Notes-taker(s):''' Markus Sabadello Goal: Provide social web functiona..."

'''Session Topic: Federated Social Web Summit'''

'''Thursday 3J'''

'''Convener:''' Evan Prodromou

'''Notes-taker(s):''' Markus Sabadello

Goal: Provide social web functionality without dependency on a single system. In other words, have a topology like e-mail.

Functions of the federated social web:
# identity
# profile information
# social graph (friends, etc.)
# content (blog, documents, rich media)
# activity stream
# publication and subscription model

Technologies: FOAF, XFN, RSS/Atom/...,

Projects: StatusNet, Diaspora, Appleseed, tent.io

Current mentality: Build one piece of software that can do everything, with its own protocol, extensions, etc. This approach has resulted in some disappointment.

Better approach? Agree on an extensible protocol supported by multiple implementations. This was the idea behind OStatus (= a suite of protocols: OStatus, Webfinger, ActivityStreams, PubSubHubbub, Salmon). This is different from earlier "monolithic" approaches. OStatus has been successful and is widely supported, e.g. by Wordpress.

Problems of current OStatus?
* E.g. PubSubHubbub doesn't support private feeds.
* Immediate spam on publicly hosted StatusNet instances.
* Onboarding: How do I get my existing social graph from e.g. Facebook into my StatusNet instance?
* Operations requiring a "global view" on the system, e.g. monitoring a global hashtag.
* Make it look better for the user.

StatusNet and Diaspora are AGPL: Nice for free software, but less nice for people who want to make incremental improvements while protecting intellectual property.

Important feature for broader adoption: Introduce a notion of groups on the protocol level that is independent of a specific implementation.

Goal should be not just to build a replacement for Facebook, but to build something that can do more. The Federated Social Web may look different from what we currently think of as social networking. E.g. just like blogs evolved into social networking, a federated social web may be quite different from "traditional" social networking.

Advice for our everyday life: Use decentralized software as much as possible, e.g. publish your social content on Wordpress, support existing projects, keep experimenting.

POSSI: Publish, Own, Site, Syndicate, Everywhere

[[File:iiw15-fedsocweb.jpg]]

Demo with Freedom Box (you can participate!)

2012-05-12T01:42:01Z

=markus:

'''Session Topic:''' FreedomBox Demo (T3C)

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

In this demo, 5 plug computers (Guruplugs by GlobalScale Technologies) were handed out to volunteer participants and connected to power outlets.

Upon being plugged in, these small personal servers booted their Debian operating system and custom demo software.

Each volunteer of the demo was able to control one of the boxes via a web interface.

The first step was to connect one's box to the other boxes.

The second step was to sign in to the network with an identifier, in order for boxes to be able to find each other.

After being connected and identified, the demo allowed participants to do the following:
* 1. Enter personal data which is stored in an XDI-based Personal Data Store on the box (first name, last name, email, etc.)
* 2. Establish a relationship with other participants, which allowed access to the personal data on their boxes via XDI Messaging.
* 3. Sending text messages from one box to another.
* 4. Sending an "intent" to all boxes on the network, indicating what one would be willing to buy at a given price.
* 5. Viewing "intents" received from the network.

There was a lot of good discussion about the potential of such a personal server for the Personal Data Ecosystem and Vendor Relationship Management.

The general idea behind the FreedomBox is to enable data sharing, communication and social networking that can not be monitored or censored.

This demo was neither created nor endorsed by the FreedomBox Foundation, but was simply meant to demonstrate what its idea is about.

The actual software used during the demo was developed by Project Danube.

http://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/

Demo with Freedom Box (you can participate!)

2012-05-12T01:41:49Z

=markus:

'''Session Topic:''' FreedomBox Demo (T3C)

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

In this demo, 5 plug computers (Guruplugs by GlobalScale Technologies) were handed out to volunteer participants and connected to power outlets.

Upon being plugged in, these small personal servers booted their Debian operating system and custom demo software.

Each volunteer of the demo was able to control one of the boxes via a web interface.

The first step was to connect one's box to the other boxes.

The second step was to sign in to the network with an identifier, in order for boxes to be able to find each other.

After being connected and identified, the demo allowed participants to do the following:
* 1. Enter personal data which is stored in an XDI-based Personal Data Store on the box (first name, last name, email, etc.)
* 2. Establish a relationship with other participants, which allowed access to the personal data on their boxes via XDI Messaging.
* 3. Sending text messages from one box to another.
* 4. Sending an "intent" to all boxes on the network, indicating what one would be willing to buy at a given price.
* 5. Viewing "intents" received from the network.

There was a lot of good discussion about the potential of such a personal server for the Personal Data Ecosystem and Vendor Relationship Management.

The general idea behind the FreedomBox is to enable data sharing, communication and social networking that can not be monitored or censored.

This demo was neither created nor endorsed by the FreedomBox Foundation, but was simply meant to demonstrate what its idea is about.

The actual software used during the demo was developed by Project Danube.

[[http://blog.projectdanube.org/2012/05/freedombox-at-the-internet-identity-workshop/]]

IIW 14 Proposed Topics

2012-04-29T22:27:13Z

=markus:

==What topics are you planning to present about or lead a discussion about at this IIW?==
* Multi-assertion authentication
* Attribute Exchange Trust Frameworks. Attribute Provider Networks.
* OpenID Connect, OAuth, FICAM, NSTIC
* SCIM
* XDI, OpenID Connect 1.0
* Roadmap for rapidly advancing VRM adoption.
* OpenID Connect, OIX, OAuth, Identity Provider Businessmodels
* VRM
* Customer Care for federated identities
* customer commonsuser-driven personal data
* Trust Framework Meta Model
* NSTIC, Identity Ecosystem Business Models, Identity Attributes
* OpenID ConnectOAuthJSON Cryptography
* Step-up authentication, mobile 2-factor AuthN
* Customer Care for federated identities
* customer commonsuser-driven personal data
* Trust Framework Meta Model
* NSTIC, Identity Ecosystem Business Models, Identity Attributes
* OpenID ConnectOAuthJSON Cryptography
* Step-up authentication, mobile 2-factor AuthN
* Backplane 2.0
* standards/techniques for proxy authentication
* NSTIC - pre secretariat effort
* ACBio
* Personal data stores: cloud based? Local based? mix? level of security? ... <-> Benefits to individuals
* Personal data tagging: an utopia? what would be the requirements? the benefits?
* In a VRM world, how to manage the transparency of the relationship? Trusted identities?
* SCIM, OAuth, OpenID Connect
* UMAAPI access control
* Metadata for scalability in OpenID Connect
* Interested in business opportunities associated with user-centric identity, personal data stores, VRM.
* explaining identity to non-technical stakeholders
* SCIM
* Standard Information Sharing Labels
* Building a VRM Startup
* The effect of identity and privacy polices on people in marginalized communities
* accessibility, disability, and identity online
* Initiatives for distributed networks (e.g. FreedomBox) and their role in PDE and VRM

==What are you hoping to learn about or hear a presentation about at IIW?==
* AttributeExchange, OpenIdConnect, OAuth2, UMA, NSTIC, OIX
* Roadmap for rapidly advancing VRM adoption.
* SCIM, BYOI
* SCIM
* Current standards and new directions and ideas.
* VRM and Personal Data Ecosystem efforts, OpenID Connect, Account Chooser, Backplane Exchange
* Business value of an IDP
* NSTIC
* OpenID Connect, OAuth 2
* Customer Care for federated identities
* customer commonsuser-driven personal data
* Trust Framework Meta Model
* NSTIC, Identity Ecosystem Business Models, Identity Attributes
* OpenID ConnectOAuthJSON Cryptography
* Step-up authentication, mobile 2-factor AuthN
* Giving users control of their data, building tools that access that data without giving it to another service provider.
* NSTIC, OpenID Directions, Personal Data Directions, Real Privacy for Everyone
* ImplementationsInterop
* 2-factor AuthN, interested in NSTIC
* OAuth2, SCIM, OpenID Connect
* Federation
* actual technology privacy problems and trends for solving these issues, both theoretical as well as practical
* transitioning large organizations to standards based identity
* OAuth, OpenID Connect, NSTIC, Privacy, enterprise awareness, cutting edge advancements
* identity provisioning, identity sync
* Networking, VRM, User-Centric Identity, Networking, Networking
* OAuth2 future steps/4th party auth/Auth in mobile platforms/Auth for e-commerce sites
* Lots been said and promoted about Identity Trust Frameworks. Are there any alternatives to Trust Frameworks that can help enforce
compliance with agreements amongst IDM players (IDP, Attribute Provider, RP, User) and also liability in case of non-performance?
* Interoperability standards (between browsers, databases, companies and organizations)-Identity standards-VRM interoperabilty with CRM?
* OAuth OpenID etc. NSTIC. Identity business models.
* OAuth, OpenID Connect, JWT futuresNSTIC and FICAM news
* AccountChooser
* Use cases of how OpenID/Connect is being used
* Use cases of online identity verification and what organizations are looking for in these solutions. Including challenges; leading technologies/services being implemented and; what’s working and what’s not. Additionally, any updates on any of the identity verification Pilots that are being discussed and/or taking place.
* Better understand the state-of-the-art and future direction in IDM, PDS, user-centric identity, personal data ecosystems, VRM...
* secure authentication strategies for distributed identity management
* OAuth, SCIM
* SCIM
* Challenges, opportunities and informed investors for startups implementing VRM principles and user centric identity
* How technology development is affecting identity and privacy standards….

==What are the critical questions about user-centric identity and data you hope to discuss with peers at IIW?==
* How to get VRM on wheels
* locus of control
* Verification of user-provided identity attributes. How can we know that what users tell us about themselves is true?
* Customer Care for federated identities
* customer commonsuser-driven personal data
* Trust Framework Meta Model
* NSTIC, Identity Ecosystem Business Models, Identity Attributes
* OpenID ConnectOAuthJSON Cryptography
* Step-up authentication, mobile 2-factor AuthN
* How can we build client web applications that access a distributed social data network, which do not require each user to copy their data to the
* company that built the client application?
* shortcomings of identity as the uniting metaphor for trust frameworks
* Claims ProvidersBusiness Models
* Is there a market for user controlled mobile phone based 2-factor AuthN?
* responsibility, whose responsibility is privacy, who is liable for what, etc.
* how to choose when to use cloud based identity credentials versus client based credentials
* Define the intersection of user-centric, enterprise, relying parties, who, when, how? Define OAuth in layman's terms.
* standards and security related to interop between identity providers and identity consumers
* privacy and security
* To make timely progress on solutions based on open standards, it seems essential that user-centric identity requirements are debated in the community,
* solidified and then formalized in an appropriate standards body to drive technical specifications development.
* Identity recognition and management: where are we today? Where are we going tomorrow?
* How VRM companies can become supportive of each other
* I’d be interested in examples of levels of assurance.
* User-centric ID is the focus here and the right thing to do, but funding and the big winners on the business side are FB, Google, LI and so on.
* How can user-centric ID be commercially successful? What can we do as an industry to move the needle?
* Identity management for minors
* Why are we still talking "user-centric"?
8 User experience
* What kind of control can people have over their own data?

Europe vs Facebook (TH4J)

2011-10-23T22:16:56Z

=markus: Created page with "'''Session Topic:''' Europe vs Facebook (TH4J) '''Convener:''' Markus Sabadello '''Notes-taker(s):''' Markus Sabadello '''Tags for the session - technology discussed/ideas con..."

'''Session Topic:''' Europe vs Facebook (TH4J)

'''Convener:''' Markus Sabadello

'''Notes-taker(s):''' Markus Sabadello

'''Tags for the session - technology discussed/ideas considered: '''

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

According to the [http://europe-v-facebook.org/ Europe vs. Facebook] initiative, which was started by a group of young law students from Vienna, the Facebook legal structure subjects Facebook users outside of the US and Canada to EU privacy law, especially the well-known "Data Protection Directive". The group has successfully requested and received a set of personal data stored by Facebook, filed a complaint with the responsible regulator (the Irish Data Protection Commission), and generated a large amount of attention in European media. By now, Facebook offers an automatic web form where users can request a copy of their data, however, the group pushes for further action, claiming that Facebook's reaction is insufficient. The group, which is intimately familiar with both US and EU privacy law, demands more transparency and the use of open standards, and explains that a world-wide solution to online privacy must consist of both legal and technological measures. As of now, the investigation against Facebook is still ongoing. On the website http://europe-v-facebook.org/, a detailed list of complaints and the history of the effort are documented.