IIW - User contributions [en]

File:IIWXVIII -18 Book of Proceedings a.pdf

2014-06-27T16:08:10Z

Ebgross:

Start-Up’s Pitching

2014-06-02T14:43:14Z

Ebgross: video link added

'''Session Topic:''' Startups Pitching to VC Panel

Thursday 4 & 5 A

'''Convener:''' Nathan Schor

'''Notes-taker(s):''' Nathan Schor, Video of Pitches

'''Tags for the session - technology discussed/ideas considered:'''

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

A total of eleven (11) companies made pitches to the VC Panel.

Here is a link to video of these pitches:
https://vimeo.com/channels/iiw18investorpanels

'''''Panelists'''''
* Noah Doyle [mailto:noah@javelinvp.com noah@javelinvp.com] http://www.javelinvp.com
* Keith Teare [mailto:keith@teare.com keith@teare.com] http://www.archimedeslabs.com/
* Derek Anderson [mailto:derek@startupgrind.com derek@startupgrind.com] http://www.startupgrind.com
* Kayvan Baroumand [mailto:kayvan@nestgsv.com kayvan@nestgsv.com] http://www.nestgsv.com
* Dan Gordon, [mailto:dan@valhallapartners.com dan@valhallapartners.com], http://www.valhallapartners.com/
* Amit Shah, Aritman Ventures, [mailto:amit@artiman.com amit@artiman.com] http://www.artiman.com/
* Anandan Jayaraman [mailto:anandan.jayaraman@gmail.com anandan.jayaraman@gmail.com]

'''''Companies Pitching'''''

'''Respect Network Founding Partners'''

Respect Network

Emmett Global

URQUi

inWebo

'''Independent'''

Glome

HIE of One

MePIN /Meontrust

Pomcor

Tozny

Traitware

Welcomer

'''''Respect Network Founding Partners'''''

'''Company:''' Respect Network '''Website:''' http://respectnetwork.com/ '''Location:''' Seattle

'''Management Team:'''
* Drummond Reed, Co-Founder and CEO
* Gary Rowe, Executive Chairman
* Katherine Singson, CMO
* Andy Dale, CTO
* Matthew Sutton, VP Products
* Mark Timbrell, Head of Respect Network EU

Bios and links are all listed at http://respectnetwork.com/executive-team/

'''Business Model:'''

Respect Network is the world’s first global private network of personal and business clouds. Respect Network is based on an award-winning trust framework developed over 3 years by leading Internet architects and 50 Founding Partner companies from around the world. As a decentralized, multi-provider network similar to the global banking or email networks, the Respect Network will enable members anywhere in the world to share sensitive private data with strong assurance that their privacy will always be respected. In fact, Respect Network is the only global data sharing network engineered from the ground up around ''Privacy by Design.''

'''Traction:''' 50 founding partners who have already signed up.

'''Amount funds seeking:''' Respect Network Corporation is currently raising a $3M Series A round. On Friday April 25 we held a first closing for $1.325M. We anticipate the second closing will be the first week of June.
------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:''' Emmett Global '''Website:''' http://www.EmmettGlobal.com '''Location:''' New York /Israel

'''Management Team:'''
* Kenneth J Lefkowitz, CEO
* Lionel A Wolberger, Architect
* Joshua Zieman, CMO

'''Business Model:'''

Emmett Global distributes best of class open source solutions that enable true Personal Data management. Three included solutions are;

1) Cloud service provider on the Respect Network

2) Browser extension bundle for Chrome and

3) Mobile tablet device.

'''Amount funds seeking:''' $950,000 to complete our seed funding
------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:''' URQUi '''Website:''' http://www.urqui.com '''Location:''' BCCanada

'''Management Team:'''

Jonathan Bell, President, Computer Consultant –
[http://www.privacybydesign.ca/index.php/ambassador/jonathan-bell/ Ambassador of Privacy by Design]

Ken Jennings, [mailto:kjennings@urqui.com kjennings@urqui.com] @kwjennings, https://www.linkedin.com/pub/ken-jennings/0/7a2/602
[http://skkynet.com/investors/directors/ Board of Directors Skkynet Cloud Systems Inc.] Skky OTC.bb -
[http://www.privacybydesign.ca/index.php/ambassador/kenneth-jennings/ Ambassador of Privacy by Design]

Dr. Jose M. Fernandez P.Eng, Ph.D., Assistant Professor of Computer and Software Engineering, [http://www.polymtl.ca/recherche/rc/en/professeurs/details.php?NoProf=299 Polytechnique Montreal] [http://www.niccanada.com/EN/Speakers/Jos%C3%A9Fernandez.aspx Frequent Speaker on IT Security & Cryptography] - [http://www.privacybydesign.ca/index.php/ambassador/jose-fernandez-ph-d/ Ambassador of Privacy by Design]

'''Business Model:''' URQUi“Your Key” is a secure, patent-pending, network or SaaS password alternative. URQUi One Time Passwords eliminate the need to store static passwords on servers. Users need not remember passwords. Using URQUi, a FREE app, individuals control their privacy, secure their online presence and protect themselves from identity theft. User-centric URQUi embodies
[http://www.privacybydesign.ca/index.php/about-pbd/ Privacy by Design]. The Heartbleed bug could not have breached accounts using URQUi! ~ URQUi’s Business model is disruptive. URQUi is a multi-sided recurring revenue SaaS business. URQUi is free for individuals; free SaaS for government and non-profit servers; billable recurring revenue SaaS for commercial servers. URQUI’s pricing to commercial SaaS customers will be disruptive at 15% of comparable services (RSA SecureID). Distribution to individuals is done through iTunes et al. Distribution to server owners is done through resellers and vertical market partners. URQUi expects processing margins in the area of 50% - 60%

'''Traction:''' URQUi has not yet achieved traction in the market, however URQUi has developed significant partnerships. [http://www.privacybydesign.ca/index.php/ambassador/urqui/ Ambassador of Privacy by Design] Founding Partner of the Respect [http://www.thecene.org/#!cta-boston/c1v1m NetworkCTA@Boston, Fall 2014 Cohort]

'''Amount funds seeking:'''$1,750,000 https://angel.co/urqui
------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:''' inWebo '''Website:''' http://www.inwebo.com '''Location:'''

'''Management Team:'''

Didier Perrot, CEO and founder, [mailto:didier.perrot@inwebo.com didier.perrot@inwebo.com]
http://www.linkedin.com/pub/didier-perrot/0/72/b9/

Bruno Abramatic, CTO and co-founder

Olivier Perroquin, SVP Sales and co-founder, http://fr.linkedin.com/pub/olivier-perroquin/0/424/240

'''Business Model:''' inWebo provides a Cloud-based authentication platform and a password management service to help enterprises, businesses and service providers protect users' online access and transactions in a highly secure yet non-intrusive way.

'''Traction:'''

'''Amount funds seeking:''' 3M$ https://angel.co/inwebo
------ ------ ------ ------ ------ ------- ------ ------ ------

'''''Independent Startups'''''

'''Company:''' Glome '''Website:''' http://www.glome.me '''Location:''' Finland

'''Management Team:'''

Edi Immonen – Co-founder & CEO [mailto:edi@glome.me edi@glome.me] https://www.linkedin.com/in/jemiweb

Ferenc Szekely – Co-founder & CTO https://www.linkedin.com/in/ferencszekely

'''Business Model:''' Glome has created an anonymous personalisation platform (an API) for businesses where individuals own, control and benefit from their digital footprint with full anonymity.

'''Traction:''' Glome had a soft launch in Finland and we targeted a few key players with great success. Now we have partnered with:

1) A top-10 media in Finland with close to 1M unique weekly users

2) A leading Scandinavian web shop company

3) A leading Finnish consultancy & big data company

'''Amount funds seeking:''' A total of 1.8m€ in steps in year 2014 so that: 300k€ for finishing the product-market-fit phase ( Q3&Q4 / 2014 ) ~ ~ ~ 1.5m€ for launching and expanding ( Q4/2014 -> )

------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:'''HIE of One '''Website:''' N/A '''Location:'''Boston

'''Management Team:'''

Adrian Gropper, MD –[mailto:agropper@healthurl.com agropper@healthurl.com] https://www.linkedin.com/pub/adrian gropper/1/665/691

Josh Mandel, MD –https://www.linkedin.com/pub/joshua-mandel/35/472/883

Adam Powell, PhD –https://www.linkedin.com/in/adamcpowell

'''Business Model:''' HIE of Onewill sell a personal data store (hardware or cloud) and live support to consumers to enable the coordination of family care teams for the elderly and seriously ill. Our service uses open source software to create a platform for patient-directed health information exchange that will be preferred by app and services developers because it is verifiably privacy-preserving, verifiably secure, free to the developers, and, as a community open source project, carries no risk of vendor lock-in. HIE of One is a public benefits for-profit corporation designed to appeal to both financial and strategic investors.

'''Traction:''' HIE of One has limited traction. We won one of the major prizes at an MIT health hackathon a a short time ago and we have a commitment from Smart911 to participate provide an API and participate in a demo this summer. We've also got three separate collaborating groups in the San Diego and San Francisco areas.

'''Amount funds seeking:''' $2 M
------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:''' MePIN /Meontrust '''Website:'''https://www.mepin.com '''Location:'''Finland

'''Management Team:'''

Markku Mehtala, CEO, [mailto:markku.mehtala@meontrust.com markku.mehtala@meontrust.com] http://fi.linkedin.com/in/markkum/

'''Business Model:'''MePIN provides smart security for consumer online services, protecting the services and their users against password phishing, account hijacking, transaction fraud and privacy problems.

'''Traction:'''

'''Amount funds seeking:''' We just raised a round, so looking for contacts for future rounds.
------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:''' Pomcor '''Website:'''http://www.pomcor.com '''Location:'''Boston

'''Management Team:'''

Karen Pomian Lewison, CEO, [mailto: kplewison@pomcor.com kplewison@pomcor.com], http://www.linkedin.com/profile/view?id=28011537

Francisco Corella, CTO [mailto: fcorella@pomcor.com fcorella@pomcor.com], http://www.linkedin.com/profile/view?id=78440530

'''Business Model:'''Pomcor is developing an Enterprise Mobility Management (EMM) solution to help an enterprise protect data stored in a mobile device with a patent-pending technique that prevents an adversary who steals the device from mounting an offline attack against an activation PIN.

'''Traction:''' We don't have a product, so we don' have traction yet. We do have a no.1 position in Google for one of the market segments, even without a product.

'''Amount funds seeking:''' We are looking for a letter of interest to support an NSF SBIR Phase I grant application, followed by an investment of $60,000, conditional on our getting the SBIR Phase I grant of $150,000. The $60,000 investment would be matched by a Phase IB grant of up to $30,000. Successful phases I and IB would give us a very good chance of getting a Phase II grant of up to $750,000, which in turn would allow us to get a Phase IIB grant of up to $500,000 matching an additional investment of $1,000,000.
------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:''' Tozny '''Website:''' http://tozny.com '''Location:'''

'''Management Team:'''

Isaac Potoczny-Jones, President [mailto:ijones@tozny.com@SyntaxPolice ijones@tozny.com@SyntaxPolice]
http://www.linkedin.com/pub/isaac-potoczny-jones/4/b64/23b

Leah Daniels, VP Business Development http://www.linkedin.com/in/leahcdaniels

'''Business Model:''' Digital authentication - proving who we are - is a constant necessity on modern networks. Users are buried under the weight of too many passwords, and are faced with a conundrum: good passwords are impossible to remember, and bad passwords are easy to guess.
Tozny replaces passwords with a cryptographic app on your smart phone, making login both easier and more secure than passwords. Alternately, use Tozny to augment passwords with multi-factor authentication. Tozny helps enterprises and web sites stay secure and gives users an easier way to log in.

'''Traction:''' We have a customer in the government who is funding our work under a small business innovation program, and we have strong leads with a few large consumer-facing organizations in banking, health care, and telecommunications.

'''Amount funds seeking:''' $500K

------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:''' Welcomer '''Website:''' http://www.welcomer.me '''Location:'''Australia

'''Management Team:'''

Kevin Cox - [mailto:kevin@welcomer.me kevin@welcomer.me] http://au.linkedin.com/in/kevinrosscox Kevin is an Identity domain expert who has deep understanding of how organisations can benefit from giving people access to their own information. Kevin previously founded identity verification company Edentiti which was acquired in late 2013.

Paul Marando - [mailto:paul@welcomer.me paul@welcomer.me] http://au.linkedin.com/pub/paul-marando/4/111/486 Paul comes across from Edentiti bringing with him a deep understanding of identity technology and a track record developing scalable architecture. Paul looks after the technology as well as leading the engineering team.

Rory Ford - [mailto:rory@welcomer.me rory@welcomer.me] http://au.linkedin.com/in/roryford/ Rory brings a background in online marketing and product management. Previously he established a portfolio of websites bringing in online sales across more than 120 countries. Rory also worked within Edentiti, looking at new product opportunities that have formed the basis for Welcomer.

'''Business Model:''' Welcomer provides an identity verification solution to small and medium organizations by utilizing a person’s access to their own information. Based on proven Enterprise technology, already used by banks, Welcomer makes money from each successful verification.

'''Traction:''' Company has raised ~$450K seed funding.

'''Amount funds seeking:''' $300,000
------ ------ ------ ------ ------ ------- ------ ------ ------

'''Company:'''Traitware '''Website:'''http://www.traitware.com '''Location:''' San Francisco

'''Management Team:'''

Harlan Hutson President - Mr. Hutson is a serial entrepreneur now on his third start-up. Harlan has been fascinated with online transactions and security since the creation of his second start-up, an online event ticketing company that was sold in 2010

Dr. Herbert w. Spencer CTO - Dr. Spencer has been a developer of new technologies since building a computer from pinball machine parts in junior high school. He received a Ph.D. in plasma physics from Auburn University and started EC&C Technologies, Inc.

'''Business Model:''' TraitWare™ delivers 2-factor authentication making mobile and web computing more secure and enjoyable. Our patent pending process authenticates both user and device, binding them together to create a secure signature. When combined with PhotoAuth™, TraitWareID™ eliminates the need to enter a PIN, OTP or “out-of-band” SMS codes for authentication.

'''Traction:''' TraitWare is fully operational is now being used in pilot tests by companies that have been signed as partners. TraitWare is bundling its authentication with software to solve customer needs in the areas of finance, payments, and health care.

'''Amount funds seeking:'''

What’s it Take to get a Customer-Centric Startup to Win Funding? (VC Panel Discussion)

2014-06-02T14:38:36Z

Ebgross: notes content added

'''Session Topic:''' What It Takes to Get a Customer-Centric Startup to Win Funding?

Thursday 3A

'''Convener:''' Nathan Schor

'''Notes-taker(s):''' Panel Discussion Video

'''Tags for the session - technology discussed/ideas considered:'''

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''
An accomplished group of investors were invited to discuss challenges to funding startups building privacy, identity and customer-empowerment solutions, as well as to hear founders pitching specific business model.
To the best of our knowledge, this is the first ever investor event focused exclusively on funding user-centric business models.

Here is who participated:
* Noah Doyle - [http://javelinvp.com javelinvp.com]
* Keith Teare - [http://archimedeslabs.com archimedeslabs.com/]
* Derek Anderson - [http://startupgrind.com startupgrind.com]
* Kayvan Baroumand - [http://nestgsv.com nestgsv.com]
* Dan Gordon - [http://valhallapartners.com valhallapartners.com/]
* Amit Shah - Aritman Ventures [http://artiman.com artiman.com/]
* Anandan Jayaraman

Here is a link to video of the Panel Discussion:
https://vimeo.com/channels/iiw18investorpanels

NSTIC – Update From NIST and Roundtable

2014-06-02T14:33:17Z

Ebgross: notes content added

'''Session Topic:''' NSTIC: Update from NIST & Roundtable

Tuesday 4E

'''Convener:''' James Sheire

'''Notes-taker(s):''' Kaliya Hamlin

'''Tags for the session - technology discussed/ideas considered:'''

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

NSTIC = National Strategy for Trusted Identities in Cyberspace

It is the National Strategy to form an Ecosystem ~ where people can voluntarily choose and ID and login.

Privacy, Interoperability, User-Friendly, More Secure ---> User have to create dozens of account.

Problems it seeks to address - Re-Use over and over of passwords.

They (the NPO) is facilitating a private sector lead group.

The purpose is to create the policies, rules and standards and framework that governs the interactions in the ecosystem.

Getting Federal Government Programs to get being early adopters and use 3rd party credentials.

Access to government services, file a medicare claim.

FCCX (pronounced F6) service users login approved credentials. Choose from IDP's that are approved.

Q: Do any of them let them control their ID.

A: At higher level of assurances must have it be bound.

Vouch for Individual

What about allowing users vouch self where the individual holds externally vouched for attributes?

Dialogues will emerge on different efforts.

LOA - 1, 2, 3, 4

Digital Certificates of Proof

The hardest part is the business process - record keeping etc.

Robin: HIS model where brokering system where credentials themselves come from bank.

Update: become independent entity with its own capabilities. 501( c )3
* -comment from crowd - "so it is a charity"

IDESG will have funding through Grants

FCCX (USPS) (Contract with Secure key) to build the HUB - processes for ID and for departments who will pulg in.

It has better privacy capabilities.

It will have a consistent experience for citizens. <---starts new behavior

What is the business model for FCCX
* Cost reduction
* Agencies will/do subscribe

* Tired of paying for proofing vs. authentication again and again.
* Payment for Authentication.

Question: States? get involved?
* Legislation to expand

Struggling with attempts to integrate access via single ID

Citizen authentication strategy

Virginia DMV

others HHS (Health and Human Services)

Hurdle 1 - create place for 1 credential

Then 2 - accepting third party

requirements - verify eligibility.

Ken K. 700 Credential service providers
* not approached about getting $

Jims comment Agencies want Identity proofing - wants to be stateless

Tensions and Challenges - ID Resolution - Do I have right dataset?

As CSP (credential service provider)

They don't have all the attributes they need - even if we had moving them in back.

The way NSTIC coordinate ONC

see potential

TrustedID = better proofing of ID better security + privacy options

How same patient @one place is another place.

Inora Healthcare 3rd party private access - Google, MSFT.

Personal Health Records

"Tools"

What does that mean?
* Standards?
* how you do it?

Direct Protocol - well established

Digitally signed email

RESTful health exchange

Feature Speaker ONC

Awarded 12 pilots to catalyze 2 states 10 innovations

NSTIC.gov

greatw ay to meet pilots

Round 3 is being announced in early fall.

Might have a 4th round.

Question to facilitate.

Market 2011 - when issue, where now?

Mobile Device

OpenID Connect is the answer

of course privacy a lot of attention.

Real marketplace competition

Wanted to stimulate broad spectrum of identities to choose from. greater level of offering

In coming year - write framework requirments
* work
* intention
* resources

Its a "round table" always looking for feedback.

2 schools of thought - credit agency, VRM Proofs

look at Scandinavian model

The truth about NSTIC - what is a trusted (verified) ID

Financial services - IDProofing/Authentication

Three aspects
* Session
* Authentication
* ID

They are different

Pilot in NY with Broadridge

IdP -> KYC
* attribute
* exchange
* networks

timeframework 2010-2011 IdP "do" everything

My thought while listening - what to do to create a real learning community

Power / Info Asymmetry

with IdP / AP / Relying Party

Why FB make change, fine grain

Indepth privacy assessment

one for internal / one for external

they are now enabling anonymous login - sell in aggregate form to the later

NSTIC language "unobtrusively" IdP

FCCX - double blind unobservability

still a lot to be done have consumers fully participate. In value of data

Privacy enhancing workshop series at NIST

Full value exchange

How to leverage against include services

changing user expectations

Free People Beyond the Next 10 Years – (Continuation from Wed Session/Manifesto Writing)

2014-05-30T19:11:02Z

Ebgross: Created page with "'''Session Topic:''' “We Are The Last Generation of Free People” Wednesday 1G & Thursday 4G '''Convener:''' Kaliya Hamlin '''Notes-taker(s):''' Kaliya Hamlin '''Tags ..."

'''Session Topic:''' “We Are The Last Generation of Free People”

Wednesday 1G & Thursday 4G

'''Convener:''' Kaliya Hamlin

'''Notes-taker(s):''' Kaliya Hamlin

'''Tags for the session - technology discussed/ideas considered:'''

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

This session was called by Kaliya Hamlin to discuss the statement Julian Assange made in Dec 2013 at CCC in Germany. He said paraphasing - ''we are the last generation of free people and there is about 10 years left to resist the trends that are proceeding and to make sure we don’t loose our freedom.''

We began the session by articulating the things we were afraid of (these were subsequently clustered into 8 broad categories. Each post-it note was written by one person and the read first set of bullets under each is are the text of those.

The next set of of bullets in blue were the solutions (which subsequently were clustered to with the 8 problem categories, but clearly some of the solutions are applicable to more then one problem cluster).

Inbetween articluating the problem and articulating the solution we also discussed how things were different now with technology.

Syping on Snail Mail happened - but was costly and more time consuming + potentially obvious that it was happening.

We had tyrany - lack of freedom and the Divine right of Monarchy.

Can law adapt to extreme power of technology?

New: Economics - beyond reasonable - open field. GPS v. Police

Anonymity is related to cost of de-anonymizing

'''ILLUMINATI - elite control'''
* American Dominance / Imperialism
* State controlled narrative of what is right/wrong, current events
* Lack of randomness in the world
* Invisible ubiquitous control of the powers of state by the monied elite
* Breakaway civilization in space of elites lead by Musk and Theil
* Centralized actors control decision making. This results in portions of society being increasingly marginalized - violence continues to be the primary regulatory tool.
* What does unfreedom look like? what are we most concerned about? Loss of individual rights of choice to exist or function in a society you have to X or there will be Y punishment.
* Elyseum, Hunger Games, Small ruling elite have total control over the vast majority of people.
* Total subjugation to an arbitrary / involuntary collective.

** No Money in Politics
** More local connectivity and empowerment
** Community Rights Movement Ordinances
** More Local Connectivity and Empowerment
** No Money in Politics
** Consumer Co-Ops as Tech Platforms
** Deliberative Democratic Processes for all levels of government in systems
** Transform Culture through institutional structures and processes
** Disruption of Current Electorate Habits
** Figure out how to “clear” issues triggering of collective shame and vulnerability
** Insist that state systems be simply explained to regular citizens
** Invest in “schools early” stage engagement in tech vs. lawsuits later
** Stop Policy Laundering
** Atoms are different then Bits
** Bounties for whistle blower info
** Producer Consumer healing - relational capitalism?
** Sharing Economy - supporting it digitally in real way
** Better democracy - measurable feedback systems - quantifiable plurality
** Wealth / power transparency

'''Online Tracking -> Offline Oppression'''
* UN-Freedom “online” more and more affecting the “real world.
* Organizing....collective action is practically inhibited to prevent change and social dissent.

'''Violence / Accountability'''
* Widespread unaccountable market for violence
* Violent suppression of nonviolent dissent
** Police / Military Accountability and Regulation
** Empathy / Peaceful parenting

'''Hivemind/Lack of Discourse'''
* No divers and critical thinking
* Total loss of individual autonomy
* No disagreement = no diversity =no resilience
* Death of Political Dissent
* Hivemind by Radio Telepathy
* Censored Content based on Political/Religious Ideology
* Sock Puppetry + Astroturf-auto-matic detection mechanisms.

'''Apathy'''
* Indifference (People Accepting Surveillance, Censorship, etc as Normal).
** Agorism
** P2P Economy - crypto currencies, distributed exchange, local and personal production.

'''Computer - Control'''
* Algorithmic enforcement of societal norms.
** Build respectful software for the world we want.
** Distributed, Anonymous, Encrypted Mesh Cloud Networks and Storage
** Search and seizure laws catch up with technology
** Web protocols and application that empower individuals both in their access to synthesized information and in their control over distribution of information. Goal: Self-Balance

'''Government Opacity'''
* Lack of government transparency / punishment of whistleblowers
** Government Transparency
** Open Data is Not Enough - Citizen Tools public tools to sense make address challenges
** MayOne SuperPAC

'''Privacy'''
* Privacy for the powerful, transparency for the weak

* No Privacy.
** = no safe space
** = no places/times where we can make ourselves vulnerable
** = no diversity of ideas/behaviors ways of living.
** = no resilience

* Privacy goes away completely. Government knows everything.
Oops! It’s happened already!

* Unfreedom - There is no longer a safe space anywhere (on your person, in your home, in the cloud, etc) where individuals can store their personal info and data without the reis of it being seized, searched and compromised by an authoritative body.

* Ubiquitous Surveillance - by government & of each other.

* The Details of our lives are wholly-owned assets of third party entities.

** Data is recognized as property owned by the individual.
** Work on technologies that improve privacy and security on the internet.
** Other forms of violence - economic, psychological are acknowledged
** Resistance the government systems of surveillance via local political bodies - city, county and state.
** Breakdown Tight Hierarchy towards Decentralized.

????
* On facebook no one will hear me scream
** Buy a Microphone
** I don’t know the solution, but it has to be social, technical, political, economic legal etc. all in one.

We Are The Last Generation of Free People

2014-05-30T19:09:57Z

Ebgross: notes content added

IIW 18 Notes

2014-05-30T18:55:28Z

Ebgross: /* Wednesday May 7, 2014 */

=Tuesday May 6, 2014=

===Session 1===

1A/ [[Respect Network LAUNCH]]

1B/ [[Social ID’s in Enterprise]]

1D/ [[Indie BOX – Let’s Bring Our Data Home]]

1F/ [[Covert Redirect – What It Is/What It Ain’t]]

1G/ [[Improving the Mobile Federation Sign-In Experience]]

1J/ [[Phishing Blend Authentication and Authorization]]

===Session 2===

2A/ [[JOSE Can You See – A Technical Overview of JWT]]

2B/ [[Collaboration For Collective Impact]]

2C/ [[Me Depot – Serving Billions]]

2D/ [[Intentions vs Identity]]

2F/ [[I o T = Identity of Things]]

2G/ [[Customer Support for Personal Data Stores]]

2H/ [[An Introducing to IndieWeb]]

2I/ [[“SCIM” Next Steps]]

2J/ [[New OAuth 2-wg – Multi-Party Federation]]

===Session 3===

3A/ [[OpenID Connect – Interop Testing Details]]

3B/ [[It’s NAPPS – Enabling SSO for Native APPS]]

3C/ [[Engaging End Users – How Do We Get Consumers to Participate in Identity]]

3D/ [[“Privacy Lens”]]

3E/ [[Ethical Data Handling]]

3F/ [[Platform Deep-Dive of: Qredo]]

3G/ [[Open ID Connect 101 – How it Works/What is it for]]

3H/ [[Join the Indieweb]]

3I/ [[Silicon Valley “Culture of Youth”]]

3J/ [[Your Digital Traits for STRONG Auth]]

===Session 4===

4A/ [[OpenID Connect – Logout/Session Mgmt (Part 1)]]

4B/ [[How Do We Preserve and Protect Identity / Identity Theft]]

4C/ [[CAN’T BE EVIL]]

4D/ [[FUSE Architecture – PICOS and Connected Cars]]

4E/ [[NSTIC – Update From NIST and Roundtable]]

4H/ [[IndieAuth – Turn Your Personal Domain Into An OAUTH Provider]]

4J/ [[Practice Session for Investor Panel]]

===Session 5===

5A/ [[OpenID Connect – Logout/Session Mgmt (Part 2)]]

5B/ [[Personal Sovereign Design]]

5C/ [[4th Parties – Use Cases for Others Besides the User, IDP and Relying Party]]

5E/ [[DOXING as Vigilante Justice]]

5F/ [[Respect Network plus XDI]]

5G/ [[Aging plus Caregivers plus Post Death Identity Mngt]]

=Wednesday May 7, 2014=
===Session 1===
1A/ [[VRM (Vendor Relationship Management) Progress Report]]

1B/ [[OAuth Security – Proof of Possession]]

1C/ [[Privacy Metrics – What Could They Be? What Should They Measure? Should They Exist?]]

1D/ [[Home Owner Personal Data]]

1G/ [[We Are The Last Generation of Free People]]

===Session 2===
2A/ [[VRM Adoption Case Study – MYDEX]]

2C/ [[HTTPSY – Leave the Certificate Authority Behind]]

2D/ [[SAFEnet]]

2E/ [[Data Inequality $ = $ Income Inequality]]

2G/ [[Channel Binding for Open ID Connect]]

2K/ [[ADHOC: UMA Interop Testing Session Thing]]

===Session 3===
3A/ [[Mozilla Listens to IIW]]

3C/ [[Real Estate Use Cases]]

3E/ [[Shopping for Identity Providers – What do I need to know before I put my identity in your provider]]

3F/ [[Functional Model Elements from NSTIC – Personal Cloud Review]]

3G/ [[Self ID]]

3H/ [[Mobile Connect]]

3J/ [[Clarify and Learn About Web Payments and Identity]]

===Session 4===
4A/ [[New Book – Extreme Relevancy]]

4B/ [[IoT and Open Standards – Oauth2, UMA…]]

4D/ [[Gettign WC3 People to come to IIW19]]

4E/ [[Mobile SSO – How We Did It/USIMG/OAuth, Open ID Connect]]

4F/ [[OAuth SASL (OAuth for non-web apps, ep.IMAP)]]

4G/ [[Post Life Identity Privacy]]

4H/ [[Root of Trust]]

4J/ [[Investor Pitch Practice (Pt 1)]]

===Session 5===
5A/ [[Be Ready for the AUTHpocalypse – Lightweight/Dynamic Client Registration for IMAP/SASL]]

5B/ [[Identity Ecosystems plus the IDESG]]

5C/ [[Google – Recent Update and Input on OAuth DevX]]

5D/ [[ID Things You Can Do With A “FREEDOM BOX”]]

5E/ [[The ID – Lobrary/Film Fest and Anthology – ‘this Community Cannon’]]

5F/ [[Help us do Social Media Marketing for the Respect Network Launch]]

5G/ [[How To Deal With The Case When The Intended Audience Is Not The Releasing Party]]

5H/ [[Lost Dog! User Centric ID Management (FIDO and Other Opts…]]

5I/ [[Bitcoin and Identity]]

5J/ [[Investor Pitch Practice (Pt 2)]]

5K/ [[NAAPS Working Group]]

=Thursday May 8, 2014=
===Session 1===
1A/ [[In 5min or less – Tell me a Happy Future Story About “IDENITY”]]

1D/ [[Let’s create some -Partinent Art – that speaks to our condition and Brainstorming ides about topics for books for children and management]] –
like SCADA and ME

1G/ [[Reputation]]

1J/ [[DNSSEC 101 – intro how it works/my war stories]]

===Session 2===
2B/ [[DARASHA XDI app – Music Library]]

2C/ [[AWS QandA]]

2D/ [[ACE = Authentication and Authorization for Constrained Environments]]

2G/ [[Help Doc prep for the VC Panel]]

2I/ [[The Maker Economy and Identity]]

===Session 3===
3A/ [[What’s it Take to get a Customer-Centric Startup to Win Funding? (VC Panel Discussion)]]

3B/ [[Kitties are Fluffy!!]]

3F/ [[Icons for Privacy]]

3G/ [[Where Are the RP’s?]]

3H/ [[HOW CSP’s (cloud service providers) and Authentication Providers Fit Together on the RESPECT NETWORK]]

===Session 4===
4A/ [[Start-Up’s Pitching]]

4G/ [[Free People Beyond the Next 10 Years – (Continuation from Wed Session/Manifesto Writing)]]

===Session 5===
5A/ [[Start-Up’s Pitching]]

5C/ [[Murder via Google Maps]]

5F/ [[CAMBRIAN – A User-Centric de-centralized platform for entrepreneurs]]

Engaging End Users – How Do We Get Consumers to Participate in Identity

2014-05-30T18:51:34Z

Ebgross: notes content added

'''Session Topic:''' Engaging End Users: How do we get consumers to participate in identity discussion?

Tuesday 3Cå

'''Convener:''' Eno Jackson

'''Notes-taker(s):''' Eno Jackson

'''Tags for the session - technology discussed/ideas considered:'''

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

[[File:IIW18_TU3C_Engaging_End_Users.jpg ‎]]

File:IIW18 TU3C Engaging End Users.jpg

2014-05-30T18:49:59Z

Ebgross:

Engaging End Users – How Do We Get Consumers to Participate in Identity

2014-05-30T18:47:41Z

Ebgross: Created page with "'''Session Topic:''' Engaging End Users: How do we get consumers to participate in identity discussion? Tuesday 3Cå '''Convener:''' Eno Jackson '''Notes-taker(s):''' Eno J..."

Main Page

2014-05-30T18:38:19Z

Ebgross:

<Big> Welcome to the Internet Identity Workshop (IIW) Wiki </big>

[http://www.internetidentityworkshop.com WE HAVE A WEBSITE/BLOG TOO!]

* To get updates regarding IIW [http://lists.idcommons.net/lists/subscribe/iiwinfo subscribe here].

* To join the identity commons community list and dialoguing about user-centric and other identity initiatives [http://lists.idcommons.net/lists/subscribe/community you can do so here].

* To learn more about identity commons linking together efforts and supporting innovation in user-centric digital identity [http://www.idcommons.net/ visit the website]

=== Next Internet Identity Workshops ===
* '''IIW 19 is October 28-30, 2014'''
**[[Note Form]]

=== Previous Internet Identity Workshops & Satellite Events ===
* '''IIW 18 May 6-8, 2014'''
**[[IIW 18 Proposed Topics]]
**[[IIW 18 Notes]]

* '''IIW 17 October 22-24, 2013'''
** [[IIW 17 Proposed Topics]]
** [[IIW 17 Notes]]
** [http://iiw.idcommons.net/File:IIW17_BookofProceedings_2103B.pdf IIW17 Book of Proceedings]

* '''IIW #16 May 7-9 2013
** [[IIW 16 Proposed Topics]]
** [[IIW 16 Notes]]
** [http://iiw.idcommons.net/images/1/13/IIW16_Book_of_Proceedings.PDF IIW 16 Book of Proceedings]

* '''IIW #15 October 23-25 2012'''
** [[IIW 15 Proposed Topics]]
** [[IIW 15 Notes]]
** [http://iiw.idcommons.net/File:IIW15_Book_of_Proceedings.pdf IIW 15 Book of Proceedings]

* '''IIW #14 May 1-3 2012'''
**[[IIW 14 Proposed Topics]]
**[[IIW 14 Notes]]
**[http://iiw.idcommons.net/images/5/51/IIW14_BOP_PDF.pdf IIW 14 Book of Proceedings]

* IIW-Satellite Sydney
** [[IIW Satellite Sydney Notes]]

* IIW-Satelite DC
** [http://iiwsatellitedc2012.eventbrite.com/ Attendee List]
** [[IIW Satelite DC Proposed Topics]]
** [[IIW Satellite DC Notes]]

* IIW #13 October 18-20 2011
** [[iiw13 Proposed Topics]]
** [[IIW 13 Notes]]
** [["NSTIC Day" Proposed Agenda]]
** [[http://iiw.idcommons.net/File:IIW13_BOP_PDF.pdf IIW 13 Book of Proceedings]]

* IIW #12 May 3-5, 2011 at the [http://itshumour.blogspot.com/2009/09/top-10-hilarious-quotes.html hilarious quotes] Computer HIstory Museum in Mountain View California [http://www.casinoluckywin.com/en/games/slot_games/ best online slots]
** [[iiw12 Proposed Topics]]
** [[IIW 12 Notes]]

* Identity Collaboration Day, Feb 14, 2011 - Day before RSA, for discussion of user-centric, enterprise [http://www.hockeychamp2014.com/world-hockey-championships.html IIHF Hockey] and government identity initiatives.
** [http://www.idcolab.eventbrite.com ID Collaboration Day Registration/Description]
** [[IDCollab Proposed Topics]]
** [[IDCollab Day Notes]]

* IIW #11 Fall 2010 [[iiw11]] Nov 2-4, Tuesday-Thursday at the Computer HIstory Museum in Mountain View California
** [[Notes IIW11]]
** [http://www.internetidentityworkshop.com/what-is-iiw/ Responses to IIW is...] [http://bit.ly/dt3ruz Values of IIW]

* [[iiw-europe-1|IIW Europe]] in London Monday October 11 (before RSA Europe) at the University of London [http://www.imcredo.com/services/ppc/ Adwords Management]
** [[iiw-europe-1-Notes]]
** [[iiw-europe-1-Reflection]] As a Result of Today....

* [[iiw-east-1|IIW East Coast]] in DC September 9-10 Thursday, Friday at the Josephine Butler Parks Center (following the Gov 2.0 Summit) the [http://www.thefunnyquotessayings.com/cool-hilarious-funny-quotes-sayings/ funny quotes sayings] theme will be ''Open Identity for Open Government''
** [[Notes_IIW-East]]
** [[As a result of day 1 at IIW-East]]

* #10: Spring 2010 [[iiw10]] May 17-19 at the Computer History Museum.
** [[Notes IIW10]]

* #9: Fall 2009 [[iiw9]] TUESDAY November 3 to THURSDAY November 5.
** [[Notes_iiw9]]

* #8: Spring 2009 [[iiw8]] - '''May 18-20, 2009'''
** [[Notes_iiw8]]

* #7: Fall [[iiw2008b]] (2008B)- '''Nov 10-12''' - Computer History Museum, Mountain View, CA
** [[Notes_08b]]

* 6: Spring [[iiw2008a]] (2008A)- '''May 12-14, 2008''' - Computer History Museum, Mountain View, CA
** [[Notes_2008a]]

* [http://iiw.idcommons.net/index.php/Iiw2007b 5: December 3-5, 2007 - Computer History Museum, Mountain View, CA]

* [http://iiw.windley.com/wiki/Workshop_2007 4: May 2007 - Computer History Museum, Mountain View, CA]

* [http://iiw.windley.com/wiki/Workshop2006b 3: December 2006 - Computer History Museum, Mountain View, CA]

* [http://iiw.windley.com/wiki/Workshop2006 2: May 2006 - - Computer History Museum, Mountain View, CA]

* [http://www.socialtext.net/iiw2005/index.cgi?internet_identity_workshop_2005 1: October 2005 - Berkeley, CA]

=== Previous Identity Open Spaces ===

Identity Open Space events are co-produced by the IIW team (Phil, Kaliya, Doc) in collaboration with other organizations and events. To date we have worked with Digital Identity World and the Liberty Alliance. [http://www.grabcasinobonus.com/casino-bonuses/ Mobile Casino Bonus] We are open to working with a variety organizations - if you are interested please don't hesitate to contact us. [http://ios.windley.com/wiki/IOSSF September 2007 at Digital Identity World]

[http://ios.windley.com/wiki/IOSBrussels May 2007 following a Liberty Alliance Meeting in Brussels, Belgium]

[http://ios.windley.com/wiki/IOSSantaClara September 2006 at Digital Identity World]

=== Previous Identity Birds of a Feather Meetings ===

June 2006 [http://www.identitygang.org/ Identity Gang Birds of a Feather Session] at Burton Group Conference, San Francisco

January 2006 [http://www.socialtext.net/iiw2005/index.cgi?identity_speed_geeking_o_reilly_emerging_telephony_conference Identity Speed Geeking Session] at O'Reilly's Emerging Telephony Conference

December 2005 [http://www.socialtext.net/iiw2005/index.cgi?informational_morning_for_developers Pre-Syndicate Informational Morning for Developers]
/span>] commons linking together efforts and supporting innovation in user-centric digital identity [http://t.co/rRM74eb Visit the website]

=== Books of Proceedings ===

[[ALL Book of Proceedings PDFs]]

[[Subject Specific Note Collections]]

=== Previous Attendees Lists ===

* IIW 18: http://www.eventbrite.com/event/10266396067/efbnen
* IIW 17: http://iiw17.eventbrite.com/
* IIW 16: http://iiw16.eventbrite.com/
* IIW 15: http://www.eventbrite.com/event/3926801168/efbnen
* IIW 14: http://www.eventbrite.com/event/2785843533/efbnen
* IIW 13: http://www.eventbrite.com/e/internet-identity-workshop-xiii-13-2011b-tickets-1923616589
* IIW 12: https://www.eventbrite.com/e/internet-identity-workshop-xii-12-2011a-tickets-1189831819
* IIW 11: http://www.eventbrite.com/event/785398147/efbnen
* IIW 10: http://www.eventbrite.com/e/internet-identity-workshop-10-2010a-tickets-499632414
* IIW 09: http://www.eventbrite.com/e/internet-identity-workshop-9-2009b-tickets-394204075
* IIW 08: http://www.eventbrite.com/e/internet-identity-workshop-8-2009a-tickets-288845946

VRM Adoption Case Study – MYDEX

2014-05-16T17:18:45Z

Ebgross:

'''Session Topic:''' VRM Adoptions Case Study: MYDEX cic (How we tell it; where we are; what Mydex looks like including: peek at UK IDAP)

Wednesday 2A

'''Convener:''' William Heath

'''Notes-taker(s):''' William Heath

'''Tags for this session – Technology discussed/ideas considered:'''
PDS Personal clouds trust frameworks VRM

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

Mydex CIC is a social-enterprise VRM platform, live at http://pds.mydex.org and with contracts in UK market including UK government ID assurance provider. Having a national government agreeing to contract with individuals based on credentials held by the individual is potentially a significant VRM breakthrough.

First we heard how Mydex presents the big VRM picture to the uninitiated (which is still the majority). “Personal control over personal data” does not much resonate with consumers but there is a real political consensus about the fact there is a problem and personal control over personal data is a policy each British political party is committed to.

All the pols agree on that. But what they don’t get is how to implement personal control over personal data, and what the implications of it be. Aim is to set this out and to explain why it is a win-win for all parties: it’s a global problem, which affects organisations and individuals.

What Mydex does

Mydex offers personal data stores and connections, wrapped in a legal & technical trust framework.

The community needs diversity and interoperability in PDS providers. Key differentiating determinants of trust will be

1. governance & legal form: Mydex takes the legal form of Community Interest Company, limited by shares, highly transparent, asset locked and regulated in the returns it can offer shareholders.

2. Commercial (or business) model: Mydex is free in perpetuity to individuals, making a small micropayment charge to connecting organisations and apps

3. Legal basis: Mydex uses contract law and places the individual in the role of “data controller” in data protection law

4. Technical: Mydex has turned away from esoteric and untested tech and moved pretty much entirely to open course tech and standard tools, supporting multiple ID protocols (OpenID, Mozilla Persona, SAML, Shibboleth)

Market adoption has started with contracts in finance, media, local government and housing; also a potentially very significant contract for UK government ID assurance services. The proposition to individuals is convenence, control, trust and value. To organisations it’s cost savings, reduced regulatory overhead and opening the path to new services.

What Mydex does

We did a live walkthrough of the sandbox site (which replicates the live service) populate with dummy data. This showed data entry, management, connections, visualisations of the data and account management including “download my data” to enable switching to a different service.

The live sites are:

- [http://www.sbx.mydex.org sbx.mydex.org]: the Mydex sandbox where you can use dummy data

- [http://dev.mydex.org dev.mydex.org] - developer resources eg data schema, new data schema requests, API resources

- [http://pds.mydex.org pds.mydex.org] where people can get a personal data store.

Place in the market

The contracted connections are still in the process of implementation. For this reason user numbers are still only in the hundreds (ie people curious to see what Mydex looks like, even though they are not yet able to use it to connect). We also saw an outline of the UK government ID assurance service user journey, based on a mixed information set keyed in by the user. The UK government ID assurance programme rolls out in the course of 2014.

IIW 18 Notes

2014-05-16T17:17:25Z

Ebgross: /* Session 4 */

=Tuesday May 6, 2014=

===Session 1===

1A/ [[Respect Network LAUNCH]]

1B/ [[Social ID’s in Enterprise]]

1D/ [[Indie BOX – Let’s Bring Our Data Home]]

1F/ [[Covert Redirect – What It Is/What It Ain’t]]

1G/ [[Improving the Mobile Federation Sign-In Experience]]

1J/ [[Phishing Blend Authentication and Authorization]]

===Session 2===

2A/ [[JOSE Can You See – A Technical Overview of JWT]]

2B/ [[Collaboration For Collective Impact]]

2C/ [[Me Depot – Serving Billions]]

2D/ [[Intentions vs Identity]]

2F/ [[I o T = Identity of Things]]

2G/ [[Customer Support for Personal Data Stores]]

2H/ [[An Introducing to IndieWeb]]

2I/ [[“SCIM” Next Steps]]

2J/ [[New OAuth 2-wg – Multi-Party Federation]]

===Session 3===

3A/ [[OpenID Connect – Interop Testing Details]]

3B/ [[It’s NAPPS – Enabling SSO for Native APPS]]

3C/ [[Engaging End Users – How Do We Get Consumers to Participate in Identity]]

3D/ [[“Privacy Lens”]]

3E/ [[Ethical Data Handling]]

3F/ [[Platform Deep-Dive of: Qredo]]

3G/ [[Open ID Connect 101 – How it Works/What is it for]]

3H/ [[Join the Indieweb]]

3I/ [[Silicon Valley “Culture of Youth”]]

3J/ [[Your Digital Traits for STRONG Auth]]

===Session 4===

4A/ [[OpenID Connect – Logout/Session Mgmt (Part 1)]]

4B/ [[How Do We Preserve and Protect Identity / Identity Theft]]

4C/ [[CAN’T BE EVIL]]

4D/ [[FUSE Architecture – PICOS and Connected Cars]]

4E/ [[NSTIC – Update From NIST and Roundtable]]

4H/ [[IndieAuth – Turn Your Personal Domain Into An OAUTH Provider]]

4J/ [[Practice Session for Investor Panel]]

===Session 5===

5A/ [[OpenID Connect – Logout/Session Mgmt (Part 2)]]

5B/ [[Personal Sovereign Design]]

5C/ [[4th Parties – Use Cases for Others Besides the User, IDP and Relying Party]]

5E/ [[DOXING as Vigilante Justice]]

5F/ [[Respect Network plus XDI]]

5G/ [[Aging plus Caregivers plus Post Death Identity Mngt]]

=Wednesday May 7, 2014=
===Session 1===
1A/ [[VRM (Vendor Relationship Management) Progress Report]]

1B/ [[OAuth Security – Proof of Possession]]

1C/ [[Privacy Metrics – What Could They Be? What Should They Measure? Should They Exist?]]

1D/ [[Home Owner Personal Data]]

===Session 2===
2A/ [[VRM Adoption Case Study – MYDEX]]

2C/ [[HTTPSY – Leave the Certificate Authority Behind]]

2D/ [[SAFEnet]]

2E/ [[Data Inequality $ = $ Income Inequality]]

2G/ [[Channel Binding for Open ID Connect]]

2K/ [[ADHOC: UMA Interop Testing Session Thing]]

===Session 3===
3A/ [[Mozilla Listens to IIW]]

3C/ [[Real Estate Use Cases]]

3E/ [[Shopping for Identity Providers – What do I need to know before I put my identity in your provider]]

3F/ [[Functional Model Elements from NSTIC – Personal Cloud Review]]

3G/ [[Self ID]]

3H/ [[Mobile Connect]]

3J/ [[Clarify and Learn About Web Payments and Identity]]

===Session 4===
4A/ [[New Book – Extreme Relevancy]]

4B/ [[IoT and Open Standards – Oauth2, UMA…]]

4D/ [[Gettign WC3 People to come to IIW19]]

4E/ [[Mobile SSO – How We Did It/USIMG/OAuth, Open ID Connect]]

4F/ [[OAuth SASL (OAuth for non-web apps, ep.IMAP)]]

4G/ [[Post Life Identity Privacy]]

4H/ [[Root of Trust]]

4J/ [[Investor Pitch Practice (Pt 1)]]

===Session 5===
5A/ [[Be Ready for the AUTHpocalypse – Lightweight/Dynamic Client Registration for IMAP/SASL]]

5B/ [[Identity Ecosystems plus the IDESG]]

5C/ [[Google – Recent Update and Input on OAuth DevX]]

5D/ [[ID Things You Can Do With A “FREEDOM BOX”]]

5E/ [[The ID – Lobrary/Film Fest and Anthology – ‘this Community Cannon’]]

5F/ [[Help us do Social Media Marketing for the Respect Network Launch]]

5G/ [[How To Deal With The Case When The Intended Audience Is Not The Releasing Party]]

5H/ [[Lost Dog! User Centric ID Management (FIDO and Other Opts…]]

5I/ [[Bitcoin and Identity]]

5J/ [[Investor Pitch Practice (Pt 2)]]

5K/ [[NAAPS Working Group]]

=Thursday May 8, 2014=
===Session 1===
1A/ [[In 5min or less – Tell me a Happy Future Story About “IDENITY”]]

1D/ [[Let’s create some -Partinent Art – that speaks to our condition and Brainstorming ides about topics for books for children and management]] –
like SCADA and ME

1G/ [[Reputation]]

1J/ [[DNSSEC 101 – intro how it works/my war stories]]

===Session 2===
2B/ [[DARASHA XDI app – Music Library]]

2C/ [[AWS QandA]]

2D/ [[ACE = Authentication and Authorization for Constrained Environments]]

2G/ [[Help Doc prep for the VC Panel]]

2I/ [[The Maker Economy and Identity]]

===Session 3===
3A/ [[What’s it Take to get a Customer-Centric Startup to Win Funding? (VC Panel Discussion)]]

3B/ [[Kitties are Fluffy!!]]

3F/ [[Icons for Privacy]]

3G/ [[Where Are the RP’s?]]

3H/ [[HOW CSP’s (cloud service providers) and Authentication Providers Fit Together on the RESPECT NETWORK]]

===Session 4===
4A/ [[Start-Up’s Pitching]]

4G/ [[Free People Beyond the Next 10 Years – (Continuation from Wed Session/Manifesto Writing)]]

===Session 5===
5A/ [[Start-Up’s Pitching]]

5C/ [[Murder via Google Maps]]

5F/ [[CAMBRIAN – A User-Centric de-centralized platform for entrepreneurs]]

OpenID Connect – Logout/Session Mgmt (Part 1)

2014-05-16T17:15:28Z

Ebgross:

'''Session Topic:''' Open ID Connect: Session Management / Logout Discussion
(Part 1 & Part 2)

Tuesday 4A & 5A

'''Convener:''' Mike Jones; John Bradley; Naveen Agarwal

'''Notes-taker(s)''': Mike Jones

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

Participants also included:

Torsten Lodderstedt

Chuck Mortimore

Brian Campbell

Alan Karp

Breno de Medeiros

John Pinter

Bill Mills

Back channel logout

Multiple RP sessions might be logged in at once

OP doesn't have session identifiers

Torsten - back channel logout has been shown to cause problems

Chuck - the session-based SAML logout doesn't work well and isn't supported

Brian - requiring JavaScript on every page a non-starter in enterprise contexts

Alan Karp - Better UI could help users better understand what's actually going on

John - one requirement can be extending session lifetimes across sessions

Chuck - The only session state typically present is the session cookie

Brian - SAML has fragile redirect chain
* Another means is for the IdP to do a GET to each RP endpoint
* Ping is currently implementing something like that

Naveen - Unless the browser tab is active, the JavaScript logout doesn't work

Naveen - Yahoo had a variant where they stored state for all sessions in a single cookie

Brian - Doing GETs to single-pixel images, which trigger logouts

John - The RP could check the referer if it wants to secure the logout
* But in general, not protectable against XSRF

Chuck - Browsers are getting better about preventing cookie state manipulation in iframes

Torsten - Will check what DT is doing

John - ID Token "exp" claim doesn't trigger logout in practice

Naveen - We could just document both front channel mechanisms as optional
* Enterprises might choose one method, the Web might choose another
* We should document both as a next step

Mike - If we support multiple mechanisms, the RPs would get to decide

John - Back channel notification is yet a third mechanism

David Pinter - The front channel won't always be available

Bill Mills - Security policy may require ability to kill all sessions

John - A compromise back channel mechanism is notifying RPs on the back channel of a state change

Mechanisms:
* postMessage:
** Pro: RPs get notifications, minimal web traffic
** Con: Requires RP JavaScript
*** Doesn't work when RP tab not active
* image/iframe GETs:
** Pro: Doesn't require JavaScript
*** Still uses session cookies
** Con: IdP needs to track active RP sessions
*** Ugly logout page
*** All RPs might not be notified before the browser is closed
* backchannel notifications:
** Pro: Works even when RP tab not active
** Con: Requires RP logic to identify and communicate with session to logout
*** IdP scaling issues

Chuck - Current spec doesn't work for enterprise use cases because of JavaScript requirement
* and because the RP must be active for the logout to work

Chuck - We didn't put "jti" in the ID Token - we could for enabling logout
* That would enable correlating back channel notifications received to active sessions
* Open questions about whether to use the same ID in multiple responses to same RP
* Probably use a separate session identifier that is not "jti"

Dale - Back channel notification is effectively ID Token revocation

Chuck - The OP wants to be authoritative for the session ID

Chuck - Revoking a session could be done like an OAuth revocation
* OAuth revocation supports CORS and JSONP

Actions:
* Add image/iframe description to Session Management
* Also describe back channel mechanism
* Then we decide what to do after that

Naveen, Breno - Google is planning to build a token caching layer
* It would get tokens at login time and clear them at logout
* It would send notifications when things change
* It would communicate internally with postMessage
* postMessage requires a security layer

George - How is this like the Trusted Agent in the Native Applications work?

Naveen - It's a lot like that

2014-05-16T17:05:40Z

Ebgross: Blanked the page

VRM Adoption Case Study – MYDEX

2014-05-16T17:04:34Z

Ebgross: notes content added

'''Session Topic:''' VRM Adoptions Case Study: MYDEX cic (How we tell it; where we are; what Mydex looks like including: peek at UK IDAP)

Wednesday 2A

'''Convener:''' William Heath

'''Notes-taker(s):''' William Heath

'''Tags for this session – Technology discussed/ideas considered:'''
PDS Personal clouds trust frameworks VRM

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

Mydex CIC is a social-enterprise VRM platform, live atpds.mydex.org and with contracts in UK market including UK government ID assurance provider. Having a national government agreeing to contract with individuals based on credentials held by the individual is potentially a significant VRM breakthrough.

First we heard how Mydex presents the big VRM picture to the uninitiated (which is still the majority). “Personal control over personal data” does not much resonate with consumers but there is a real political consensus about the fact there is a problem and personal control over personal data is a policy each British political party is committed to.

All the pols agree on that. But what they don’t get is how to implement personal control over personal data, and what the implications of it be. Aim is to set this out and to explain why it is a win-win for all parties: it’s a global problem, which affects organisations and individuals.

What Mydex does

Mydex offers personal data stores and connections, wrapped in a legal & technical trust framework.

The community needs diversity and interoperability in PDS providers. Key differentiating determinants of trust will be

1. governance & legal form: Mydex takes the legal form of Community Interest Company, limited by shares, highly transparent, asset locked and regulated in the returns it can offer shareholders.

2. Commercial (or business) model: Mydex is free in perpetuity to individuals, making a small micropayment charge to connecting organisations and apps

3. Legal basis: Mydex uses contract law and places the individual in the role of “data controller” in data protection law

4. Technical: Mydex has turned away from esoteric and untested tech and moved pretty much entirely to open course tech and standard tools, supporting multiple ID protocols (OpenID, Mozilla Persona, SAML, Shibboleth)

Market adoption has started with contracts in finance, media, local government and housing; also a potentially very significant contract for UK government ID assurance services. The proposition to individuals is convenence, control, trust and value. To organisations it’s cost savings, reduced regulatory overhead and opening the path to new services.

What Mydex does

We did a live walkthrough of the sandbox site (which replicates the live service) populate with dummy data. This showed data entry, management, connections, visualisations of the data and account management including “download my data” to enable switching to a different service.

The live sites are:

- [http://www.sbx.mydex.org sbx.mydex.org]: the Mydex sandbox where you can use dummy data

- [http://dev.mydex.org dev.mydex.org] - developer resources eg data schema, new data schema requests, API resources

- [http://pds.mydex.org pds.mydex.org] where people can get a personal data store.

Place in the market

The contracted connections are still in the process of implementation. For this reason user numbers are still only in the hundreds (ie people curious to see what Mydex looks like, even though they are not yet able to use it to connect). We also saw an outline of the UK government ID assurance service user journey, based on a mixed information set keyed in by the user. The UK government ID assurance programme rolls out in the course of 2014.

2014-05-09T16:58:23Z

Ebgross:

Shopping for Identity Providers – What do I need to know before I put my identity in your provider

2014-05-09T16:55:55Z

Ebgross:

'''Session Topic:''' Shopping for an Identity Providers: What do I need to know before I put my identity in your provider?

Wednesday 3E

'''Convener:''' Matt Berry

'''Notes-taker(s):''' Dan Sanford

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

[[File:IIW18_Wed3E.jpg]]

Things to consider

nsio

strong authentication

privacy policy

protocols

guarantees

operational security

scopes and types of information

relevancy

information required for identity proofing

How do I measure it?

Could certify operational security and privacy policy

Lots of discussion - what is an IDP (e.g. )
* abiility to export data
* ability to provide data to a third party'

how (when and why) will privacy policy change? Lots of discussions about who measures, what and how much IdP describes this information? Are we willing to pay for it?

Government or others can monitor changes and/or validating that entities do what they intend to, or possibly even meet some standard (e.g. w3c recommended policy standards for website - has gone nowhere)

Lots of discussion of standards for these things to consider that we would want that don't exist right now - which is something that we would want to consider if they were available.

2014-05-09T15:30:16Z

Ebgross: /* Session 1 */

=Tuesday May 6, 2014=

===Session 1===

1A/ [[Respect Network LAUNCH]]

1B/ [[Social ID’s in Enterprise]]

1D/ [[Indie BOX – Let’s Bring Our Data Home]]

1F/ [[Covert Redirect – What It Is/What It Ain’t]]

1G/ [[Improving the Mobile Federation Sign-In Experience]]

1J/ [[Phishing Blend Authentication and Authorization]]

===Session 2===

2A/ [[JOSE Can You See – A Technical Overview of JWT]]

2B/ [[Collaboration For Collective Impact]]

2C/ [[Me Depot – Serving Billions]]

2D/ [[Intentions vs Identity]]

2F/ [[I o T = Identity of Things]]

2G/ [[Customer Support for Personal Data Stores]]

2H/ [[An Introducing to IndieWeb]]

2I/ [[“SCIM” Next Steps]]

2J/ [[New OAuth 2-wg – Multi-Party Federation]]

===Session 3===

3A/ [[OpenID Connect – Interop Testing Details]]

3B/ [[It’s NAPPS – Enabling SSO for Native APPS]]

3C/ [[Engaging End Users – How Do We Get Consumers to Participate in Identity]]

3D/ [[“Privacy Lens”]]

3F/ [[Platform Deep-Dive of: Qredo]]

3G/ [[Open ID Connect 101 – How it Works/What is it for]]

3H/ [[Ethical Data Handling]]

3I/ [[Silicon Valley “Culture of Youth”]]

3J/ [[Your Digital Traits for STRONG Auth]]

3K/ [[Join the Indieweb]]

===Session 4===

4A/ [[OpenID Connect – Logout/Session Mgmt (Part 1)]]

4B/ [[How Do We Preserve and Protect Identity / Identity Theft]]

4C/ [[CAN’T BE EVIL]]

4D/ [[FUSE Architecture – PICOS and Connected Cars]]

4E/ [[NSTIC – Update From NIST and Roundtable]]

4H/ [[IndieAuth – Turn Your Personal Domain Into An OAUTH Provider]]

4J/ [[Practice Session for Investor Panel]]

===Session 5===

5A/ [[OpenID Connect – Logout/Session Mgmt (Part 2)]]

5B/ [[Personal Sovereign Design]]

5C/ [[4th Parties – Use Cases for Others Besides the User, IDP and Relying Party]]

5E/ [[DOXING as Vigilante Justice]]

5F/ [[Respect Network plus XDI]]

5G/ [[Aging plus Caregivers plus Post Death Identity Mngt]]

=Wednesday May 7, 2014=
===Session 1===
1A/ [[VRM (Vendor Relationship Management) Progress Report]]

1B/ [[OAuth Security – Proof of Possession]]

1C/ [[Privacy Metrics – What Could They Be? What Should They Measure? Should They Exist?]]

1D/ [[Home Owner Personal Data]]

1G/ [[Open Reputation Framework]]

===Session 2===
2A/ [[VRM Adoption Case Study – MYDEX]]

2C/ [[HTTPSY – Leave the Certificate Authority Behind]]

2D/ [[SAFEnet]]

2E/ [[Data Inequality $ = $ Income Inequality]]

2G/ [[Channel Binding for Open ID Connect]]

2K/ [[ADHOC: UMA Interop Testing Session Thing]]

===Session 3===
3A/ [[Mozilla Listens to IIW]]

3C/ [[Real Estate Use Cases]]

3E/ [[Shopping for Identity Providers – What do I need to know before I put my identity in your provider]]

3F/ [[Functional Model Elements from NSTIC – Personal Cloud Review]]

3G/ [[Self ID]]

3H/ [[Mobile Connect]]

3J/ [[Clarify and Learn About Web Payments and Identity]]

===Session 4===
4A/ [[New Book – Extreme Relevancy]]

4B/ [[IoT and Open Standards – Oauth2, UMA…]]

4C/ [[ID Web/Literacy and Leverage – Sovereign By Design]]

4D/ [[Gettign WC3 People to come to IIW19]]

4E/ [[Mobile SSO – How We Did It/USIMG/OAuth, Open ID Connect]]

4F/ [[OAuth SASL (OAuth for non-web apps, ep.IMAP)]]

4G/ [[Post Life Identity Privacy]]

4H/ [[Root of Trust]]

4J/ [[Investor Pitch Practice (Pt 1)]]

===Session 5===
5A/ [[Be Ready for the AUTHpocalypse – Lightweight/Dynamic Client Registration for IMAP/SASL]]

5B/ [[Identity Ecosystems plus the IDESG]]

5C/ [[Google – Recent Update and Input on OAuth DevX]]

5D/ [[ID Things You Can Do With A “FREEDOM BOX”]]

5E/ [[The ID – Lobrary/Film Fest and Anthology – ‘this Community Cannon’]]

5F/ [[Help us do Social Media Marketing for the Respect Network Launch]]

5G/ [[How To Deal With The Case When The Intended Audience Is Not The Releasing Party]]

5H/ [[Lost Dog! User Centric ID Management (FIDO and Other Opts…]]

5I/ [[Bitcoin and Identity]]

5J/ [[Investor Pitch Practice (Pt 2)]]

5K/ [[NAAPS Working Group]]

=Thursday May 8, 2014=
===Session 1===
1A/ [[In 5min or less – Tell me a Happy Future Story About “IDENITY”]]

1D/ [[Let’s create some -Partinent Art – that speaks to our condition and Brainstorming ides about topics for books for children and management –
like SCADA and ME]]

1G/ [[Reputation]]

1J/ [[DNSSEC 101 – intro how it works/my war stories]]

===Session 2===
2B/ [[DARASHA XDI app – Music Library]]

2C/ [[AWS QandA]]

2D/ [[ACE = Authentication and Authorization for Constrained Environments]]

2G/ [[Help Doc prep for the VC Panel]]

2I/ [[The Maker Economy and Identity]]

===Session 3===
3A/ [[What’s it Take to get a Customer-Centric Startup to Win Funding? (VC Panel Discussion)]]

3B/ [[Kitties are Fluffy!!]]

3F/ [[Icons for Privacy]]

3G/ [[Where Are the RP’s?]]

3H/ [[HOW CSP’s (cloud service providers) and Authentication Providers Fit Together on the RESPECT NETWORK]]

===Session 4===
4A/ [[Start-Up’s Pitching]]

4G/ [[Free People Beyond the Next 10 Years – (Continuation from Wed Session/Manifesto Writing)]]

===Session 5===
5A/ [[Start-Up’s Pitching]]

5C/ [[Murder via Google Maps]]

5F/ [[CAMBRIAN – A User-Centric de-centralized platform for entrepreneurs]]

Kitties are Fluffy!!

2014-05-09T15:28:50Z

Ebgross:

'''Session Topic:''' Kitties are Fluffy!

Thursday 3B

'''Convener:''' Justin Richer

'''Notes-taker:''' David Pinter

'''Tags for the session - technology discussed/ideas considered:''' multiple personas, corporate identity, personal identity, anonymity, outing,

'''Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:'''

BYOD is evolving into BYO Id

How does a corporate interest get impacted by action made from within a personal context?

Aggregate reputation/impact of employees _is_ the company reputation: The higher up the employee in the org, the greater the impact

Corporations (as employers) are NOT managing ID. Employees are bringing their IDs into the enterprise (ex: Forwarding corporate email to personal Gmail b/c that's where the employee's email lives, and where they "do" email).

Posts/comments are a reflection of personal State when made by individuals using company-provided IDs.

Comments made under a Company provided ID have a greater weight than a personal ID
Employees are at risk posting under company ID

Is there a safe harbor on the Net for Real Personas?

To what extend does an IDP stand behind the individual? It's different when the individual is an Agent of the IDP (employee) or customer.

Young people today have always HAD the internet, and are used to the concept of multiple identities/personas and can manage them natively (like children who grow up speaking multiple languages)

Tools, comfort, and calluses develop over time.

The Internet lacks a richness of context; sometimes the wrong persona is used on line. But when in Grandma's living room, it's not possible to switch out of the "grandma context" (vs. the school or friend or parent context)

The Internet doesn't forget or integrate. Transcripts are available for replay, but overall impressions formed in personal interactions (facial expression and body language, etc) add to human to human conversations that ultimately make the experience something greater than the recorded transcript.

Systems can now correlate contributions and recognize individuals using multiple personas, have the ability to "out" posters using different IDs.

We use different pathways when we speak than when we write.

Some individuals are better able to manage separate personas than others, kids in particular are inherently better at this.