Maturity models for privacy and identity
Greetings and salutations to you all! ;-)
I just read an awesome post to Toby Stevens blog on his maturity model for privacy. Check it out at http://www.highwest.com/. I thought that I'd share my comment I posted to his blog. Kim Cameron's cross-post was equally enlightenting: http://www.identityblog.com/2005/08/19.html
Let me know what you think? I will take a stab at developing a maturity model for identity and cross-reference it to Toby's model. I'll post it to this blog for public comments, especially the likes of Toby, Kim, Doc, Kaliya, et al. Imho, the industry needs to have these two strands of DNA (identity and privacy) laid out in a map that is digestable and realizable by society, business and governments, without having any individual give up the right to own his/her respective identity and privacy to sensitive information - either dynamic or static, as described in my earlier post......
So on to my comment to Toby's post at http://radio.weblogs.com/0146815/2005/08/22.html
Toby,
Great work on putting together the maturity scale. I believe calling it a maturity model for privacy is important. Privacy translates into protecting against access (authorized or not) critical, sensitive information, either owned by a person or a company that describes either a person or a company. In thinking about identity and privacy over the last 6 years, I have concluded that privacy follows from authorization which in turn follows from authentication. Knowing that privacy has been compromised results from monitoring access and reporting against unauthorized viewing by anyone, either authenticated or not. Authentication relies upon the proper verification of alleged identity - prove to the privacy guard who you are so that your profile can be assessed as to whether or not you have the appropriate rights to access that critical, sensitive information.
Therefore, with my understanding of how to convert identity into access to privacy, I would suggest an addendum to your maturity model:
1. Data Protection
Place the data under the strongest, state of the art lock and key, coupled to an authorization engine that converts identity to a profile and policies to access the data.
2. Authentication
This is the complete process of proving identity. Using a set of identifier acqusition systems, the alleged user steps through a number of challenges to prove his/her identity which requires a percentage of accuracy that matches the level of protection required for the information to remain private, i.e., for certain eyes only for a certain amount of time. This process requires tight coupling to the authorization and reporting/auditing in order for the information owners to know who is accessing what, when, where, why, and how. Once identity is assured (to a certain sigma - from six sigma vernacular), the authenication approval leads to the next section, data sharing. Effective authentication requires a federated identity management ecosystem to exist, where "trust" can be shared among organizations. In turn, federated authentication follows from the trust among these organizations, first from the point of view of culture, working processes, and finally technology. However, where in federation does the concept of fail-safe lie wrt authentication. How deep does that trust go, and how deep is it "programmed" into an organization's policies?
3. Data Sharing
This process actions the authentication approval or credential to a set of policies that govern the privacy. Now the system knows exactly who is requesting access, data sharing leverages the authorization policies to see exactly what portion, if any, of the privacy can the authenticated user access, for how long, on what display/device, during which time intervals, and at what location These are equivalent to the concept of considerations in traditional digital rights management. Moreover, the policies should have a section that assesses whether authenticated user and/or their role have the "right" to retain a copy, for how long, on what device/display/format, where to store, etc. An important aspect of data sharing is this retention policy. For example, the biggest problem today in consumer privacy issues is that the consumer is not aware who or what organization has what portion of their critical and sensitive information, how accurate are those copies, etc. More importantly, there is no mechanism for the consumer to automatically delete the information from these distributed datastores. Data sharing is about control and storage, and aging of critical, sensitive information by and to authenticated users.
4. Data Rejection
Imho, data rejection is a sub-process of data sharing since it is one of the "commands" that result from assessing the access profile of the authenticated user against the sought after privacy information. Anonymity is truly impossible if authentication of users to access privacy is effective. There is no room for anonymity in privacy data access; however, there are some uses in data sharing, not necessarily privacy, that do not require any or some identity verification and validation, e.g., accessing news sites, accessing free-websites that are offering free access to some product or service, etc. The real question is, "Can anonymity be realized in an all-digital organization, society, government? What place does anonymity have on the Internet?"
Toby, I do hope this helps. I am quite interested in your feedback. I am posting my thoughts on digital identity and privacy on my blog entitled, "Names, traits, and trails" at http://robmarano.blogspot.com. I welcome an open discussion on this.
Best wishes on the EPG. Please let me know how I can be of assistance. I know quite a number of people that would be interested in this both in the UK and the US! I spent almost 8 years in the UK working in infrastructure management in the City...
I totally support your efforts in the need and public definition of a maturity model for privacy and identity. You have my support! I'll start to disseminate this at my monthly meetings on the topics in NYC. I run the NY Digital Identity MeetUp. More info at http://digitalid.meetup.com/3
I'd love to hear your feedback...
Thanks for the opportunity to post to your blog...
Warmest regards,
Rob
--
(I-Name) http://public.xdi.org/=Rob.Marano
++
++ The NY Digital Identity MeetUp Group http://digitalid.meetup.com/3
++
posted by Rob Marano @ 8:00 PM
11 Comments:
hi.. just droppin’ by your site.. it’s really cute… nice work!
nda pharmacy
wholesale jewelry
http://scooter.just2buy.com scooter
teen sex movie
free paris hilton video
http://wholesale-sterling-silver-jewelry.just2buy.com wholesale sterling silver jewelry
kimbo fight video
http://kay-jewelry.just2buy.com kay jewelry
columbian exchange
http://jewelry-supply.just2buy.com jewelry supply
http://rifle-stock.just2buy.com rifle stock
scooter verucci
aafes exchange
breyers ice cream
http://gambling-horoscope.just2buy.com gambling horoscope
Save your time, please.
http://ween-tabs.ezseeu.org ween tab
s
iron maiden bass tabs
http://megadeth-tabs.ezseeu.org megadeth tabs
kos pharma
watson pharma
http://ozzy-tabs.ezseeu.org ozzy tabs
pharmacare direct
http://avenged-sevenfold-guitar-tabs.ezseeu.org avenged sevenfold guitar tabs
elliot smith tabs
rascal flatts guitar tabs
darkest hour tabs br/>>
peregrine pharmaceuticals
http://rancid-bass-tabs.ezseeu.org rancid bass tabs
stresstabs
pharmacologist
Hi! Nice forum robmarano.blogspot.com! Thank you!
hydrocodone
http://www11.asphost4free.com/tramadolrx/Tramadol.html tramadol tramadol
All free
free email
free one
free greeting card
free pumpkin pattern
free web layout
free hardware
free sudoku
free ware
;-)
Hi Blog mate!!
I hope you don't mind me blogging anonymously like this. I thought the blog was really cool. I am also into bonus casino free money online.
I found another interesting website blog at http://gamblingwebsites.blogspot.com. I am constantly looking for ways of making extra money online and think that online gambling could be a way of doing that.
Cheers for now and keep up the good work!
Try linkreferral.com - free website traffic generating and promotion program
Hello all
Good site www.blogger.com, thank you!
Buy generic levitra online
Buy propecia http://site.voila.fr/usmeds/buy_propecia.html buy propecia [url=http://site.voila.fr/usmeds/buy_propecia.html]buy propecia[/url] http://asian-rape.col.nu asian rape [url=http://asian-rape.col.nu]asian rape[/url] Buy maridia http://site.voila.fr/usmeds/buy_meridia.html buy meridia [url=http://site.voila.fr/usmeds/buy_meridia.html]buy meridia[/url] http://incest-stories.pa.kz/ incest stories [url=http://incest-stories.pa.kz/]incest stories[/url] Generic levitra http://site.voila.fr/usmeds/generic_levitra.html generic levitra [url=http://site.voila.fr/usmeds/generic_levitra.html]generic levitra[/url] http://interracial-porn.ar.vg/ interracial porn [url=http://interracial-porn.ar.vg/]interracial porn[/url]
A humankind who dares to waste anyone hour of every now has not discovered the value of life.
[url=http://www.playa.info/playa-del-carmen-forum/members/rhughes.html#vmessage1323]Linda[/url]
Jake
Generic Viagra is a prescription drug that takes care of the physical dilemma of erectile dysfunction in men. Sildenafil citrate is the major component of generic viagra pills that dilates the arteries in the penis and allows filling of blood in small spaces of penis that hardens and gets erect.Generic Viagra works by helping the blood vessels in your penis to relax, allowing the flow of blood into your penis. The result of this is improved erectile function. Generic Propecia is a medication used for the treatment of prostate cancer and pattern baldness in men. It is the main ingredient in two drugs – Proscar for prostate cancer and Propecia for pattern baldness. Viagra has been clinically shown to improve erectile function even in men who had diabetes or prostate surgery. The pill contains this component that helps increase blood flow to the penis and may help men with ED get and keep an erection satisfactory for sexual activity.Generic Cialis is slightly different from the other erectile drugs available in the market as it may work up to 36 hrs after dosing. Generic Levitra orks along with sexual stimulation to help achieve an erection when taken 30 to 60 minutes before sexual activity.
A gink begins sneering his discernment teeth the earliest chance he bites eccentric more than he can chew.
To be a adroit benign being is to procure a kind of openness to the mankind, an gift to trust aleatory things beyond your own control, that can front you to be shattered in uncommonly outermost circumstances pro which you were not to blame. That says something very impressive with the get of the principled passion: that it is based on a trust in the fitful and on a willingness to be exposed; it's based on being more like a spy than like a prize, something fairly feeble, but whose extremely precise attraction is inseparable from that fragility.
Distress ferments the humors, casts them into their right channels, throws substandard redundancies, and helps species in those hush-hush distributions, without which the solidity cannot subsist in its vigor, nor the incarnation dissimulate with cheerfulness.
Post a Comment
<< Home