Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

authorization

Thoughts on the National Strategy for Trusted Identities in Cyberspace

· · 1 Comment

Update: This blog post was written while reading the first draft released in the Summer of 2010. A lot changed from then to the publishing of the document in April 2011.
Here is my answer to the NSTIC Governence Notice of Inquiry.
And an article I wrote on Fast Company: National! Identity! Cyberspace! Why you shouldn’t freak out about NSTIC.
Interestingly in paragraph two on the White House blog it says that NSTIC stands for “National Strategy for Trusted Initiatives in Cyberspace” rather than “National Strategy for Trusted Identities in Cyberspace”.

This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

[Read more…] about Thoughts on the National Strategy for Trusted Identities in Cyberspace

Pushing and Pulling with XDI

· · Leave a Comment

So there has been this whole fullry of activity on the list about pull vs. push. Guess what – XDI can do both. …oooo… I found this quote while pulling apart ancient identity commons presentations for the 2.0 version that I am presenting next week at the W3C workshop.

Today on the internet html links are essentially one-way “strings” that connect the two documents, allowing the linked document to be “pulled” down into a browser.
Links using XDI change this one way static dynamic by creating a two-way “data-pipe” through which data can actively flow in either direction (“push” or “pull”). This flow can be controlled automatically by “valves” on either end called XDI link contracts.
Like real-world contracts, link contracts are flexible enough to address virtually any aspect of data authority and control. They can govern:
Authority: Who controls the data being shared via the contract?
Authentication: How will each party prove its identity to the other?
Authorization: Who has what access rights and privileges to the data?
Privacy and usage control: What uses can be made of the data and by whom?
Synchronization: How and when will the subscriber receive updates to the data?
Termination: What happens when the data sharing relationship is ended?
Recourse: How will any disputes over the data sharing agreement be resolved?