[WG-UMA] SURVEY: Glossary Project

[Adrian Gropper]

This survey is intended to help the Glossary Group identify the diversity of uses of key terms in the decentralized identity ecosystem. These terms and questions came out of an initial survey of the broader DIF community.  The group will explore more terms in the future.

https://docs.google.com/forms/d/e/1FAIpQLScN03kK-pWHzRX12RplthFKaRnJl3syAEk8lq_RaFHzKAM1yw/viewform?usp=sf_link

This invite is being cross-posted to other lists. Feel free to share with folks that might be specifically interested or email me with suggested others as we want to avoid spamming the same lists.

Thanks,

--

Adrian

[SmartMail]

Hi Adrian, 

In 2005 I wrote a paper called the Master Controller Access Framework for people to have an operator that operated on their behalf.  

It seems to me, all these years later that this might be a missing element in the agent discourse - as an agent, operator, and wallet are all missing that power dynamic that you are getting at (IMO) 

What’d ya think?  Master Controller Agent or Operator, Controlling Agent,  etc.  Puts people at the top of the hierarchy and clearly identifies liability ? . 

- Mark 

[Adrian Gropper]

Hi Mark,

There are many names for an authorization server with a fiduciary relationship to one individual. The hard thing is bringing standards to market that will be adopted. 

Much of the energy is still focused on the false hope of data brokerage. Brokers have split responsibility to multiple parties. Brokers see themselves as “making” a market. There’s nothing wrong with that but, in practice, the brokers want to grab the role of authorization server and undermine the fiduciary principle and the standards that enable that.

Adrian 

--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.

DONATE: https://patientprivacyrights.org/donate-3/

[ma...@smartspecies.com]

Thanks for the explanation Adrian.. 

I see what you mean - this issue comes up a lot now days in different communities.  What if …. 

For Fiduciary Role - this Master Controller works very well IMO - using the word agent (which is the word of the broker) I think doesn’t help - but - indicting that the liability and responsibility for controlling personal data on a data subjects behalf, is placed with a controller (on top of their existing legal obligations) I think makes a lot of sense - and it basically uses a legal term that is recognised internationally for privacy.  Controller .. 

In application, it seems that with this fiduciary legal distinction then the  Master Controller’s -  Agent or Operator, (would have that fiduciary role) .

How would define this enhanced obligation or role for a personal data controller?  

Master Controller :  Has the additional fiduciary role of controller personal data, making personal data decisions on behalf of a data subject or group of data subjects, and is designated a Master (Data or PII) Controller designating this fiduciary role, which should be linked to the fiduciary governance framework/agreement/code of conduct etc. 

- Mark

_______________________________________________
WG-UMA mailing list
WG-...@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma

[Adrian Gropper]

I don’t think the name:  controller (GDPR uses), agent (implies delegation), or authorization server (technical) matters that much. All three aspects mix and match in real life. Adding Master to any of them can help in the sense of being the top of the delegation chain (closest to the human / biometric) or the root private key in a hierarchy).

Adrian

[SmartMail]

Yeah..  

So for delegation, in a Guardian use case - the 'Master Controller’ provides explicit consent - using a mobile application . AKA - a parents health care application to on-board the application - which has the technical role of authorising the function that provides and withdraws consent.  They have that fiduciary obligation, and in this role, has the authority to use this application (verified by the school and perhaps the child).  So the Parent - with the real world fiduciary authority of a legal guardian uses this -application (aka client) that authorises the parent as the master controller and acts technically on behalf of the parent, to consent to share a medical condition with a teacher.  

The number one rule is that all of this information is not shared with any third parties - including insurer’s - and any breach of this - the Fiduciary(aka the parent - via the app) must be notified with in 1 hour.  

 

Is this sort of what you mean by the delegation (aka authorisation) chaining ? 

[Adrian Gropper]

Maybe. Delegation is simply acknowledging that each controller is part of a chain of controllers. As you follow the chain, the scope or power decreases.  Delegation can be on the basis of identity, credentials (role), or capability and a combination of these. 

Adrian

[susan morrow]

I'm jumping in having not read all of the thread (too busy)  but I have a query that I myself have been thinking about for ages

How do you prevent  delegation created using coercion or force? Might not have an answer really, or at least only a part answer (I have my own views of course)

Susan Morrow

Head of R&D Avoco Identity

@avocoidentity

www.avocoidentity.com

T: 07917507826

Avoco Secure are providers of Cloud Identity, Security and Privacy solutions.

Registered Office: Avoco Secure Ltd., 16 St. Martin's-le-Grand, London EC1A 4EE. Company number : 04778206 - Registered in England and Wales.

[Adrian Gropper]

Susan, 

I agree that there’s no good answer but we should not fall into the trap of confusing security and privacy. What you describe is typically a security problem. Security, as defined by NIST, deals with hacks, breaches, bugs, exceptions. Privacy, per NIST, deals with things that work as designed. 

Rubber hose cryptography is a security issue in my book.

Adrian

[susan morrow]

Well, I'm not sure this is just a security issue Adrian...Not sure how you move from coercion to hacking? I'm talking about a person (maybe a partner or sibling or child) forcing another person (like their partner or sibling or parent) to hand over rights to act on their behalf.

It might even be as simple as the old chestnut, men like to control tech and women just shrug their shoulders and hand over the remote control because they cant be arsed to argue (just sayin')

I'd say it was a design issue, a legal problem, and a societal one too

The security issues... (I'm quite aware of the difference between security and privacy, I worked in cybersecurity and more lately identity and privacy, for about 25 years or so, but thanks for explaining just in case I wasn't aware 😐 )

Merry Winter Solstice 

[ma...@smartspecies.com]

The Master Controller - has the Fiduciary responsibility of children, schools and community. This is really important, and, should be apart of measuring the performance of the master controller and capture these data points in the relationship. 

Merry Solstice - :-)

[Adrian Gropper]

There are technical privacy things that could be done mitigate the intimate partner violence situation. Can we invent alternatives to the remote control? Some of these mitigations look like surveillance. Yow can add cameras to witness the rubber hose attack and then hold the man accountable. We have child abuse mandates on health professionals, for example. Unfortunately surveillance creates privacy compromises. Figuring out alternatives that do not compromise privacy is really hard but I agree with you that we should keep trying.

Merry Solstice!

[susan morrow]

Have you seen the work of Leonie Tanczer, et.al., into the IoT and informed consent: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3117293 - it's a nice breakdown of the issues

Her team have a lab that explores the possibilities.

I like the idea that the Me2BA will be able to cover this most nuanced of areas and maybe simplify it so that people can make informed choices and can reduce their risk - it's all about risk reduction after all.

I am looking forward to the coming of the light very much - it is 3:30pm here and like bloody midnight virtually

I'm off to get me broomstick and fly off into the moonlight 

[SmartMail]

So, 

I think you are right to make a big stink about this Adrian.  How is it possible for us to collaborate and build things that empower people if we dont have a clear and common name for the entity with the fiduciary responsibility  (rules) for that data subjects data control.   (Let alone - delegating that control and provenance to devices and systems in a way that is secure for people)  

I followed this thinking of measuring the performance of the fiduciary - and this issue came to mind,( which people on this list will likely recognise. ) 

Does it depend on wether the fiduciary is making decisions for my  data (on my child’s data) on my behalf, or am I using a fiduciary tool to make my decision (or Childs decisions) ?   It seems that these are dramatically different close up (in practice as you say Adrian)  - but stand back 5 feet and they look the same.  e.g. like consent and permission - they seem like they are the same until you get up close (and look at where the fiduciary sits for the DS)

- Mark