Technology Solutions for Use Attribute Control (W2B)
Session Topic: Technology Solutions for User Attribute Control (W2B)
Convener: Naomi Lefkovitz
Notes-taker(s): Judy Spencer
Tags for the session - technology discussed/ideas considered: Privacy Provisions in Trust Framework Evaluation; User Control; Opt-in
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Current technology solutions don't allow user control of what attributes provided to a reying party → or there is no granularity allowing users to select which go over.
Info card would permit this – but not really a player anymore.
OpenID had this at one time but found users got confused and completion rates dropped.
The market wants correlatable identifiers so producing an environment where users decide is contrary to market acceptance.
Is the application of a 'TrustE' type of certification to ensure no misuse of information pertinent?
Maybe there can be a warning when a relying party asks for unnecessary attributes.
The real problem is that the primary LOA 2 solution is SAML but SAML doesn't support user attribute control.
OpenID Connect will support user consent.
Personal Data Ecosystem Landscape (Kaliya's slide) may offer a solution by giving user control over which attributes get released.
This may be a paradigm shift.
It is being built today. Individual owns data, sets release rules.
Infrastructure must be written in a non-proprietary way.
Another issue is the NSTIC notion that the IDP not know how data is used and by whom. This may be overcome by user/data locker contract.
OpenID Connect introduces Relying Parties to personal data lockers.
Level 1 should be separated from Levels 2 and higher – contract may not be needed at Level 1. Definitely needed at Level 2 and higher.
How do we get from here to the brane new world?
The privacy requirements are a work in progress. They can be modified if there is a viable alternative.
Human nature paradox → too much choice causes shutdown.
Can we change defaults for different demographics?
Is it possible to design a user interface so that the actions of the user can drive questions asked?
We have to watch how we scale this so there is no need to establish pair-wise relationships between relying parties and data stores.