[Openid-specs-heart] The Number and Ownership of Authorization Servers.

Aaron Seib aaron.seib at nate-trust.org
Tue Dec 15 20:45:06 UTC 2015


Just like I have only one true identity – my privacy preferences (represented in a computational form at Time T as a set of standard configured rules) have one and only one accurate representation.  The more times that representation is modeled and stored the more opportunities for error.  I don’t think the representation for one person should be distributed.  There will likely be several AS containing multiple persons representations of their privacy preference distributing the processing requirements broadly but I fear the notion of a user being required to go to multiple places to make sure their preferences are updated.

 

I don’t hate the idea of there being multiple instances of my AS existing across the network but as a user I need to have one place to go to record my current preferences and update them as they change.  

 

If your replication process makes an error in duplicating those preference it should be on you and not me and if I am harmed as a result you should own the liability for my demonstrable damages.  I (or the husband of an active duty fighter pilot) should not be held holding the bag because your replication place didn’t take place and the disclosure happened before you got the update.  

 

That said it seems reasonable and in good faith for me to agree to use the Schleps safeguards if I am concerned about it but it should not get him off the hook if he gets it wrong – at least that is what I would think a person would likely perceive as a privacy concern.

 

To the Schleps of the world! Excelsior!  J

 

Aaron Seib, CEO

@CaptBlueButton 

 (o) 301-540-2311

(m) 301-326-6843



 

From: Debbie Bucci [mailto:debbucci at gmail.com] 
Sent: Tuesday, December 15, 2015 3:10 PM
To: Aaron Seib
Cc: Eve Maler; openid-specs-heart at lists.openid.net
Subject: Re: [Openid-specs-heart] The Number and Ownership of Authorization Servers.

 

Yes I believe ...some poor schlep is going to be on the hook for keeping his AS replicated with the one I designated because of  “Policy”

 

AND  (ideally) 

 

The trusted  application that you are familiar designate (Bill's source of truth) would/should trigger/drive the updates.   

 

Perhaps a schlep provide UI to verify update and changes (and trigger receipts of those update)  -  would be considered a safeguard.

 

Given your experience with PHRs - you know best - there maybe one source of truth for Healthcare data today but with IOT and other yet to be determined innovations -  I still believe (under the covers) it will be distributed in nature.

 

Understanding that going in may impact some of our decisions.   

 

 

 

 

 

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2016.0.7294 / Virus Database: 4483/11177 - Release Date: 12/14/15

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151215/b3c3c74a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3142 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20151215/b3c3c74a/attachment.jpg>


More information about the Openid-specs-heart mailing list