[OpenID] liability issues

Smedinghoff, Tom Smedinghoff at wildman.com
Mon Sep 21 03:27:46 UTC 2009 

If anyone is interested, the American Bar Association has recently formed a Federated Identity Management Task Force that is starting to look into the legal issues raised by IdM (http://www.abanet.org/dch/committee.cfm?com=CL320041).

I'm co-chair of the ABA Federated Identity Management Task Force, along with Jane Winn (Prof at U. of Washington Law School), and David Whitaker (attorney with Wells Fargo Bank).  We are also working with Liberty Alliance (which is currently hosting our listserv -- you can sign up at http://lists.projectliberty.org/mailman/listinfo/FIMAC_lists.projectliberty.org).

Also, a paper I wrote as a starting point for the legal analysis - titled "Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate" - is now available at http://ssrn.com/abstract=1471599

Tom


Thomas J. Smedinghoff
Wildman Harrold
225 W. Wacker Drive
Chicago, Illinois 60606
Phone: +1 312-201-2021
Fax:  +1 312-416-4773
smedinghoff at wildman.com<mailto:smedinghoff at wildman.com>
www.wildman.com/smedinghoff<http://www.wildman.com/smedinghoff> <http://www.wildman.com/>



________________________________
From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Peter Williams
Sent: Sunday, September 20, 2009 2:03 PM
To: John Bradley
Cc: openid General
Subject: Re: [OpenID] liability issues

For those less fortunate than Board members, the rest of us may have  to make do with

http://www.abanet.org/scitech/ec/isc/dsgfree.html

It's really out of date and focuses on users, RPs and CAs relying on certificates, cert chains, and registered names (vs relying on assertions, XRD sequences, and claims). But in an 80:20 world of low assurance, it's probably still great for the 80% case. It's not as if the principles of fraud have really changed in 400 years.

The main purpose of the DSG was to provide a judicial reference : well researched issues with which to frame the process of forming judgments. In its day, it assumed the clueless judge : which may no longer be a valid assumption.

It's not a study of liabilities in the area of assertions, self-certifications, or policy based governance through audit verification by a registry (that's been done many times before, over the last 20 years). It's a study in the art of controlling liability as a TTP (read IDP). Much of the art went into the design of the VeriSign CPS, whose liability control systems have changed little in 10 years

About the only thing that has really changed is the role of the RP which -- in infocard-land -- is now instrumental in picking cards (since it sets the claim requirements, including requirements for trust-level assertions from particular schemes).

From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Sunday, September 20, 2009 11:38 AM
To: Peter Williams
Cc: openid General
Subject: Re: [OpenID] liability issues

Legal review of the TFP documents and issues is ongoing.

I don't know when the board will circulate results publicly.

John B.

On 2009-09-20, at 2:20 PM, Peter Williams wrote:


"The foundations jointly hired John Bradley<http://thread-safe.livejournal.com/> to develop profiles for the two technologies. They also hired the same lawyer to look at liability issues." [http://self-issued.info/?p=216]

Is the legal work available for review, or it is all confidential?
_______________________________________________
general mailing list
general at lists.openid.net<mailto:general at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-general


DISCLAIMER:
This communication, along with any documents, files or attachments, is intended only for the use of the addressee and may contain legally privileged and confidential information. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of any information contained in or attached to this communication is strictly prohibited. If you have received this message in error, please notify the sender immediately and destroy the original communication and its attachments without reading, printing or saving in any manner. This communication does not form any contractual obligation on behalf of the sender or Wildman, Harrold, Allen & Dixon LLP.  Unless expressly stated otherwise, any tax advice in this message is not intended or written to be used, and cannot be used by a taxpayer, for the purpose of avoiding penalties that may be imposed on the taxpayer.  Please consult your tax attorney regarding the form of tax advice that may be relied upon to avoid penalties under the Internal Revenue Code. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090920/2176742d/attachment-0001.htm>

More information about the general mailing list