[OpenID] general Digest, Vol 37, Issue 43
Don Thibeau
don at oidf.org
Mon Sep 21 05:21:39 UTC 2009
Since the first request from the US GSA, legal counsel for the development of open trust frameworks has been a shared cost and evolving undertaking by the OpenID and Information Card Foundations.
This is indicative of three factors
.
One: the desire of both boards to collaborate on a community wide approach that builds on pioneering work at In Common and an ongoing interaction with the US GSA ICAM
Two: the need for efficient and effective sharing of legal costs and subject matter expertise of thought leaders from the community and companies like Andrew Updegrove,Mary Ruddy, Rolf Bienert, Tim Sparapani, Mary Rundle and others.
Three: an ongoing outreach to experts in the legal (e g liability) and policy arenas. These include, but are not limited to, the Berkman Center for Law and the Internet at Harvard, the Center for Democracy and Technology in Washington DC and others.
As mentioned in my earlier post, the pilot phase will test open identity protocols as well as open trust frameworks. As US CIO Vivek Kundra said to both boards; "This is a beta period where we must walk before we run." Community and company pilot participants are aware we have much work to do in technology; e g usability, security and interoperability as well as in policy e g liability, privacy, etc
These issues will be discussed at a number of open identity oriented events like the upcoming "Tao of Identity" workshop, IIW, etc.
The legal review for the OpenID and Information Card Foundations is ongoing and inclusive. As indicated we have solicited and welcome input from company and community legal expects.
To date, no significant decisions or OIDF Board votes have taken place regarding sharing legal reviews.
Don Thibeau ED OIDF
Don Thibeau
-----Original Message-----
From: openid-general-request at lists.openid.net
Date: Mon, 21 Sep 2009 03:34:33
To: <openid-general at lists.openid.net>
Subject: general Digest, Vol 37, Issue 43
Send general mailing list submissions to
openid-general at lists.openid.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.openid.net/mailman/listinfo/openid-general
or, via email, send a message with subject or body 'help' to
openid-general-request at lists.openid.net
You can reach the person managing the list at
openid-general-owner at lists.openid.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of general digest..."
Today's Topics:
1. liability issues (Peter Williams)
2. Re: liability issues (John Bradley)
3. Re: liability issues (Peter Williams)
4. Re: liability issues (Smedinghoff, Tom)
----------------------------------------------------------------------
Message: 1
Date: Sun, 20 Sep 2009 11:20:05 -0700
From: Peter Williams <pwilliams at rapattoni.com>
Subject: [OpenID] liability issues
To: openid General <general at openid.net>
Message-ID:
<BFBC0F17A99938458360C863B716FE463DCE11280F at simmbox01.rapnt.com>
Content-Type: text/plain; charset="us-ascii"
"The foundations jointly hired John Bradley<http://thread-safe.livejournal.com/> to develop profiles for the two technologies. They also hired the same lawyer to look at liability issues." [http://self-issued.info/?p=216]
Is the legal work available for review, or it is all confidential?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090920/cef256ed/attachment-0001.htm>
------------------------------
Message: 2
Date: Sun, 20 Sep 2009 14:38:16 -0400
From: John Bradley <ve7jtb at ve7jtb.com>
Subject: Re: [OpenID] liability issues
To: Peter Williams <pwilliams at rapattoni.com>
Cc: openid General <general at openid.net>
Message-ID: <F7DBFD6B-3055-463A-BC2F-A1DDBE323857 at ve7jtb.com>
Content-Type: text/plain; charset="windows-1252"; Format="flowed";
DelSp="yes"
Legal review of the TFP documents and issues is ongoing.
I don't know when the board will circulate results publicly.
John B.
On 2009-09-20, at 2:20 PM, Peter Williams wrote:
> ?The foundations jointly hired John Bradley to develop profiles for
> the two technologies. They also hired the same lawyer to look at
> liability issues.? [http://self-issued.info/?p=216]
>
> Is the legal work available for review, or it is all confidential?
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090920/e81e1329/attachment-0001.htm>
------------------------------
Message: 3
Date: Sun, 20 Sep 2009 12:03:18 -0700
From: Peter Williams <pwilliams at rapattoni.com>
Subject: Re: [OpenID] liability issues
To: John Bradley <ve7jtb at ve7jtb.com>
Cc: openid General <general at openid.net>
Message-ID:
<BFBC0F17A99938458360C863B716FE463DCE112810 at simmbox01.rapnt.com>
Content-Type: text/plain; charset="us-ascii"
For those less fortunate than Board members, the rest of us may have to make do with
http://www.abanet.org/scitech/ec/isc/dsgfree.html
It's really out of date and focuses on users, RPs and CAs relying on certificates, cert chains, and registered names (vs relying on assertions, XRD sequences, and claims). But in an 80:20 world of low assurance, it's probably still great for the 80% case. It's not as if the principles of fraud have really changed in 400 years.
The main purpose of the DSG was to provide a judicial reference : well researched issues with which to frame the process of forming judgments. In its day, it assumed the clueless judge : which may no longer be a valid assumption.
It's not a study of liabilities in the area of assertions, self-certifications, or policy based governance through audit verification by a registry (that's been done many times before, over the last 20 years). It's a study in the art of controlling liability as a TTP (read IDP). Much of the art went into the design of the VeriSign CPS, whose liability control systems have changed little in 10 years
About the only thing that has really changed is the role of the RP which -- in infocard-land -- is now instrumental in picking cards (since it sets the claim requirements, including requirements for trust-level assertions from particular schemes).
From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Sunday, September 20, 2009 11:38 AM
To: Peter Williams
Cc: openid General
Subject: Re: [OpenID] liability issues
Legal review of the TFP documents and issues is ongoing.
I don't know when the board will circulate results publicly.
John B.
On 2009-09-20, at 2:20 PM, Peter Williams wrote:
"The foundations jointly hired John Bradley<http://thread-safe.livejournal.com/> to develop profiles for the two technologies. They also hired the same lawyer to look at liability issues." [http://self-issued.info/?p=216]
Is the legal work available for review, or it is all confidential?
_______________________________________________
general mailing list
general at lists.openid.net<mailto:general at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090920/e59df2be/attachment-0001.htm>
------------------------------
Message: 4
Date: Sun, 20 Sep 2009 22:27:46 -0500
From: "Smedinghoff, Tom" <Smedinghoff at wildman.com>
Subject: Re: [OpenID] liability issues
To: 'openid General' <general at openid.net>
Cc: 'Peter Williams' <pwilliams at rapattoni.com>
Message-ID:
<1E4935492BF39A4F9E9A0A07B31ED1CB01D956D692 at SRVCH-EXCH.chicago.wildmanh.com>
Content-Type: text/plain; charset="us-ascii"
If anyone is interested, the American Bar Association has recently formed a Federated Identity Management Task Force that is starting to look into the legal issues raised by IdM (http://www.abanet.org/dch/committee.cfm?com=CL320041).
I'm co-chair of the ABA Federated Identity Management Task Force, along with Jane Winn (Prof at U. of Washington Law School), and David Whitaker (attorney with Wells Fargo Bank). We are also working with Liberty Alliance (which is currently hosting our listserv -- you can sign up at http://lists.projectliberty.org/mailman/listinfo/FIMAC_lists.projectliberty.org).
Also, a paper I wrote as a starting point for the legal analysis - titled "Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate" - is now available at http://ssrn.com/abstract=1471599
Tom
Thomas J. Smedinghoff
Wildman Harrold
225 W. Wacker Drive
Chicago, Illinois 60606
Phone: +1 312-201-2021
Fax: +1 312-416-4773
smedinghoff at wildman.com<mailto:smedinghoff at wildman.com>
www.wildman.com/smedinghoff<http://www.wildman.com/smedinghoff> <http://www.wildman.com/>
________________________________
From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Peter Williams
Sent: Sunday, September 20, 2009 2:03 PM
To: John Bradley
Cc: openid General
Subject: Re: [OpenID] liability issues
For those less fortunate than Board members, the rest of us may have to make do with
http://www.abanet.org/scitech/ec/isc/dsgfree.html
It's really out of date and focuses on users, RPs and CAs relying on certificates, cert chains, and registered names (vs relying on assertions, XRD sequences, and claims). But in an 80:20 world of low assurance, it's probably still great for the 80% case. It's not as if the principles of fraud have really changed in 400 years.
The main purpose of the DSG was to provide a judicial reference : well researched issues with which to frame the process of forming judgments. In its day, it assumed the clueless judge : which may no longer be a valid assumption.
It's not a study of liabilities in the area of assertions, self-certifications, or policy based governance through audit verification by a registry (that's been done many times before, over the last 20 years). It's a study in the art of controlling liability as a TTP (read IDP). Much of the art went into the design of the VeriSign CPS, whose liability control systems have changed little in 10 years
About the only thing that has really changed is the role of the RP which -- in infocard-land -- is now instrumental in picking cards (since it sets the claim requirements, including requirements for trust-level assertions from particular schemes).
From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Sunday, September 20, 2009 11:38 AM
To: Peter Williams
Cc: openid General
Subject: Re: [OpenID] liability issues
Legal review of the TFP documents and issues is ongoing.
I don't know when the board will circulate results publicly.
John B.
On 2009-09-20, at 2:20 PM, Peter Williams wrote:
"The foundations jointly hired John Bradley<http://thread-safe.livejournal.com/> to develop profiles for the two technologies. They also hired the same lawyer to look at liability issues." [http://self-issued.info/?p=216]
Is the legal work available for review, or it is all confidential?
_______________________________________________
general mailing list
general at lists.openid.net<mailto:general at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-general
DISCLAIMER:
This communication, along with any documents, files or attachments, is intended only for the use of the addressee and may contain legally privileged and confidential information. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of any information contained in or attached to this communication is strictly prohibited. If you have received this message in error, please notify the sender immediately and destroy the original communication and its attachments without reading, printing or saving in any manner. This communication does not form any contractual obligation on behalf of the sender or Wildman, Harrold, Allen & Dixon LLP. Unless expressly stated otherwise, any tax advice in this message is not intended or written to be used, and cannot be used by a taxpayer, for the purpose of avoiding penalties that may be imposed on the taxpayer. Please consult your tax attorney regarding the form of tax advice that may be r
elied upon to avoid penalties under the Internal Revenue Code.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090920/2176742d/attachment.htm>
------------------------------
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general
End of general Digest, Vol 37, Issue 43
***************************************
More information about the general
mailing list