[Openid-specs-heart] HEART meeting notes 2015-03-09

Debbie Bucci debbucci at gmail.com
Tue Mar 10 11:17:10 UTC 2015 

 Roll call stats

https://bitbucket.org/openid/heart/wiki/Roll_Call

21 in attendance - 10 members

Listserv count :93
HIMSS F2F details

We will meet in room N138 in the Convention Center on Wednesday, April 15
from 9am – 12pm (Central). The room is set up in a U shape for 25 with
perimeter seating for 15. There should be a podium, screen, projector, and
microphone available.
PRIVO - demonstrate/discuss Delegation/Parental consent flows for COPPA

Debbie introduced the topic. At IDESG about a month ago, PRIVO (“PRY-vo”,
for privacy) gave a great demo on their work in this area.

Steve Greenberg has been working with Denise Tayloe at PRIVO since the
beginning of the NSTIC project. He’s glossing over “identity is hard” and
“consent is hard” topics, assuming we get it.

PRIVO came out of the COPPA (Children’s Online Privacy Protection Act)
market, putting parents in control of information about their kids online
-- not enterprise, and not self-consent. It’s a delegated consent model. A
kid might not have an email address and so on, which an adult would be
expected to have. Consent interactions make an assumption that the operator
is allowed to consent, which don’t hold in the COPPA market. You don’t want
to induce kids to lie or get around the system. You want to make it easy
for them to do the right thing. There’s a sliding scale of verification,
proportional to the privacy risk. Higher risk means demonstrating control
of a financial credential, for example.

If you have a web or mobile property and someone just tried to “do
something”, are they allowed to do it? They key question is “how old you
are” -- COPPA makes that cutoff be “under 13”. PRIVO finds the person who
needs to grant consent for it.

PRIVO has an NSTIC grant. As part of this, there is a Minors Trust
Framework (MTF), a PRIVO iD (a federated identity based on OIDC, and also
supports SAML), which is a free service for consenting to MTF-approved and
COPPA-compliant services, and an educational initiative, Online Privacy
Matters/Privacy on Patrol Squad (POPS).

The tough part is finding parents, having them prove they are who they say
they are, etc. PRIVO handles this part, making it easy to obtain
“verifiable consent” and providing widgets for parent login etc. This lets
their customers concentrate on their core competency. PRIVO also
pseudonymizes across services.

When a new underage user provides a parent email address, there’s a “parent
with me” path where the kid goes and gets the parent, the kid can print a
form that the parent can fill out or follow a URL, or the kid can provide
an email address so that the parent gets a message. A “shadow account”
option provisions a parent account that essentially tracks the kid’s
account if created on a mobile device or something. This is good when there
are many, many accounts already extant.

The kid’s account is activated as soon as the request to the parent is
sent. But the kid doesn’t have the ability to share PII publicly. The PRIVO
customer doesn’t want to lose the kid’s business, so there’s the ability to
do a limited number of things in the meantime.

Data attributes associated with the site features have a notion of low or
full verification. There are also standard and optional features. Standard
features have to be agreed to in order to use the service at all, whereas
optional features can be denied consent.

MyPRIVO is a central location that helps you manage consent across all of
the locations, for multiple kids and multiple services.

*AI:* Debbie ask for slides

*AI:* Debbie to poll group to see if they would like to hear more about
their multi generational TF
Eve Maler - handling Custodianship options in and around UMA

http://openid.net/wordpress-content/uploads/2015/03/UMA-custodian-thoughts-2015-03-09.pdf

Eve presented a slide deck with three potential architectural options, two
“in” and one “outside of” UMA, that try and bring the benefits of
user-managed access (lowercase and uppercase) to those who aren’t entirely
competent to consent. The two “in” UMA are fairly complementary with the
PRIVO demos, and seem to benefit from standardized scopes and trust
frameworks.

Justin comments that the flipping around of who is the resource owner and
who is the requesting party in this analysis is a really important concept
to play around with.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20150310/90935f4d/attachment.html>

More information about the Openid-specs-heart mailing list