Concepts of Identity within the Internet of Things
Version: 0.03
Archives of this paper: http://kantarainitiative.org/confluence/display/IDoT/Concepts+of+Identity+within+the+Internet+of+Things
Change history: draft 0.1Ingo Friese;….;… 01 Ingo.Friese@telekom.de
Anchor | ||||
---|---|---|---|---|
|
Issues
- Data Ownership/Control
- Who owns/controls data
- In a combine harvester or vehicle (truck, automobile, motorcycle), is the data owned by
- the manufacturer
- dealer
- service provider (e.g., maintenance/repair shop)
- harvester/vehicle owner
- each harvester/vehicle user
- employees
- clients
- prospective buyers
- family members
- friends
- other passengers (e.g., others whose GPS locations also become known)
- what happens when you pick up a stranger (hitch-hiker) or give a ride to the airport to an unknown colleague met at a conference
- a third-party who provides the sensor to support a service, such as
- disseminating aggregated data as a subscription service
- collecting driver behavioral data to determine insurance rates?
- from a data transaction that requires the interaction of multiple devices owned/controlled by multiple parties?
- when a device is sold?
- In a combine harvester or vehicle (truck, automobile, motorcycle), is the data owned by
- Who owns/controls data
- Consent
- Whose consent will be required for interactions that involve numerous sensors, controllers, and reporting devices
- For example,
- If an auto manufacturer owns data collected by a vehicle, will it require consent from the vehicle owner and service provider?
- Will each user be required to provide consent for data generated while they are driving?
- the same concerns apply to determining
- For example,
- Whose consent will be required for interactions that involve numerous sensors, controllers, and reporting devices
- Data Ownership/Control/Consent Contracts
- NOTE: While the above issues can be managed by contract law, should there be an default data ownership/control model ?
- The rationale for such a model is that current contracts (e.g., privacy policies, web site terms of use) are one-sided that the negotiation asymmetry may be considered unfair.
- NOTE: While the above issues can be managed by contract law, should there be an default data ownership/control model ?
- Identity discovery
- What attributes would an identity registry need to maintain to be of use to people or devices seeking sensor or controller devices to integrate into a solution
- For example,
- weather sensors
- traffic sensors
- location tracking sensors
- security sensors
- weather alerts
- traffic alerts
- location tracking alerts
- security alerts
- For example,
- Will owners/users have the ability to prevent their devices from being discovered?
- Will they have some selectivity about who can discover their devices?
- Will they have some control over who can interrogate their devices?
- What attributes would an identity registry need to maintain to be of use to people or devices seeking sensor or controller devices to integrate into a solution
- Identity impersonation
- How will devices preclude impersonation of the other devices with which they exchange data?
- Will each device that might generate, process, or report on private, sensitive, or confidential data be required to provide its own IAM capabilities to prevent fraudulent use?
- Will devices be required to develop usernames and passwords to interact with other devices? (How does my calendar system access a GPS system for my child's school bus, to minimize her waiting in the cold on a snowy day when traffic is behind schedule?)
- If so, who sets the username/password or other criteria?
- How will this information be stored securely?
- How will it be modified/updated?