Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Data Ownership/Control
    1. Who owns/controls data
      1. In a combine harvester or vehicle (truck, automobile, motorcycle), is the data owned by
        1. the manufacturer
        2. dealer
        3. service provider (e.g., maintenance/repair shop)
        4. harvester/vehicle owner
        5. each harvester/vehicle user
          1. employees
          2. clients
          3. prospective buyers
          4. family members
          5. friends
        6. other passengers (e.g., others whose GPS locations also become known)
          1. what happens when you pick up a stranger (hitch-hiker) or give a ride to the airport to an unknown colleague met at a conference
        7. a third-party who provides the sensor to support a service, such as
          1. disseminating aggregated data as a subscription service
          2. collecting driver behavioral data to determine insurance rates?
      2. from a data transaction that requires the interaction of multiple devices owned/controlled by multiple parties?
      3. when a device is sold?
  2. Consent
    1. Whose consent will be required for interactions that involve numerous sensors, controllers, and reporting devices
      1. For example,
        1. If an auto manufacturer owns data collected by a vehicle, will it require consent from the vehicle owner and service provider?
        2. Will each user be required to provide consent for data generated while they are driving?
      2. the same concerns apply to determining
  3. Data Ownership/Control/Consent Contracts
    1. NOTE: While the above issues can be managed by contract law, should there be an default data ownership/control model ?
      1. The rationale for such a model is that current contracts (e.g., privacy policies, web site terms of use) are one-sided that the negotiation asymmetry may be considered unfair.
  4. Identity discovery
    1. What attributes would an identity registry need to maintain to be of use to people or devices seeking sensor or controller devices to integrate into a solution
      1. For example,
        1. weather sensors
        2. traffic sensors
        3. location tracking sensors
        4. security sensors
        5. weather alerts
        6. traffic alerts
        7. location tracking alerts
        8. security alerts
    2. Will owners/users have the ability to prevent their devices from being discovered?
      1. Will they have some selectivity about who can discover their devices?
      2. Will they have some control over who can interrogate their devices?
  5. Identity impersonation
    1. How will devices preclude impersonation of the other devices with which they exchange data?
    2. Will each device that might generate, process, or report on private, sensitive, or confidential data be required to provide its own IAM capabilities to prevent fraudulent use?
    3. Will devices be required to develop usernames and passwords to interact with other devices? (How does my calendar system access a GPS system for my child's school bus, to minimize her waiting in the cold on a snowy day when traffic is behind schedule?)
      1. If so, who sets the username/password or other criteria?
      2. How will this information be stored securely?
      3. How will it be modified/updated?

References

ISO 19770 Syllabus

 

http://www.sassafras.com/iso/19770Syllabus.pdf 

 

SWID Schema

XML schema for ISO/IEC 19770 Software ID Tags

http://standards.iso.org/iso/19770/-2/2009/schema.xsd 

 

NIST IR 7693

Specification for Asset Identification

http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf 

 

NIST IR 7695

Common Platform Enumeration: Naming Specification Version 2.3

http://csrc.nist.gov/publications/nistir/ir7695/NISTIR-7695-CPE-Naming.pdf 

 

NIST IR 7696

Common Platform Enumeration : Name Matching Specification Version 2.3

http://csrc.nist.gov/publications/nistir/ir7696/NISTIR-7696-CPE-Matching.pdf 

 

NIST IR 7697

Common Platform Enumeration: Dictionary Specification Version 2.3

http://csrc.nist.gov/publications/nistir/ir7697/NISTIR-7697-CPE-Dictionary.pdf 

 

NIST IR 7698

Common Platform Enumeration: Applicability Language Specification Version 2.3

http://csrc.nist.gov/publications/nistir/ir7698/NISTIR-7698-CPE-Language.pdf 

 

IETF RFC 2578

Structure of Management Information Version 2 (SMIv2)

http://tools.ietf.org/html/rfc2578 

 

ITU-T X.672

Object identifier resolution system

http://www.itu.int/rec/T-REC-X.672-201008-I 

 

ITU-T X.660

Procedures for the

operation of object identifier registration

authorities: General procedures and top arcs of

the international object identifier tree

http://www.itu.int/rec/T-REC-X.660-199209-S/en 

 

ITU-T OID Flyer

“Object Identifiers and their Registration Authorities: Your Solution to Identification”

http://www.itu.int/dms_pub/itu-t/oth/0B/04/T0B040000482C01PDFE.pdf 

 

ISO 26324:2012

Digital object identifier system

http://www.iso.org/iso/catalogue_detail?csnumber=43506