...
- Data Ownership/Control
- Who owns/controls data
- In a combine harvester or vehicle (truck, automobile, motorcycle), is the data owned by
- the manufacturer
- dealer
- service provider (e.g., maintenance/repair shop)
- harvester/vehicle owner
- each harvester/vehicle user
- employees
- clients
- prospective buyers
- family members
- friends
- other passengers (e.g., others whose GPS locations also become known)
- what happens when you pick up a stranger (hitch-hiker) or give a ride to the airport to an unknown colleague met at a conference
- a third-party who provides the sensor to support a service, such as
- disseminating aggregated data as a subscription service
- collecting driver behavioral data to determine insurance rates?
- from a data transaction that requires the interaction of multiple devices owned/controlled by multiple parties?
- when a device is sold?
- In a combine harvester or vehicle (truck, automobile, motorcycle), is the data owned by
- Who owns/controls data
- Consent
- Whose consent will be required for interactions that involve numerous sensors, controllers, and reporting devices
- For example,
- If an auto manufacturer owns data collected by a vehicle, will it require consent from the vehicle owner and service provider?
- Will each user be required to provide consent for data generated while they are driving?
- the same concerns apply to determining
- For example,
- Whose consent will be required for interactions that involve numerous sensors, controllers, and reporting devices
- Data Ownership/Control/Consent Contracts
- NOTE: While the above issues can be managed by contract law, should there be an default data ownership/control model ?
- The rationale for such a model is that current contracts (e.g., privacy policies, web site terms of use) are one-sided that the negotiation asymmetry may be considered unfair.
- NOTE: While the above issues can be managed by contract law, should there be an default data ownership/control model ?
- Identity discovery
- What attributes would an identity registry need to maintain to be of use to people or devices seeking sensor or controller devices to integrate into a solution
- For example,
- weather sensors
- traffic sensors
- location tracking sensors
- security sensors
- weather alerts
- traffic alerts
- location tracking alerts
- security alerts
- For example,
- Will owners/users have the ability to prevent their devices from being discovered?
- Will they have some selectivity about who can discover their devices?
- Will they have some control over who can interrogate their devices?
- What attributes would an identity registry need to maintain to be of use to people or devices seeking sensor or controller devices to integrate into a solution
- Identity impersonation
- How will devices preclude impersonation of the other devices with which they exchange data?
- Will each device that might generate, process, or report on private, sensitive, or confidential data be required to provide its own IAM capabilities to prevent fraudulent use?
- Will devices be required to develop usernames and passwords to interact with other devices? (How does my calendar system access a GPS system for my child's school bus, to minimize her waiting in the cold on a snowy day when traffic is behind schedule?)
- If so, who sets the username/password or other criteria?
- How will this information be stored securely?
- How will it be modified/updated?
References
ISO 19770 Syllabus |
|
| |
SWID Schema | XML schema for ISO/IEC 19770 Software ID Tags |
| |
NIST IR 7693 | Specification for Asset Identification | http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf |
|
NIST IR 7695 | Common Platform Enumeration: Naming Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7695/NISTIR-7695-CPE-Naming.pdf |
|
NIST IR 7696 | Common Platform Enumeration : Name Matching Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7696/NISTIR-7696-CPE-Matching.pdf |
|
NIST IR 7697 | Common Platform Enumeration: Dictionary Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7697/NISTIR-7697-CPE-Dictionary.pdf |
|
NIST IR 7698 | Common Platform Enumeration: Applicability Language Specification Version 2.3 | http://csrc.nist.gov/publications/nistir/ir7698/NISTIR-7698-CPE-Language.pdf |
|
IETF RFC 2578 | Structure of Management Information Version 2 (SMIv2) |
| |
ITU-T X.672 | Object identifier resolution system |
| |
ITU-T X.660 | Procedures for the operation of object identifier registration authorities: General procedures and top arcs of the international object identifier tree |
| |
ITU-T OID Flyer | “Object Identifiers and their Registration Authorities: Your Solution to Identification” | http://www.itu.int/dms_pub/itu-t/oth/0B/04/T0B040000482C01PDFE.pdf |
|
ISO 26324:2012 | Digital object identifier system |
|