2022-01-18 Meeting notes
Date
Attendees
Goals
- Proposed Merger of FIRE and HIA WGs
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
Proposed Merger of FIRE and HIA WGs | Discussion: Any trust principal should say if someone is a victim of breach of trust they should have right of redress. Can’t sue in federal court for breach of trust but can sue in state. There should be some recourse. Result today: lose credential, get sanctioned for complaint. Bev asked for clarification of business/consumer. Where is the human user?
Rank principles in priority in FIRE and HIAWG Merge or new WG?
Review FIRE-HIAWG document: Tom:
Bev: Zero Trust is closely related to DevSecOps. Jim: how can consumer get their own zero trust tools.
Catherine: consumer needs decision support guidance. “Nutrition label”, standard. We don’t even have this in person to person relationships. Trust mark, some specific information notification, right of redress Bev: “Consumer” is a confusing word. Not only commercial context. Could be a robot or AI agent. Human engaging in a transaction that involves some revealing of PII. Not anonymous. Humans that help other humans, power of attorney, guardians, caregiver. Jeff: GDPR definitions of “natural person”. One offs like robots will fall out of that. Jim: why not start at the level of definitions. Bev: look at existing and potential conflicts. Noreen: definitions come from what people already associate with them in their contexts. “Zero Trust” capitalized is not what we mean for humans trusting entities. Need definition that disambiguates who/what is to be trusted, and doesn’t introduce bias. We trust other people based on what others say about them, which is helpful but can introduce bias. Some people can only participate in digital platform through assistive technologies or AIs and these can be riddled with bias. Bev: Evolving Human Zero Trust “HZT” TomS: robots, algorithms, etc are “humanoid”. Person : Non-Person. Personality. Bev: biometric, facial recognition. Noreen: described historically how IDESG/NSTIC web page evolved after 2018 to focus more on trusted identity as trusting individual users rather than the user trusting the systems. New administration aside, there was a lot of stuff happening with cybersecurity breaches, Cambridge Aanalytica, election fraud, money laundering, etc. that moved the focus away from individual point of view. Jim’s synthesis:
| ||
Action items
- Former user (Deleted) Dr Tom to share glossary from HiAWG.