Weekly Meeting 2010 05 24 Notes Ratified

Information Sharing GROUP Teleconference

Date and Time

  • Date: 24 May 2010
  • Time: 6am HST | 9 PDT | 12 EDT | 5pm UK
  • Please join my meeting via GoToMeeting
  • Join the conference call:
    • Skype: +9900827042954214
    • US Dial-In: +1-201-793-9022
    • UK Dial-In: +44 (0) 8454018081
    • Room Code: 2954214
    • GoToMeeting ID: 844-771-298

Attendees

  • Joe Andrieu
  • Trent Adams
  • Iain Henderson
  • Mark Lizar
  • Mike Kirkwood
  • Eve Maler
  • Juan Avalon (non-voting)
  • Judi Clark (non-voting)

Apologies

Agenda

  1. Attendance
  2. Prior Action Item Review
  3. IIW Review
  4. New Business
    1. Trust Framework
    2. Other business?
  5. Action Item Review

Minutes

1. Attendance

We noted that 6 people on the call were voting members and that the group did not meet quorum on this call.

2. Prior Action Item Review

Iain will follow up with non-attending members - to do
Iain will draft exec summary in literature review - will present session on IIW - done, report continuing
Iain will think about IP for standard agreement (pending discussion or letter with Joni), and will hand off core IP from his previous work to this group - to do

Joe will send an invitation to this discussion out to Parties listed in Apr 19 minutes - waiting until we get IP agreement settled. Pending
Mark will forward this invite to the P3 group - waiting until we get IP agreement settled. Pending

Eve will forward a list of links from her discussions with legal people. (done)

Juan will send a few thoughts as draft on legal concerns, international level. (done)

3. IIW Review

Iain reported it was a busy event. MyDex message is going down very well, at least 5-6 other PDS vendors at IIW. Lots to follow up with.

Trent gave high-level review: more lively than past few IIWs, solidification about action plans and how to move foward, also economy opening up for attendance. Lots of action in and around info sharing, assumed substrate, tools show up in market. Lots of talk in legal area (Scott David, Jeff Stollman, what it would mean to support data moving between regimes, it's complex).

Iain noted that it's now technically possible to build a PDS & keep them in sync, also anti-Facebook issue that's helped focus attention.

Judi mentioned that Facebook wasn't mentioned much, mostly attention was on how to get things done & who needs to be in on conversations.

Trent: from developers on what they should be supported, not specific discussions on ID Connect, etc. Behind the scenes discussion on specifics, more conversations on oAuth and UMA, many not being driven by Eve. Eve mentioned "Umanitarians" and how conversations arose organically. We didn't cover specific use case. Eve knows of two implementations, Christian Schultz's Python and an open source version. Check Eve's blog. Goal over next 4 weeks, aiming for August. Iain: Underlying concept is "no brainer" for people. Eve: Dave Crocker promoted user-to-implementer approach.

Iain: did a session on literature review, need to complete report in two weeks. Draft this week (Iain, Mark and Judi), circulate to ISWG. Research showing views of real people went over well.

Joe: Key issues with UI? Eve: that's part, but we were thinking too heavily about interactions and what's required, some people think differently. Eve sent link (policy, ref Alan Karp) to UMA list, maybe ideas are good? Very different from how Eve thinks. Joe: Fast iterative exercise, then 4-6 sessions over 3-4 days, what did/didn't work, update UI. Incredible simplifications. Eve: Designing the Obvious (great book). Joe: once we get through the Personal RFP, we can propose paper prototyping that uses UMA architecture. Yes, you have to do it in person. How much more can the next IIW be an Interop? Eve: multiple implementations, prototype, in San Diego? Bounty to hosted validator to be offered.

Joe: KI funding for supplemental items? Trent is deep in this matter, budget is pretty tight right now. Assumed revenue streams not up to speed yet. More likely to find external funding.

Judi gave brief update about her session on Stateless Distributed Membership. Joe noted that more stateless things happening.

Juan asked about TOS, Eve referred to UMA and the Law session and Pair project with Heather (?); user interface matters in accepting TOS. Juan: Common vs civil vs international law adds to the complexity. Juan comes from PKI background, lawyers screwed up PKI (driven by lawyers from '70s, way to eliminate Bills of Lading, etc.). Other technologies (e.g., biometrics) not subject to that level of scrutiny. Needs to be driven by real-world people and uses, info sharing, how they agree on things in real world. In the end, fear of over-thinking/over-design/over-legal complexity. Eve: my boss agrees, legal complexity of PKI doomed it. UMA technology & OpenID contract exchange, including multi-party, doesn't work at Internet scale; no crypto-burden in ecosytem.

Joe: we spoke in previous UMA conversation about whether Alice to Bob is bilateral or multi-party, common carrier role (legal) such that they aren't party to specific A-B contract, but intermediary parties are included as facilitators of data. Eve: get a claim from requestor and are certified/trust framework, community-specific safe harbor. Joe: metaphor: click to accept scales (machine), intermediaries claims (acting as common carrier) Juan: essentially creating closed community with it, "rule book" as in other communities, have to abide by min set of rules, issue is scalability to address party subscriptions (each co has legal department). Enforceability & how it plays w local law: may be an issue, data protection laws may override, if accepted by machine is that machine an acceptable instance of assent. Will be a closed community. Eve; that front-loads the process. Joe: we could make it as open as possible but still requires agreement to rule book. Mark: master controller, opposite of TOS, more like voluntary sharing agreement, individual sets preferences, general framework. Eve: if standards are well known, not dynamic, will have companies signing on (can ratchet up higher). Joe: Trust framework can be emergent. Eve: example of licensing agreement (CC, iStockPhoto); boilerplating agreements is valuable. Joe: boilerplating vs reviewing each new contract, cost of evaluating variance, is burden. Juan: block vs subtle agreements

4a. New Business: Trust Framework

Iain: intention to develop standard info sharing agreements, based on volunteered personal info (primarily). About 2 weeks ago, UK gov offered call for innovation, they've put aside ~1M pounds for innovation in this area. Iain suggests we could use that work as contribution to call for innovation (needs to be done by consortia: MyDex, Kantara, other) to explore whole trust framework. Judi: suggest you start with both voluntary and non-vol info sharing industry. Iain: start w voluntary. Joe: parties starting with who agrees to the rule book. "I agree to trust framework" approach, reposition Kantara $7500 to support that. Iain: agreed. Juan: supporting this group personally, but work for a Swiss company. UK funding for European focus? Iain: UK starts with UK focus, applicable to Euro and wider trust frameworks model. Joe: Timeframe? Approval w/in 3 weeks, project delivery within 12 months. Joe: Range of expectations? Iain: 150K pounds is highest round, haven't thought about how that gets split up yet. Funding is 50:50 w UK funding & external funding sources. Need more formal proposal. Juan: it's a good idea, important for overall scalability & practical application of this.

Joe: thoughts on Kantara? Trent: anything short of signatures, leadership council (LC) can support. Iain, Trent, Joe will draft "group" allocated funding proposal for existing $7500 shift to revised focus. Iain will write up a more formalized proposal.

4b. New Business: Other

none

5. Action Items Review

Iain will follow up with non-attending members
Iain, Mark & Judi continuing work on report
Iain will think about IP for standard agreement (pending discussion or letter with Joni), and will hand off core IP from his previous work to this group. This is part of next:
Iain will write up a more formalized proposal to LC.

Joe will send an invitation to this discussion out to Parties listed in Apr 19 minutes - waiting until we get IP agreement settled.
Mark will forward this invite to the P3 group - waiting until we get IP agreement settled.

Next Standard Agreement Meeting

7 June 2010
6am Hawaii, 9am Pacific, Midday Eastern, 5pm UK
Skype: +9900827042954214
US Dial-In: +1-201-793-9022
UK Dial-In: +44 (0) 8454018081
Room Code: 2954214

Next Regular Meeting

14 June 2010
6am Hawaii, 9am Pacific, Midday Eastern, 5pm UK
Skype: +9900827042954214
US Dial-In: +1-201-793-9022
UK Dial-In: +44 (0) 8454018081
Room Code: 2954214

NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.