Wiki
Clone wikiHEART / 2015-03-09
Roll call stats
http://hg.openid.net/heart/wiki/Roll_Call
21 in attendance - 10 members
Listserv count :93
HIMSS F2F details
We will meet in room N138 in the Convention Center on Wednesday, April 15 from 9am – 12pm (Central). The room is set up in a U shape for 25 with perimeter seating for 15. There should be a podium, screen, projector, and microphone available.
PRIVO - demonstrate/discuss Delegation/Parental consent flows for COPPA
Debbie introduced the topic. At IDESG about a month ago, PRIVO (“PRY-vo”, for privacy) gave a great demo on their work in this area.
Steve Greenberg has been working with Denise Tayloe at PRIVO since the beginning of the NSTIC project. He’s glossing over “identity is hard” and “consent is hard” topics, assuming we get it.
PRIVO came out of the COPPA (Children’s Online Privacy Protection Act) market, putting parents in control of information about their kids online -- not enterprise, and not self-consent. It’s a delegated consent model. A kid might not have an email address and so on, which an adult would be expected to have. Consent interactions make an assumption that the operator is allowed to consent, which don’t hold in the COPPA market. You don’t want to induce kids to lie or get around the system. You want to make it easy for them to do the right thing. There’s a sliding scale of verification, proportional to the privacy risk. Higher risk means demonstrating control of a financial credential, for example.
If you have a web or mobile property and someone just tried to “do something”, are they allowed to do it? They key question is “how old you are” -- COPPA makes that cutoff be “under 13”. PRIVO finds the person who needs to grant consent for it.
PRIVO has an NSTIC grant. As part of this, there is a Minors Trust Framework (MTF), a PRIVO iD (a federated identity based on OIDC, and also supports SAML), which is a free service for consenting to MTF-approved and COPPA-compliant services, and an educational initiative, Online Privacy Matters/Privacy on Patrol Squad (POPS).
The tough part is finding parents, having them prove they are who they say they are, etc. PRIVO handles this part, making it easy to obtain “verifiable consent” and providing widgets for parent login etc. This lets their customers concentrate on their core competency. PRIVO also pseudonymizes across services.
When a new underage user provides a parent email address, there’s a “parent with me” path where the kid goes and gets the parent, the kid can print a form that the parent can fill out or follow a URL, or the kid can provide an email address so that the parent gets a message. A “shadow account” option provisions a parent account that essentially tracks the kid’s account if created on a mobile device or something. This is good when there are many, many accounts already extant.
The kid’s account is activated as soon as the request to the parent is sent. But the kid doesn’t have the ability to share PII publicly. The PRIVO customer doesn’t want to lose the kid’s business, so there’s the ability to do a limited number of things in the meantime.
Data attributes associated with the site features have a notion of low or full verification. There are also standard and optional features. Standard features have to be agreed to in order to use the service at all, whereas optional features can be denied consent.
MyPRIVO is a central location that helps you manage consent across all of the locations, for multiple kids and multiple services.
AI: Debbie ask for slides
AI: Debbie to poll group to see if they would like to hear more about their multi generational TF
Eve Maler - handling Custodianship options in and around UMA
http://openid.net/wordpress-content/uploads/2015/03/UMA-custodian-thoughts-2015-03-09.pdf
Eve presented a slide deck with three potential architectural options, two “in” and one “outside of” UMA, that try and bring the benefits of user-managed access (lowercase and uppercase) to those who aren’t entirely competent to consent. The two “in” UMA are fairly complementary with the PRIVO demos, and seem to benefit from standardized scopes and trust frameworks.
Justin comments that the flipping around of who is the resource owner and who is the requesting party in this analysis is a really important concept to play around with.
Updated