 Okay, it looks like it's time to get started again. Thanks for rejoining us. We have two really interesting talks coming up in this segment of virtual meeting. And we're going to start with our colleague Ken Klingenstein from Internet2. Ken is well known to many of the folks here and has had a tremendous gift for identifying issues around privacy, identity management and security over the years. And is back with some really challenging I think questions. Ken has told me he really would like this to be quite interactive so feel free to raise hands, use chat, whatever, as his presentation goes along or as at the end when he calls for questions. And with that welcome back Ken over to you. Thanks Cliff. Yeah, my, my goal would be not to finish my slides today. Just to have it be that interactive. We'll see how it goes. So there's a number of issues on the landscape that are emerging, and they all need answers. And I guess my greatest confusion at this point is who's going to be able to answer them. Able in terms of knowledge, able in terms of where the people who could answer this sit in the ecosystem of trust and identity that's out there today. We have lots of players, many of them will raise their hand and say, ah, we can fix that. I'm not sure they're the right authorities to do so. I'd love for there to be high levels engagement on this so through the chat session or raising your hand. Please interrupt me. We're going to touch on the following points and we're going to talk a little bit about trust privacy and portals. That's the most vexing aspect right now in the landscape that I see in the ecosystem. Well, then look at course site tracking. This is a very active area with Google, among others, really trying to address the situation about minimizing cross site tracking while preserving business models attribute release control. The federated environment is built upon release of attributes from an identity provider to a service provider and that will enable access control and other kinds of capabilities. And then we're going to be in charge of the release of that information. Basic identity itself. You know, it has traditionally been anchored by governments increasingly in a decentralized environment. There's new ways of creating identifiers and vouching for the validity of the association of that identifier with a particular subject. So that's in question. The legal and regulatory safeguards that are out there are frankly a mess frankly a mess in the US. I don't know what the mess is and then I have a blank slide for who's going to fix that. And then I'd like to if we have time cover some of the things that I might have missed in this that I should be talking about the next time I do this presentation. So in the federated ecosystem middle things have emerged in the trust system, and they profoundly alter the end to end trust model for federated identity. The model itself was that an identity provider would trust a service provider and vice versa. Now we have all of these portals and proxies out there that intervene in those transactions and what's their role. In particular the research and education environment is right with proxies and portals. And sometimes to translate authentication approaches from let's say federated to IP address that's a common one from easy proxy to complex composite sites integrating distributed disparate entities. The dialogue on is a very important one in the science community. NIH is in the process of building a portal for the National Institutes plural of health. And one in particular has raised a number of concerns, because placing anonymous access sites like PubMed behind a portal which is oriented towards identity and strong identity has caused a lot of stir about. How do I get to PubMed with anonymity when the portal is asking for identity. Elsevier has science direct out there as a kind of authentication point for a variety of services, some of which support anonymous and pseudonymous access, some of which like pure and identity. Easy proxy, despite its name is real is is or is really a gateway to a lot of stuff where you have to provide identity and then those resources behind there might well not want to know that identity. How do we do that. The browser itself is becoming a middle thing I'll come back and talk about the browser specifically in terms of course I tracking. But the browser has become essentially the operating system for the web. And so we're seeing a move of functionality from external places into the browser. And that becomes very consequential for who are the power brokers, and this complicates privacy and security, the middle thing can sit there, see the stuff that's going by, and modify it. And so, how do we protect our lives and our privacy with in the presence of middle things, and most conspicuous leaf. We don't even know where to start the conversation. There is no reference framework. There is no model out there that says that defines the functionalities of proxies and portals, and perhaps categorizes which functionalities affect privacy which ones affect security etc. Who's going to answer this question. Who's going to build the model. Well, middle things are to some degree, a creature of multilateral federation in that bilateral world that industry would like to see. There really are very few middle things out there. But in research and education. Many, many services, many, many providers operate middle things again CI log on NIH. And so we might be the ones to answer it but we're not. We're not even building that framework. There are standards organizations that could build this a cantara is a standards organization that does levels of assurance and other kinds of standards is international. They have no framework. I just had a conversation a few weeks ago with NIST. And in a very different world, they have portals that they're trying to deal with. It's tempting to throw this question over to NIST. However, the lights are barely on in NIST. A couple of years ago, during the Trump administration. NIST got eviscerated and they're just now we rebuilding the resources to work on this. Typically marketplaces often decide these questions and I fear that the marketplace may decide this and the marketplace seldom favors privacy. Cross site tracking. I suppose most of us have had that experience of doing a presentation and pulling up a website. And there in the middle of the website there was some ads that indicated that last week, you were looking at something perhaps less appropriate than what you'd like to share with everybody else and cross site tracking has followed you around and said, Oh, well this person was gazebos last week we'll put up a bunch of gazebo ads in the middle of this website. And that's awkward. That has actually raised a number of sensitivities. And we can look at how to ameliorate that. Cross site tracking unfortunately has a variety of techniques that are used third party cookies are the most obvious ones but there's link decoration and bounce tracking. And what's awkward about this is that fine and upstanding services at least in my mind like federated identity winds up using link decoration to convey information about your IDP to the SP and vice versa. And so some of these techniques were actually invented in the RNA space, but were abused in the marketplace. And that perhaps happens frequently where we invent stuff for the most noble of reasons, without understanding that Oh my God, the marketplace and advertisers will work on that. And because some of this cross site tracking is about to be addressed via a number of initiatives. There are new companies now springing up that are doing analytics, and using a lot of artificial intelligence to begin to find ways around whatever solutions were about to invent. So who will answers. Well, browser manufacturers, since this cross site tracking is happening largely via the browsers that they're offering to solve this, a Google in particular, if you're not familiar with the browser domain, there's very few independently coded browsers in the world anymore. Fire Fox is one, I think opera might be, but many of the others are built on a single code base called chromium, which Google made open source, and then built chrome on top of. So a large degree I'd say almost 75% of the browser space is dominated by chromium, and it's its derivatives. And so Google feels like they're the right ones to address this. Since they have a web browser to do this. And Cliff has the independent browsers are a tiny market share indeed they are. So Google is offering to do this and there's a working group that's been operational now for about six months. Heather Flanagan who many of you may know is trying to facilitate it that group. The issue there is that the third party cookie deprecation that Google is proposing to reduce cross site tracking breaks, many other things that are unintentioned. And so the question is how do we ameliorate the damage that Google will do in trying to minimize cross site track. Who else what could answer it advertisers can answer it. Well there's Google again. Third parties, the ones that are doing analytics governments could also begin to address some of the cross site tracking issues. In the structured environment in the US that's not about to happen in the EU. You've seen a number of initiatives by the European Commission, all of us have experienced the new cookie paradigm. And the sites in that are based in Europe, we're given a choice of which cookies to accept. I wonder about that capability within this space as well. I'm attribute release boy I've stepped into the middle of this. Attribute release was again a major capability of the federated environment. We were supposed to have some consent modules developed. Some of us are still working on that. To some degree, the authority for that attribute release is passed to identity providers I'll come back and and and release and talk about that in a second attributes are really important for access control personalization and customization. You want to release sufficient information to gain access to the content you'd like, but you want to release no more than that so data minimization is an important feature for this. Metadata is the vehicle by which relying parties can indicate to either users or identity providers or two librarians, what data might be needed. And one particular gnarly aspect of this is purpose abuse users identity providers might want to know from releasing this attribute. What's going to be used. What's going to happen when you're done with it. The need for normative taxonomy for the R&E has percolated up for purpose of use. You've seen it as I indicated in the cookie paradigm that the EU has promoted. There's just for three or four different purposes of use. You can create something in the R&E space that might talk about your releasing information. Here's how we intended to use it in a classical taxonomy. And here's how we intend to dispose of it at the end. Who's going to answer this. Well, boy, identity providers answer it today. Your idea your federated identity provider typically says what attributes are going to be released about you. That's not how we designed it but that's how it's, and that's how it's rolled out governments can do this. We designed this for users to be in control with some kind of consent module. Even the word consent is a tricky word in that the way it's used today. It's kind of like someone else has made a decision about what's going to be released. Can you consent to this. How about control. What user control versus user consent. Wouldn't it be nice if we were in the driver's seat as users. When I mentioned this to librarians, a few of which are on this call. They say, well, you know users may not know what will reduce the friction that they will encounter in getting to the content they want. There's a group called FIM for L. If you're in a librarian who's interested in federated identity I urge you to do that it's a part of Lieber. We just had our FIM for L calls this morning. Very good people on there, largely Europeans we could use some us representatives. But there's been a perspective to date that librarians really know what should be released because users don't want to be bothered. I'd love some validation on that. Oh, I see. I'll have to come back and do that comment. The decentralized identity paradigms. We'll talk in a second about how technologies have their inherent challenges relying parties may want to decide what attributes get released browser manufacturers. One of the things I saw recently was a Google mockup that had your browser, presenting you with a list of options for which attributes could get released. That means the browsers watching things more closely than I'd like the browser to watch. Clearly, if you're doing encrypted transactions we can avoid that but most settings out there today are not around that. We have device manufacturers well there's a Google again because of Android. My God Google's all over the place on this one. No surprise communities of interest. This is a new idea communities of interest can certainly define taxonomies for purpose of use. And perhaps that's going to be an answer for this. This segues into the comment that Pascal just posted to the chat session about the distributed identities. So traditionally identity was anchored via an identity provider using a government document and the level of assurance that us geeks in security talk about is anchored by what kind of documents that we use to prove you are who you are and then we'll see that identifier will create a level of assurance around that all of the mumble jumble that we talk about. There's pluses and minuses with taking an identity that's anchored with the government and decorating it with attributes from a lots of different sources not necessarily from governments. So going out watching the terrible situation in the Ukraine today. A lot of people don't have governments. And so what is going to be the source of the official documents that would anchor identity. This threats, that's me do a great deal. One of the solutions would be self sovereign and decentralized identities. Sometimes these can be anchored to larger trust chains, large, large amount of the time it's anchored by a reputation system. I have 400 friends assert that I am who I am to the distributed identity provider, and this binding of that identity to me is anchored by a group of cohorts. Pluses and minuses. I would mention that sometimes technologies have fatal flaws, because of who's promoting the technology. I've been to a number of decentralized identity conferences. And what's tricky on this is that everybody has a different version of decentralized identity, and they don't necessarily want to cooperate, because it's decentralized and that's their nature. So these are individuals sometimes looking to make a market share, sometimes it's just their nature. I think the federated case that I've been a part of for 20 years, has the virtue that we wanted to work with each other. We weren't trying to create an independent standard, each in our own right, we wanted to federate and work together. So I mentioned that in terms of decentralized identities, a interesting concept, again can tie the reputation systems. But is there something intrinsic about the people promoting this that could be a problem. Who will answer this. Well, governments have traditionally answered identify the basic identity, but again, governments are sometimes fragile marketplace forces. And then I'll just point out that we have a lot of new data these days that we don't want to look at, like surveillance. And so the idea of people talking in the open field is no longer open. On the other hand, that surveillance data could be a great anchor for some kind of trust based upon, well, we saw this this person at that location. And so we have an association that way. So that's a way of taking surveillance which I think of is a great concern, and perhaps tying it into creating some identity systems that we wouldn't have had in the past legal and regulatory issues. So GDPR enforcement is now finally taking place finds are being leveled. Reciples are being developed by the Europeans that indicate the nuance that GDPR requires it's a very sophisticated set of requirements. And I'm not quite sure that the marketplace is up to the nuance that's embedded in GDPR shrimps to has added its own wrinkle in this and put the US in a kind of an awkward position because our trustworthiness is no longer obvious. We don't have the recourse that the EU would like to have, how do you begin to implement things like right to forget in our fractured environment. The UK has its own version once they left via Brexit. And it was actually the UK researchers who raised the concerns about PubMed being situated behind the NIH portal. In the US it's pure chaos. Most states are trying to develop privacy approaches, very different emphases, very different recourses, and many states don't need no stick in privacy. Somebody want to raise their hand at this point and tell me because it's not working. It's very clearly not working but I sure don't know. I don't see any, I don't see the federal government stepping up into this place with the polarization. The state governments have different masters. It's going to be tricky. Many transactions are interstate what state would apply to Google. Yes, Google. Thank you. So let me just close with this one and then hopefully invite some conversation. A lot of this stuff, a lot of security, a lot of privacy depends upon encryption. Encryption is reasonable at this point. Quantum computing will break most of the encryption algorithms that we have today. NIST and other places are hard at work at building encryption algorithms that might be resilient to quantum computing, but we've got to be careful that encryption which underlies much of this stuff is itself fragile. And then reconciliation of national laws and now state laws and where the data will be geolocated. I'm seeing a lot of work by a lot of different organizations to make sure that their data is being stored in a place that's benevolent to whatever privacy views that organization may have. Lots of problems. No answers. I'll stop at this point. I'm appreciating the comments. Oh, Joseph Glass. I don't know you Joseph but that's an interesting idea. So maybe you want to raise internet to Thank you Tara. I'll just mention that we we created part of this mess with the federated identity space. We intended it to be deeply privacy preserving. We had from the very beginning, the idea that there was going to be a consent module out there that was going to enable users. The consent module has been slow to develop. There's been a belief. I'll say it in arrogance on the part of identity providers that uses can't manage attributes. And part of this is because the error message that we have when you don't release the right attribute attributes to get to a resource or error message is the wonderful 404 resource not found. There's a few places out there that do the right thing and say, ah, we would have loved to give you this resource but you didn't release these attributes but for most relying parties. If you don't release the right attributes, you get a really opaque error message. We're working closely with Elsevier and I've got to say that Elsevier, we're trying to develop a notion we call agile privacy, and maybe in the fall. We can all at the next CNI in person. We can talk about agile privacy and and how well it works, but Elsevier gets it to a large degree about how depending upon what you release will give you anonymous services pseudonymous services which will give you a the ability to keep your search histories but without us knowing who you are, or we'll give you personalized service based upon who you are. So I would say almost, you know, we're involved because we create a part of the mess. I have an Instac grant that we're still working on many years after Instac has passed called scalable privacy and we have a wonderful consent module that came out of Duke University that we're trying to promote these very days to get it out there. Let's see Cliffs might enforce federal action. Anybody watching the congressional hearings for the new justice has got to be pessimistic about anything happening in that in the at least the congressional sense. So would the, what federal agency would cover this FCC Federal Trade Commission, it's not even clear what agency would do that many of the agencies are suddenly owned by commercial sectors so if it was going to be from the executive branch cliff I'd worry which agency, if it's going to be from the congressional branch. I would wait for a long time if it's going to be from the judicial branch. Ooh, enough said. Appreciate any questions. And on that happy note. Oh, I think we're at time and I know there are more questions that people would love to ask. That privacy agile work is very interesting and I do hope we'll have an opportunity to hear more about that as as it proceeds forward. Love to we have we have some stunning demos and you know it illustrates that even in the best intentions publishers like Elsevier. They're wonderful they they they give you anonymous access and then they say, Oh, but we need a place to hold your search histories give us your email address. We want to know how about something else, we have better identifiers so we'll we'll pick that up. Maybe we all get together in the fall. I'll leave it at that. I look forward to it. Can I know there are many more questions I'd like to ask there are many more questions I know that our members here with us would like to ask. We need to move on to the next presentation but I hope you're able to stay around at least for a little while and maybe field a couple of questions in chat from people. I think you very much for yet another very provocative presentation and really appreciate you joining us today.