Skip to content

2024‐11‐15 Minutes

Jump to bottom
Dean H. Saxe edited this page Nov 15, 2024 · 1 revision

2024-11-15 DADE CG Agenda

  • Welcome and antitrust policy reminder

  • CG chairs selection

    • Dean, Mike, Eve are co-chairs - reach out anytime, on the OIDF and IDPro Slack spaces
      • There is a #dade channel on both

  • State of our GitHub Repo / Migration to OIDF control

    • Now under OIDF control
    • Dean will edit the description to reflect that the charter exists etc.
    • Chairs have been updated to have admin access to the reop

  • DADE CG meetings

    • Current meeting time is suboptimal for EMEA, unworkable for APAC
    • Add a second meeting time that is APAC friendly
    • Notes will be stored in the wiki
    • Recordings are primarily used to drive notes
    • The meeting on Nov 29 is cancelled due to US Thanksgiving holiday, so next is Dec 13

  • Attendees

    • Dean Saxe (Beyond Identity)
    • Eve Maler (Venn Factory) - @xmlgrrl
    • Mike Kiser (SailPoint)
    • Aaron Parecki (Okta)
    • Lorrayne Auld
    • Hideaki FURUKAWA
    • Gareth Narinesingh
    • Grace Klutke
    • Sophia Maler
    • Mark Haine
    • Jade Young
    • Stefan Leigland
    • Bjorn Hjelm
    • Debbie Mac
    • Shizuka Takahasahi

  • Overview of DADE CG charter

    • Proposed DADE CG deliverables
      • Document the current state of the art for managing individual choices for handling individuals’ digital estates. Identify and clarify examples of mechanisms currently deployed by platforms, social media services, and other large scale internet systems.
      • Document individuals' experiences with handling the digital estates of others to identify the difficulties they face managing the digital estate of incapacitated or deceased friends, family, and loved ones. These accounts may be anonymized at the discretion of the individuals involved.
      • Document the current state of government regulations, where they exist, for the management of individuals digital estates.
      • Development of use cases for the management of digital estates to include the data stored by, or on behalf of, the user, or containing the users likeness in audio, video, or other digital formats. Develop nomeclature and roles for establishing delegated autorities which operate on behalf of an individual within a defined scope of authority.
      • Identify and document use cases that are out of scope for additional DADE CG effort due to the existence of law or regulation where such use cases are sufficiently established and managed today.
      • Develop educational information to raise awareness of the challenge and empowering individuals to assert control over their digital legacies effectively.
      • Develop proposed high level data flows for a future set of mechanisms to enable a marketplace for management of individuals’ digital estates across providers.

    ** General Discussion:**

    • (Dean) Respect, empowerment through consent (change to choice?), and interoperability and accessibility are principles
    • (Eve) the idea is to be friendly to real world use cases for everyone, not just technical people. Submit anything and everything that would relate and we'll sort through the relevant issues.
    • (Dean/ Eve) RUFADA sets laws around financial accounts (presumably in the states?) Don't want to deal with areas already covered by other institutions/verticals
    • (Dean) - we are not developing protocols or profiles or anything along those lines. DADE may be the foundation for which other working groups create future standards or specifications
    • (Mark) we have a few sociologists with backgrounds in age-appropriate access, privacy, delegated authority in the eKYC working group: https://openid.bitbucket.io/ekyc/openid-authority.html
    • (Dean) What should we do first?
    • (Eve) Collecting use cases can be done continually as background work. Also, accessing state of the art (both technical / potentially legal) would be helpful to know what's going on presently: inactive accounts, etc - it would give people an anchor and guidance to know how / what to submit
    • (Dean) Maybe what apple / google / other vendors are doing today?
    • (Eve) UMA colleague Nancy Lush of Patient Centric Solutions has created a bunch of app flows to support healthcare Advanced Directives that might be useful to understand and know. Will invite her to demonstrate for us what the state of the art is
    • (Mark) in the prooposed online safety act in the UK, there's a provision for the coroners to demand the retention of data for the deceased. Online resources / data may have contributed to the demise of the individual
    • (Dean) We'll be meeting every other week as a group. Next meeting is the week of Thanksgiving in the United States, so it will probably be skipped or moved. (We'll notify when/if that happens.) Co-chairs will work to find a better time for geographies... Get on the mail list, sign the participation agreement
    • (Eve) Are we clear how to connect and move things forward?
    • (Kiser) Will pull in legal colleague for a legal baseline and general particpation
    • (Eve) this group could come up with practical advice / reminder as to how to communicate their digital preferences / and how to grant access to their loved ones in a secure, thought out manner
    • (Mark) A friend has been supporting others as they go through this process - real world practice for today: there may be things that required to "keep the lights on" so to speak. These things/activities may not be ideal (or even legal) but are still necessary for the "real-world"
    • (Eve) Health care relationship management arena - lots of shared passwords, but that may be a good thing. Need to think through what the mechanisms are and what should be allowable or not given the actual needs
    • (Dean) Spoke with legal experts trying to get them to join the Identiverse panel; advice is being given to others was to obtain crypto assets before death because it is nearly impossible to later (as an example of quasi-legal scenario)
    • (Hideaki) There's a bank in Japan that provides a service that keeps passwords - acts as a pwd manager for subscribers. When the subscriber passes, the family can view the passwords and get access to the services. Is this ok to hand over the entire auth grant to accounts? A friend passed away and her husband had access to her smartphone - so he was able to communicate on social media on her behalf
    • (Mark) This is one of the ideas that I was considering with the spec (the "on behalf of" aspect).
    • (Eve) what are the boundaries of this authority - for example, joint accounts... it's impersonation of a sort (potentially fine grained). RUFADA has enough terms and roles to be helpful -(Hideaki) Will post the use case to the github repo

  • Any Other Business

For additional information about DADE CG please visit our OpenID Foundation homepage.

Clone this wiki locally