[Log In] []

Exploring the science and magic of Identity and Access Management
Saturday, January 20, 2018

IoT: A Market Landscape

Identity, Information Security, Internet of Things, Privacy
Author: Mark Dixon
Friday, August 9, 2013
12:14 pm


Today I read an informative paper published by GigaOM Research entitled, “The Internet of Things: A Market Landscape.”  I find The Internet of Things to be the most interesting area of technology and business in my professional world today.  This paper did an excellent job of providing an overview of the IoT landscape and highlighting both opportunities and challenges.

A few things that I found intriguing:

IoT is not just new technology:

The internet of things is not a single technology trend. Rather, it is a way of thinking about how the physical world at large and the objects, devices, and structures within it are becoming increasingly interconnected.

The market is moving rapidly to mind-boggling scale:

  1. Some 31 billion internet-connected devices will exist by 2020, according to Intel.
  2. A family of four will move from having 10 connected devices in 2012 to 25 in 2017 to 50 in 2022.
  3. Mobile subscriptions will exceed the number of people in the world by early 2014.

Identity is first on the list of important characteristics:

For things to be manageable, they need to be identifiable either in terms of type or as a unique entity. … Identification by type or by instance is fundamental to the internet of things.

The power of IoT comes from connectivity, not just individual components:

The internet of things is an ultra-connected environment of capabilities and services, enabling interaction with and among physical objects and their virtual representations, based on supporting technologies such as sensors, controllers, or low-powered wireless as well as services available from the wider internet.

The biggest challenges?  Security, monitoring and surveillance:

Computer security, say the experts, boils down to protecting the confidentiality, integrity, and availability of both data and services. With the internet of things looking set to create all manner of data, from heart rate and baby monitors to building management systems, there is clearly going to be a great deal to protect. …

The internet of things enables the whole world to be monitored. …  the potential for the inappropriate use of such technologies — for example, to spy on partners or offspring — will grow. In the business context as well, the role of the internet of things offers a wealth of opportunity but also of abuse.

The bottom line?  The possibilities are vast, the challenges daunting, but IoT is happening.  It will be great to go along for the ride.

Comments Off on IoT: A Market Landscape . Permalink . Trackback URL
WordPress Tags:

Core Identities and Personal Data Stores

Identity, Privacy
Author: Mark Dixon
Friday, May 3, 2013
12:23 pm


I just finished reading an intriguing white paper, “Towards a Trustworthy Digital Infrastructure for Core Identities and Personal Data Stores,” written by Thomas HardjonoDazza Greenwood, and Alex (Sandy) Pentland, all associated with MIT.  I was particularly interested to see how much detail has been built around this concept of Core Identities since Dazza Greenwood and I discussed it several years ago, while I was employed by Sun Microsystems.

The paper proposes …

At the heart of digital identities is the concept of the core identity of an individual, which inalienably belongs to that individual. The core identity serves as the root from which emerge other forms of digital derived identities (called personas) that are practically useful and are legally enforced in digital transactions.

… and goes on to explore:

potential business models for Core Identity service providers and Persona providers (specializing in personalization, privacy and preferences services for a unified user experience across many sites and systems)

The paper then ties the concept of Core Identities and Personas to the MIT Open Personal Data Store (Open PDS) initiative:

The OpenPDS is an open-source Personal Data Store (PDS) enabling the user to collect, store, and give access to their data while protecting their privacy. Users can install and operate their own PDS, or alternatively users can operate an OpenPDS instance in a hosted environment.

We use the term “dynamic” here to denote that fact that the PDS does not only contain static data but also incorporates the ability to perform computations based on policy and is user-managed or user-driven. In a sense, the OpenPDS can be considered a small and portable Trusted Compute Unit belonging to an individual.

The paper concludes by emphasizing these four concepts:

  1. An infrastructure to support the establishment and use of core identities and personas is needed in order to provide equitable access to data and resources on the Internet.
  2. Personas are needed which are legally bound to core identifiers belonging to the individual. We see personas as a means to achieve individual privacy through the use of derived identifiers.
  3. the privacy preserving features of core identities and personas fully satisfy the data privacy requirements of Personal Data Stores as defined by the MIT OpenPDS project. The ability for an individual to own and control his or her personal data through deployment of a PDS represents a key requirement for the future of the digital commerce on Internet.
  4. We believe the MIT OpenPDS design allows for a new breed of providers to emerge who will support consumer privacy, while at the same time allow the consumer to optionally partake in various data mining and exploration schemes in a privacy-preserving manner.

This sounds like OpenPDS is very much in line with the Personal Cloud concept.  Perhaps the MIT work with Core Identities, Personas and Open Personal Data Systems will help shorten the time before we can take advantage of real, working Personal Clouds. 

Comments Off on Core Identities and Personal Data Stores . Permalink . Trackback URL

Gigabytes of Personal Data

Identity, Privacy
Author: Mark Dixon
Wednesday, May 1, 2013
8:19 pm

Now, in honor of my post about Personal Clouds – the philosophy of Frank & Ernest:

Frankandernest 130501

Comments Off on Gigabytes of Personal Data . Permalink . Trackback URL

#PrivQA Chat Archive

Information Security, Privacy
Author: Mark Dixon
Tuesday, April 9, 2013
11:32 am

Last Thursday, I participated in the Privacy Tweet Chat led by @OracleIDM, featuring Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario Canada, tweeting as @embedprivacy.  The #PrivQA chat archive is available now on Storify.


I always enjoy these tweet chats, and invariably learn more than I contribute.  Perhaps the key insight I gained in this chat is summarized in this tweet that I posted later in the chat:

Privacy is freedom to decide how my data is used. Security is the mechanism to enable and protect that freedom of choice. #PrivQA


Comments Off on #PrivQA Chat Archive . Permalink . Trackback URL
WordPress Tags: , , ,

Mammoth – Will it be my Personal Cloud?

Identity, Privacy
Author: Mark Dixon
Friday, April 5, 2013
4:49 pm

The most intriguing thing to hit my desk today was the announcement of the new Mammoth service to “save links, add notes, and selectively grab content from multiple webpages into a single, shareable, organizable document.” 

I followed a tweet from @paulmadsen and reserved my name.  You can reserve your name, too, by clicking here, or on the image below.  If you click here and reserve your name, you will be in line to use the service, and I will be one step closer to getting my account activated (I need a couple more friends to click through). We will both be one step closer to testing how to collaborate on Mammoth.  Thanks for clicking!

I do think these guys understand privacy.  See below the image for more …


I like the sound of what they say about security and privacy:

security and privacy are top of our list …

We want to make sure nothing gets leaked unless you specifically expose it to the world. So no, no social networks to login, no weird permissions to manage, no scary dreams of that weird things you like making it out into the world. Its just simple. …

Our entire business is based on your trust – why would we screw with that? To put simply, we don’t have any reason to misuse any information we collect. And we only capture data thats needed to enable a feature for you, nothing else.

Could this be a “personal cloud” that I can really use?  It has my name on it.  It sounds like it will be secure. I look forward to checking it out.  

Comments Off on Mammoth – Will it be my Personal Cloud? . Permalink . Trackback URL

Forget Me, Please!

Author: Mark Dixon
Thursday, April 4, 2013
4:27 pm


On today’s @OracleIDM / @embedprivacy #PrivQA Tweet Chat, much was said about the right of individuals to control how their data was being used. I posted the following statement:

Privacy is freedom to decide how my data is used. Security is the mechanism to enable and protect that freedom of choice. #PrivQA

While our primary focus on the Tweet Chat was on the collection and care of data, I learned today that there is another major movement, primarily in Europe, about a proposed “right to be forgotten.”

According to an article in The GuardianViktor Mayer-Schönberger, professor of internet governance at the Oxford Internet Institute, describes himself as the “midwife” of the idea of the right to be forgotten. He advocates:

an “expiration date” (a little like a supermarket use-by date) for all data so that it can be deleted once it has been used for its primary purpose

Mayer-Schönberger cites research that shows: 

90% of the 60+ generation want this … 84% of 18- to 24-year-olds – those born into the digital age … want the right to be forgotten to be legislated

Furthermore, he claims:

it’s not just about the legal, moral and technical arguments – but about what it is to be human.

That’s pretty heavy, but worth thinking about.

On a lighter note, I received a tweet today that clearly shows something that Dwight Howard of the Los Angeles Lakers would prefer we all forget:

Dwight Howard has missed more FTs this season (332) than Steve Nash in his entire 17-year career (322)

Wow! That is worth remembering – or forgetting – depending on your point of view.


Comments Off on Forget Me, Please! . Permalink . Trackback URL
WordPress Tags:

Privacy by Design – Principles or Requirements?

Information Security, Privacy
Author: Mark Dixon
Friday, March 29, 2013
7:58 pm


After reading the white paper, “Privacy and Security by Design, A Convergence of Paradigms,” this week, I pinged a couple of associates on Twitter to see what they thought about Privacy by Design.  Steve Wilson replied to the effect that “We need more than principles.  We need implementable requirements.”

When I met with  Ann Cavoukian yesterday, I asked her about that viewpoint.  She agreed that we need to step beyond principles to requirements to implementation.  She gave me a copy of a paper published last December by the PdB team, entitled, “ Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices.”  This paper doesn’t provide all the answers, but begins to explore how privacy is being implemented in 9 application area:

  1. CCTV/Surveillance Cameras in Mass Transit Systems
  2. Biometrics Used in Casinos and Gaming Facilities
  3. Smart Meters and the Smart Grid
  4. Mobile Devices & Communications
  5. Near Field Communications (NFC)
  6. RFIDs and Sensor Technologies
  7. Redesigning IP Geolocation Data
  8. Remote Home Health Care
  9. Big Data and Data Analytics

Interestingly enough, when Marc Chanliau shared with me a his unpublished report from which came the security content for the “Privacy and Security by Design” paper, it was gratifying to see the title he had selected for that larger report: “Requirements for Enterprise Security.”

There is much to do, but progress is being made.

Comments Off on Privacy by Design – Principles or Requirements? . Permalink . Trackback URL
WordPress Tags: ,

Strong Alignment: Privacy and Security by Design

Information Security, Privacy
Author: Mark Dixon
Thursday, March 28, 2013
2:52 pm

Today I had the privilege of having lunch with Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada, along with Jack Crail, Oracle Director of Security Sales Consulting for the Western US.  It was a pleasure to have a delightful lunch, sitting outside in the deliciously warm springtime air in Scottsdale, AZ.  We explored many topics of mutual interest, but focused primarily on the concepts in the white paper, “Privacy and Security by Design, A Convergence of Paradigms,” published recently by Dr. Cavoukian and Marc Chanliau, Director, Product Management with Oracle.

I had prepared the following matrix which shows remarkably close alignment with the seven foundational principles of Privacy by Design and how these principles could also apply to Information Security.  We recognize that the scope of security is broader than privacy, but the needs to proactively build security into all the technology and processes we create are remarkably similar.


In this matrix, row 5 (End-to-end security) shows where security and privacy interact.  In fact, end-to-end security is a necessary enabler for privacy.  The other rows begin to explore how a Security by Design approach can align with and support Privacy by Design.

While this matrix is just in draft form, I believe it can help us discuss how  the goals and solutions of privacy and security can be aligned in a meaningful way.  

If any on you would like to offer any suggestions for improvements, please let me know.

Comments Off on Strong Alignment: Privacy and Security by Design . Permalink . Trackback URL
WordPress Tags: ,

Report: Unlocking the Value of Personal Data

Information Security, Privacy
Author: Mark Dixon
Monday, March 25, 2013
6:16 pm


An interesting new report came to my attention today, “ Unlocking the Value of Personal Datra: From Collection to Usage,” published by the  World Economic Forum, prepared in collaboration with  The Boston Consulting Group.

Some statements from the executive summary that I like include:

Our world is changing. It is complex, hyperconnected, and increasingly driven by insights derived from big data. And the rate of change shows no sign of slowing.

… the economic and social value of big data does not come just from its quantity. It also comes from its quality – the ways in which individual bits of data can be interconnected to reveal new insights with the potential to transform business and society.

… fully tapping that potential holds much promise, and much risk.

… It is up to the individuals and institutions of various societies to govern and decide how to unlock the value – both economic and social – and ensure suitable protections

The report is organized as follows

  • Chapter 1: The World Is Changing
  • Chapter 2: The Need for a New Approach
  • Chapter 3: Principles for the Trusted Flow of Personal Data
  • Chapter 4: Principles into Practice
  • Appendix – Relevant Use Cases

It is particularly interesting to me that although there are numerous examples about the potential benefits of big data, there are huge challenges, and no easy fixes.  But the report is well written and provocative.  Well worth the time to read.

Plus as an added bonus, the report has some great pictures and graphics – a treat seldom seen in a report like this.  Here is my favorite – it seems to capture the spirit of the crazy world of privacy and security we are in right now.



Comments Off on Report: Unlocking the Value of Personal Data . Permalink . Trackback URL

Privacy and Security by Design: A Convergence of Paradigms

Identity, Information Security, Privacy
Author: Mark Dixon
Thursday, March 21, 2013
2:32 pm


In the Oracle Information InDepth newsletter I just received, a new white paper, “Privacy and Security by Design: A Convergence of Paradigms,” was announced. The paper is a collaboration of Ann Cavoukian, Ph.D., Information and Privacy Commissioner, Ontario, Canada, and Marc Chanliau, Director, Product Management, Oracle Corporation.

The forward by Ms. Cavoukian includes this statement:

My hope is that privacy and security – by design, will continue to evolve into an essential component of information technologies and operational practices of organizations, as well as becoming an integral part of entire systems of data governance and privacy protection.

The paper further explains the value of these converging topics:

This paper highlights the convergence of these two paradigms. In the first part, the concept of security by design as understood in the technical community is introduced. In the second, the concept of Privacy by Design (PbD) as understood in the privacy community is discussed. The third and final part explores how these two concepts share notable similarities and how they may complement and mutually reinforce each other.

The paper provides a good overview of Security by Design …

… we address three aspects of security by design: i) software security assurance (designing software systems that are secure from the ground up and minimizing the impact of system breach when a security vulnerability is discovered) ; ii) preserving privacy in the enterprise environment and; iii) ensuring identity across heterogeneous vendors.

… and Privacy by Design.

Privacy by Design … is aimed at preventing privacy violations from arising in the first place. PbD is based on seven (7) Foundational Principles. It emphasizes respect for user privacy and the need to embed privacy as a default condition. It also preserves a commitment to functionality in a doubly-enabling ‘win-win, ’ or positive-sum strategy. This approach transforms consumer privacy issues from a pure policy or compliance issue into a business imperative.

The paper concludes:

It is becoming widely recognized that privacy and security must both be embedded, by default, into the architecture, design and construction of information processes. This is a central motivation for PbD, which is aimed at reducing the risk of a privacy harm from arising in the first place. By taking a proactive approach, it is possible to demonstrate that it is indeed possible (and far more desirable) to have privacy and security! Why settle for one when you can have both?

I found the paper to be thoughtful and timely. By coincidence, this morning I committed to an event next week where I will meet Ms. Cavoukian. I look forward to it!

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.