Re: [Iotsi] Sticky Policy: Attaching privacy policies to data

"Subramaniam, Ravi" <ravi.subramaniam@intel.com> Tue, 22 March 2016 01:54 UTC

Return-Path: <ravi.subramaniam@intel.com>
X-Original-To: iotsi@ietfa.amsl.com
Delivered-To: iotsi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66A4012D11C for <iotsi@ietfa.amsl.com>; Mon, 21 Mar 2016 18:54:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.922
X-Spam-Level:
X-Spam-Status: No, score=-6.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t3FH_qlMA-vk for <iotsi@ietfa.amsl.com>; Mon, 21 Mar 2016 18:54:22 -0700 (PDT)
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by ietfa.amsl.com (Postfix) with ESMTP id 8075C12D0E1 for <iotsi@iab.org>; Mon, 21 Mar 2016 18:54:22 -0700 (PDT)
Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP; 21 Mar 2016 18:54:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.24,374,1455004800"; d="scan'208";a="768683595"
Received: from orsmsx102.amr.corp.intel.com ([10.22.225.129]) by orsmga003.jf.intel.com with ESMTP; 21 Mar 2016 18:54:22 -0700
Received: from orsmsx156.amr.corp.intel.com (10.22.240.22) by ORSMSX102.amr.corp.intel.com (10.22.225.129) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 21 Mar 2016 18:54:22 -0700
Received: from orsmsx116.amr.corp.intel.com ([169.254.7.137]) by ORSMSX156.amr.corp.intel.com ([169.254.8.159]) with mapi id 14.03.0248.002; Mon, 21 Mar 2016 18:54:21 -0700
From: "Subramaniam, Ravi" <ravi.subramaniam@intel.com>
To: "Smith, Ned" <ned.smith@intel.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "iotsi@iab.org" <iotsi@iab.org>
Thread-Topic: [Iotsi] Sticky Policy: Attaching privacy policies to data
Thread-Index: AQHRg5pswcubxTHCtkGfNI03+7PJxJ9krlqA
Date: Tue, 22 Mar 2016 01:54:21 +0000
Message-ID: <D40BA8183A12B448ACB9448546032E089C9345BC@ORSMSX116.amr.corp.intel.com>
References: <D3157922.4B301%ned.smith@intel.com>
In-Reply-To: <D3157922.4B301%ned.smith@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjRiMTI4NTItOTMzMC00YjI1LWIwMDAtOWFiOGRjNDc3YzE4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6Ijd1cHV1ZjdGbk96b1ROR0xLbFpENGVZbWFKNlFnNlpINUNKUDh4Y1M2Nk09In0=
x-ctpclassification: CTP_IC
x-originating-ip: [10.22.254.139]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/iotsi/j9Or32PqHF3mD8XRXyoZu7rdsqM>
Subject: Re: [Iotsi] Sticky Policy: Attaching privacy policies to data
X-BeenThere: iotsi@iab.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet of Things Semantic Interoperability Workshop <iotsi.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/iotsi>, <mailto:iotsi-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotsi/>
List-Post: <mailto:iotsi@iab.org>
List-Help: <mailto:iotsi-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/iotsi>, <mailto:iotsi-request@iab.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 01:54:24 -0000

Hi,

+1 with Ned

It would be beneficial to view security (incl Trust) as a context in which IMs and DMs are interpreted/actioned. In that case, using system IM/DM to inform context would be preferred.

Ravi

-----Original Message-----
From: Iotsi [mailto:iotsi-bounces@iab.org] On Behalf Of Smith, Ned
Sent: Monday, March 21, 2016 10:52 AM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; iotsi@iab.org
Subject: Re: [Iotsi] Sticky Policy: Attaching privacy policies to data

Thanks Hannes!

RFC4119 could be characterized as an information model and data model expression of a set of context attributes (location, presence) that when extant represent possible privacy sensitive attributes for which some form of privacy preservation strategy may be needed. The paper suggests a few possible strategies such as retention limitations / data expiry and retransmission rules.

It was noted at the F2F that 'context' was an aspect of information modeling that represented a form of meta-data that has value (hence shouldn't be ignored?). Given IM practice will be inclusive of context attributes (which normally might include location, presence etc...), the IM can inform the trust model seeking to realize privacy goals.

It could be observed that at least part of the objectives of RFC4119 could be realized, namely that contextual metadata (location, presence) may be available through a more comprehensive IM - one that is inclusive of context. That suggests to me at least, that an existing IM and DM may satisfy some of the RFC4119 objectives though possibly not being RFC4119 compliant.

It would be preferable, IMO, if the IM that describes the "system" informs the Trust Model (security / privacy) rather than having the Trust Model define the IM and DM that then must be retrofitted into the system IM/DM.
I'm not suggesting there won't be a need for security / privacy goals of an IM to inform the system IM, but it should do so using the languages of the system IM and DM.

Given a comprehensive system IM and DM, this may be sufficient toward properly informing privacy models regarding privacy context. If there are gaps, they likely are small. For example, the system IM/DM that defines an identifier, might leave undefined intended mutability properties.
Normally, we'd expect the DM would specify the identifier's possible values, but it might not specify its uniqueness properties. Uniqueness may be understood within some context, such as a life expectancy for reuse or a namespace authority that can manage / check for namespace collision.

A 32-bit identifier can uniquely identify 4B things at a given time. The
4B+1 item could collide with an existing identifier. If the rollover 
4B+rate
is specified, then a privacy model could use that information to manage privacy risk because there is a window in which the transaction associated with the identifier will be extant. It may be appropriate for IOTSI to consider defining rollover rate parameters as a possible 'range' attribute that is associated with identifiers.

This is more the approach I would advocate vs. an RFC4119 approach.

-Ned


Ned Smith
Principal IoT Security Architect
Intel SSG-OTC
Ned.smith@intel.com
+1.503.712.3695




On 3/21/16, 1:58 AM, "Iotsi on behalf of Hannes Tschofenig"
<iotsi-bounces@iab.org on behalf of Hannes.Tschofenig@arm.com> wrote:

>Hi all,
>
>During the security discussion the idea of attaching privacy policies 
>to data was mentioned and I noted that there has been work in the IETF 
>on that topic.
>
>Here are the relevant pointers: RFC 4119 (see
>https://www.ietf.org/rfc/rfc4119.txt) specified a way to convey 
>usage-rules along with location data. These usage-rules contain four 
>pieces of information:
>- retransmission-allowed
>- retention-expires
>- ruleset-reference
>- note-well
>
>The ruleset-reference contains richer information about what a 
>recipient of location information is allowed to do with that 
>information. RFC 4745 (see http://tools.ietf.org/html/rfc4745) defines 
>the format of those policies and they have been extended for use with 
>application specific domains, such as presence information and 
>geolocation information. The former can be found in 
>https://tools.ietf.org/html/rfc5025 and the latter in 
>http://tools.ietf.org/html/rfc6772
>
>Ciao
>Hannes
>
>IMPORTANT NOTICE: The contents of this email and any attachments are 
>confidential and may also be privileged. If you are not the intended 
>recipient, please notify the sender immediately and do not disclose the 
>contents to any other person, use it for any purpose, or store or copy 
>the information in any medium. Thank you.
>
>_______________________________________________
>Iotsi mailing list
>Iotsi@iab.org
>https://www.iab.org/mailman/listinfo/iotsi

_______________________________________________
Iotsi mailing list
Iotsi@iab.org
https://www.iab.org/mailman/listinfo/iotsi