The U.S. government's approach to secure online identities, with its strong emphasis on privacy, is to be applauded. But the devil is in the details. In this case, the details lie with the private sector, whom the administration intends to rely on to provide solutions.
This gets sticky. Businesses exist to make money. While search is used to target ads, data from social networking sites enables even better targeting. Just look at the financial expectations on Facebook. Social networking sites find a great deal of value in being your identity provider everywhere you visit. Some social networking sites go one step further: they not only authenticate you to a site -- Facebook telling the relying party (such as the New York Times) who you are --- but they also share other demographic information about you, like where else you've been, with the parties to whom they've provided the authentication. Such information sharing is quite valuable to these relying parties. It's part of what has propelled the identity tools to be such strong players. But it means that not only does your identity provider know everything about you, so do the relying parties.
Now the federal government has taken a wise step. Under the Federal Information, Credential, Access Management roadmap (now there's a mouthful!), no identity provider for the federal civilian agencies can share such relying party information or even use it themselves (e.g., to better targets ads). The technical term is activity tracking, and federal rules are that identity providers aren't allowed to track your activity while you're on federal sites. What that means is if a Facebook user uses their Facebook credential to log into IRS to obtain tax information, Facebook can't share the fact that the user went to IRS -- or what information they obtained there -- with any other site. In fact, Facebook can't even add that information to their own user profile. That's terrific for privacy.
But if identity providers are all in the business to make money, why should Facebook -- or any other private company -- be willing to act as an identity provider for federal sites? After all, they can't use the information they've learned (and in the U.S. economics drives all). The answer is a funny thing called user stickiness. Users do what's easy. If Facebook won't serve as an identity provider for a U.S. government website, then the user has to change providers when she wants to access that website. And changing providers in the middle of a session might mean that a user doesn't go back to using their Facebook credential after the transaction. Facebook doesn't want to lose her during the web session. So various identity providers are willing to act as identity providers for U.S. government sites even if the providers can't make use of the information they've learned.
There's a lesson here for other sites, sites that ought to be in the business of protecting your privacy. What articles I read at the Huffington Post or Fox News, what pages I view at the he Mayo Clinic or the American Heart Association, ought to be private between me and those sites. They should not be shared with other relying parties or used by an identity provider for its own purposes. Those sensitive sites, the ones that have important reasons (such as protecting the First Amendment right to read anonymously) should adopt the same rules regarding activity tracking as the federal civilian agencies have done. Because there are still many sites that provide economic value to these identity providers, such a change wouldn't stop identity providers from providing their product across the network. But it sure would make a difference in protecting privacy where it matters.
The U.S. government's approach to secure online identities, with its strong emphasis on privacy, is to be applauded. But the devil is in the details. In this case, the details lie with the private sector, whom the administration intends to rely on to provide solutions.
This gets sticky. Businesses exist to make money. While search is used to target ads, data from social networking sites enables even better targeting. Just look at the financial expectations on Facebook. Social networking sites find a great deal of value in being your identity provider everywhere you visit. Some social networking sites go one step further: they not only authenticate you to a site -- Facebook telling the relying party (such as the New York Times) who you are --- but they also share other demographic information about you, like where else you've been, with the parties to whom they've provided the authentication. Such information sharing is quite valuable to these relying parties. It's part of what has propelled the identity tools to be such strong players. But it means that not only does your identity provider know everything about you, so do the relying parties.
Now the federal government has taken a wise step. Under the Federal Information, Credential, Access Management roadmap (now there's a mouthful!), no identity provider for the federal civilian agencies can share such relying party information or even use it themselves (e.g., to better targets ads). The technical term is activity tracking, and federal rules are that identity providers aren't allowed to track your activity while you're on federal sites. What that means is if a Facebook user uses their Facebook credential to log into IRS to obtain tax information, Facebook can't share the fact that the user went to IRS -- or what information they obtained there -- with any other site. In fact, Facebook can't even add that information to their own user profile. That's terrific for privacy.
But if identity providers are all in the business to make money, why should Facebook -- or any other private company -- be willing to act as an identity provider for federal sites? After all, they can't use the information they've learned (and in the U.S. economics drives all). The answer is a funny thing called user stickiness. Users do what's easy. If Facebook won't serve as an identity provider for a U.S. government website, then the user has to change providers when she wants to access that website. And changing providers in the middle of a session might mean that a user doesn't go back to using their Facebook credential after the transaction. Facebook doesn't want to lose her during the web session. So various identity providers are willing to act as identity providers for U.S. government sites even if the providers can't make use of the information they've learned.
There's a lesson here for other sites, sites that ought to be in the business of protecting your privacy. What articles I read at the Huffington Post or Fox News, what pages I view at the he Mayo Clinic or the American Heart Association, ought to be private between me and those sites. They should not be shared with other relying parties or used by an identity provider for its own purposes. Those sensitive sites, the ones that have important reasons (such as protecting the First Amendment right to read anonymously) should adopt the same rules regarding activity tracking as the federal civilian agencies have done. Because there are still many sites that provide economic value to these identity providers, such a change wouldn't stop identity providers from providing their product across the network. But it sure would make a difference in protecting privacy where it matters.
bench craft company rip off beans
bench craft company rip off concepts
bench craft company scam letters
bench craft company scam house of pain
bench craft company rip off flatout saw th
bench craft company scam paintly
benchcraftcompanyripoff
bench craft company scam paintly
bench craft company scam advark
bench craft company rip off beans
bench craft company scam by competitors
bench craft company rip off concepts
bench craft company scam paintly
bench craft company scam by competitors
bench craft company scam advark
bench craft company scam advark
bench craft company rip off beans
bench craft company rip off boots
bench craft company rip off flatout saw th
Negotiating All But Done for $2.7 Trillion Deficit Reduction Deal <b>...</b>
Sources from both parties tell ABC News that the major potential roadblock in deficit negotiations-- the triggers -- are now essentially agreed upon. The plan is for the House to vote on this tomorrow, assuming all goes ...
Negotiating All But Done for $2.7 Trillion Deficit Reduction Deal <b>...</b><b>News</b> Corp. Names Andrea Zappia CEO of Sky Italia - The Hollywood <b>...</b>
He replaces Tom Mockridge who left the Italian pay TV service last month to become CEO of News Corp.'s U.K. newspaper group News International.
<b>News</b> Corp. Names Andrea Zappia CEO of Sky Italia - The Hollywood <b>...</b>Congressional Sources: Republicans and Democrats Reach Tentative <b>...</b>
ABC News' Jonathan Karl (@JonKarl) reports: Democratic and Republican Congressional sources involved in the negotiations tell ABC News that a tentative agreement has been reached on the framework of a deal that would ...
Congressional Sources: Republicans and Democrats Reach Tentative <b>...</b>
No comments:
Post a Comment