Difference between revisions of "ORCA whitepaper"
From PublicWiki
(→Whitepaper) |
|||
Line 48: | Line 48: | ||
** Informing the public/media | ** Informing the public/media | ||
* Section 8 - Our Recommendations | * Section 8 - Our Recommendations | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Questions == | == Questions == |
Revision as of 00:35, 17 April 2007
Outline
- Section 1 – Background/History of the ORCA
- Where are we now, how did we get to be here?
- Motivations
- Section 2 – Background of RFID
- Very high level, focus more on transit implications
- Section 3 - RFID in Transit Systems
- Potential Benefits
- Oyster, Octopus, Charlie, etc.
- ERG Group
- Personnel Cost Savings
- Maintenance Advantages
- Financial Benefits
- Other Benefits (law enforcement, university, city, state, etc)
- Section 4 - ORCA Details
- ERG Group
- MiFare DESFire
- Trip History
- Data retention
- Section 5 – Cautionary Anecdotes
- A story says 1,000 images
- Trust Your Data to People Who Manage Data [Not Trains]
- Insider Abuse Has Major Risks
- Holey Matrimony
- Tracking Customers is Bad Business
- Section 6 - Stakeholder Analysis
- Why do we care?
- Who else should care?
- Section 7 – Deployment Considerations
- Legal/Regulatory
- Audit trails (DC)
- Anonymity in warehousing?
- Data retention
- Rights to access? Across orgs?
- Is information that is passed between parties anonymized/aggregated?
- Technical
- What's encrypted? When? How? Where?
- Who owns the keys?
- Who's writing the encryption code?
- Access control?
- Who makes cards?
- Informing the public/media
- Legal/Regulatory
- Section 8 - Our Recommendations
Questions
- Has ERG group had any kind of compromises?
Action Items
- contact MIT people (Yaw)
- repurpose best practices from RFID clinic