Difference between revisions of "ORCA whitepaper"

From PublicWiki
Jump to: navigation, search
(Whitepaper)
Line 48: Line 48:
 
** Informing the public/media
 
** Informing the public/media
 
* Section 8 - Our Recommendations
 
* Section 8 - Our Recommendations
 
== Legal considerations ==
 
 
== Technical ==
 
* What's encrypted? When? How? Where?
 
* Who owns the keys?
 
* Who's writing the encryption code?
 
* Access control?
 
* Who makes cards?
 
 
== Regulatory ==
 
* Audit trails (DC)
 
* Anonymity in warehousing?
 
* Data retention
 
* Rights to access? Across orgs?
 
* Is information that is passed between parties anonymized/aggregated?
 
  
 
== Questions ==
 
== Questions ==

Revision as of 00:35, 17 April 2007

Outline

  • Section 1 – Background/History of the ORCA
    • Where are we now, how did we get to be here?
    • Motivations
  • Section 2 – Background of RFID
    • Very high level, focus more on transit implications
  • Section 3 - RFID in Transit Systems
    • Potential Benefits
    • Oyster, Octopus, Charlie, etc.
    • ERG Group
    • Personnel Cost Savings
    • Maintenance Advantages
    • Financial Benefits
    • Other Benefits (law enforcement, university, city, state, etc)
  • Section 4 - ORCA Details
    • ERG Group
    • MiFare DESFire
    • Trip History
    • Data retention
  • Section 5 – Cautionary Anecdotes
    • A story says 1,000 images
    • Trust Your Data to People Who Manage Data [Not Trains]
    • Insider Abuse Has Major Risks
    • Holey Matrimony
    • Tracking Customers is Bad Business
  • Section 6 - Stakeholder Analysis
    • Why do we care?
    • Who else should care?
  • Section 7 – Deployment Considerations
    • Legal/Regulatory
      • Audit trails (DC)
      • Anonymity in warehousing?
      • Data retention
      • Rights to access? Across orgs?
      • Is information that is passed between parties anonymized/aggregated?
    • Technical
      • What's encrypted? When? How? Where?
      • Who owns the keys?
      • Who's writing the encryption code?
      • Access control?
      • Who makes cards?
    • Informing the public/media
  • Section 8 - Our Recommendations

Questions

  • Has ERG group had any kind of compromises?

Action Items

  • contact MIT people (Yaw)
  • repurpose best practices from RFID clinic