Difference between revisions of "ORCA whitepaper"
From PublicWiki
(New page: == Whitepaper == === Background === ==== RFID overview ==== ==== ORCA background ==== ==== ERG group ==== === Stakeholders / Concerns === * Why do we care? * Anonymity == Legal consi...) |
(→Questions) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | == | + | == Outline == |
+ | *Section 1 – Background/History of the ORCA | ||
+ | ** Where are we now, how did we get to be here? | ||
+ | ** Motivations | ||
− | + | *Section 2 – Background of RFID | |
+ | ** Very high level, focus more on transit implications | ||
− | + | *Section 3 - RFID in Transit Systems | |
+ | ** Potential Benefits | ||
+ | ** Oyster, Octopus, Charlie, etc. | ||
+ | ** ERG Group | ||
+ | ** Personnel Cost Savings | ||
+ | ** Maintenance Advantages | ||
+ | ** Financial Benefits | ||
+ | ** Other Benefits (law enforcement, university, city, state, etc) | ||
− | + | * Section 4 - ORCA Details | |
+ | ** ERG Group | ||
+ | ** MiFare DESFire | ||
+ | ** Trip History | ||
+ | ** Data retention | ||
− | + | * Section 5 – Cautionary Anecdotes | |
+ | ** A story says 1,000 images | ||
+ | ** Trust Your Data to People Who Manage Data [Not Trains] | ||
+ | ** Insider Abuse Has Major Risks | ||
+ | ** Holey Matrimony | ||
+ | ** Tracking Customers is Bad Business | ||
− | + | * Section 6 - Stakeholder Analysis | |
− | * Why do we care? | + | ** Why do we care? |
− | * | + | ** Who else should care? |
− | + | * Section 7 – Deployment Considerations | |
− | + | ** Legal/Regulatory | |
− | + | *** Audit trails (DC) | |
− | * What's encrypted? When? How? Where? | + | *** Anonymity in warehousing? |
− | * Who owns the keys? | + | *** Data retention |
− | * Who's writing the encryption code? | + | *** Rights to access? Across orgs? |
− | * Access control? | + | *** Is information that is passed between parties anonymized/aggregated? |
− | + | ** Technical | |
− | + | *** What's encrypted? When? How? Where? | |
− | * | + | *** Who owns the keys? |
− | * | + | *** Who's writing the encryption code? |
− | * | + | *** Access control? |
− | * | + | *** Who makes cards? |
− | * | + | ** Informing the public/media |
+ | * Section 8 - Our Recommendations | ||
== Questions == | == Questions == | ||
* Has ERG group had any kind of compromises? | * Has ERG group had any kind of compromises? | ||
+ | * How is data shared? Is it aggregated or unique records? | ||
+ | * How do the privacy policies extend across organizations? Who owns and who can sell the data (UW? KC Metro?) | ||
== Action Items == | == Action Items == | ||
* contact MIT people (Yaw) | * contact MIT people (Yaw) | ||
* repurpose best practices from RFID clinic | * repurpose best practices from RFID clinic |
Latest revision as of 00:43, 17 April 2007
Outline
- Section 1 – Background/History of the ORCA
- Where are we now, how did we get to be here?
- Motivations
- Section 2 – Background of RFID
- Very high level, focus more on transit implications
- Section 3 - RFID in Transit Systems
- Potential Benefits
- Oyster, Octopus, Charlie, etc.
- ERG Group
- Personnel Cost Savings
- Maintenance Advantages
- Financial Benefits
- Other Benefits (law enforcement, university, city, state, etc)
- Section 4 - ORCA Details
- ERG Group
- MiFare DESFire
- Trip History
- Data retention
- Section 5 – Cautionary Anecdotes
- A story says 1,000 images
- Trust Your Data to People Who Manage Data [Not Trains]
- Insider Abuse Has Major Risks
- Holey Matrimony
- Tracking Customers is Bad Business
- Section 6 - Stakeholder Analysis
- Why do we care?
- Who else should care?
- Section 7 – Deployment Considerations
- Legal/Regulatory
- Audit trails (DC)
- Anonymity in warehousing?
- Data retention
- Rights to access? Across orgs?
- Is information that is passed between parties anonymized/aggregated?
- Technical
- What's encrypted? When? How? Where?
- Who owns the keys?
- Who's writing the encryption code?
- Access control?
- Who makes cards?
- Informing the public/media
- Legal/Regulatory
- Section 8 - Our Recommendations
Questions
- Has ERG group had any kind of compromises?
- How is data shared? Is it aggregated or unique records?
- How do the privacy policies extend across organizations? Who owns and who can sell the data (UW? KC Metro?)
Action Items
- contact MIT people (Yaw)
- repurpose best practices from RFID clinic