Difference between revisions of "ORCA whitepaper"
From PublicWiki
(→Whitepaper) |
|||
Line 1: | Line 1: | ||
− | == | + | == Outline == |
− | + | *Section 1 – Background/History of the ORCA | |
− | + | ** Where are we now, how did we get to be here? | |
+ | ** Motivations | ||
− | + | *Section 2 – Background of RFID | |
+ | ** Very high level, focus more on transit implications | ||
− | + | *Section 3 - RFID in Transit Systems | |
+ | ** Potential Benefits | ||
+ | ** Oyster, Octopus, Charlie, etc. | ||
+ | ** ERG Group | ||
+ | ** Personnel Cost Savings | ||
+ | ** Maintenance Advantages | ||
+ | ** Financial Benefits | ||
+ | ** Other Benefits (law enforcement, university, city, state, etc) | ||
− | + | * Section 4 - ORCA Details | |
+ | ** ERG Group | ||
+ | ** MiFare DESFire | ||
+ | ** Trip History | ||
+ | ** Data retention | ||
− | + | * Section 5 – Cautionary Anecdotes | |
− | * Why do we care? | + | ** A story says 1,000 images |
− | * Anonymity | + | ** Trust Your Data to People Who Manage Data [Not Trains] |
+ | ** Insider Abuse Has Major Risks | ||
+ | ** Holey Matrimony | ||
+ | ** Tracking Customers is Bad Business | ||
+ | |||
+ | * Section 6 - Stakeholder Analysis | ||
+ | ** Why do we care? | ||
+ | ** Who else should care? | ||
+ | |||
+ | * Section 7 – Deployment Considerations | ||
+ | ** Legal/Regulatory | ||
+ | *** Audit trails (DC) | ||
+ | *** Anonymity in warehousing? | ||
+ | *** Data retention | ||
+ | *** Rights to access? Across orgs? | ||
+ | *** Is information that is passed between parties anonymized/aggregated? | ||
+ | ** Technical | ||
+ | *** What's encrypted? When? How? Where? | ||
+ | *** Who owns the keys? | ||
+ | *** Who's writing the encryption code? | ||
+ | *** Access control? | ||
+ | *** Who makes cards? | ||
+ | ** Informing the public/media | ||
+ | * Section 8 - Our Recommendations | ||
== Legal considerations == | == Legal considerations == |
Revision as of 00:34, 17 April 2007
Outline
- Section 1 – Background/History of the ORCA
- Where are we now, how did we get to be here?
- Motivations
- Section 2 – Background of RFID
- Very high level, focus more on transit implications
- Section 3 - RFID in Transit Systems
- Potential Benefits
- Oyster, Octopus, Charlie, etc.
- ERG Group
- Personnel Cost Savings
- Maintenance Advantages
- Financial Benefits
- Other Benefits (law enforcement, university, city, state, etc)
- Section 4 - ORCA Details
- ERG Group
- MiFare DESFire
- Trip History
- Data retention
- Section 5 – Cautionary Anecdotes
- A story says 1,000 images
- Trust Your Data to People Who Manage Data [Not Trains]
- Insider Abuse Has Major Risks
- Holey Matrimony
- Tracking Customers is Bad Business
- Section 6 - Stakeholder Analysis
- Why do we care?
- Who else should care?
- Section 7 – Deployment Considerations
- Legal/Regulatory
- Audit trails (DC)
- Anonymity in warehousing?
- Data retention
- Rights to access? Across orgs?
- Is information that is passed between parties anonymized/aggregated?
- Technical
- What's encrypted? When? How? Where?
- Who owns the keys?
- Who's writing the encryption code?
- Access control?
- Who makes cards?
- Informing the public/media
- Legal/Regulatory
- Section 8 - Our Recommendations
Legal considerations
Technical
- What's encrypted? When? How? Where?
- Who owns the keys?
- Who's writing the encryption code?
- Access control?
- Who makes cards?
Regulatory
- Audit trails (DC)
- Anonymity in warehousing?
- Data retention
- Rights to access? Across orgs?
- Is information that is passed between parties anonymized/aggregated?
Questions
- Has ERG group had any kind of compromises?
Action Items
- contact MIT people (Yaw)
- repurpose best practices from RFID clinic