Submitted by: Abhishek Kumar --------------------------------- Bio *my latest security focussed FOSS project is a secret sharing service where even admin don't have access to secret - https://abhishekkr.github.io/dory/index Background: I'm no expert, just love to explore all domains of technology and try use(,create and improve) solutions. I'm technologist with opensource projects across domains like infra automation, cloud services, security, web services, servers and analytics. Try contribute to other FOSS as well. Started profession as PenTester currently into Systems Automation. In current organization working on internal and opensource projects around infra automation, SSO, cloud services, etc. Ideas: Either security or any service, lately I've been more biased for decentralized solutions. Centralized mammoths like DNS/DNSSEC or SSL Root CAs have failed trust in regulation and become a center point of failure for security and service. Something decentralized also allows bounding certain data in trusted node circles and a more democratized (plus peer reviewed) evolution. Identites: https://twitter.com/abionic https://about.me/abionic WebResources: * most of my FOSS attempts are available at - https://github.com/abhishekkr --------------------------------- Your goals To focus on what vulnerability vectors are possible in coming time with new and improved computing and data analytics. As to secure, it is important to understand the threat. To try understand what W3C and other linked people have planned to cater it. Discuss and come up with possible solutions and practices to allow paranoid people like me have trust in web services. To also try discuss strategies around nations themselves not respecting their citizen's privacy. --------------------------------- Workshop Goals * Preparing a list of all threat vectors to be focussed on during workshop, then tackling on their mitigation strategy one by one. * Also focus on strategy so convenient that majority of non-technical (,unaware and uninterested) users get benefit of it as well. --------------------------------- Your interests Please select the rank-order (1 to 10) for the options you think are acceptable (i.e. you can live with it), where 1 is the most preferred, 2 the next best and so on... * Vocabularies to model privacy policies, regulations, and involved (business) processes: [ Don’t mind ] * Identity management vocabularies: [ Don’t mind ] * Modeling personal data usage, processing, sharing, and tracking: [ Ranked 1 ] * Interlinking aspects of privacy and provenance: [ Don’t mind ] * Modeling consent and making it transportable: [ Ranked 5 ] * New ways to put the user in control benefiting from semantic interoperability of policy information: [ Don’t mind ] * Modeling permissions, obligations, and their scope: [ Ranked 3 ] * Reasoning about formally declared privacy policies: [ Ranked 4 ] * Exploring links and synergies using Linked Data vocabularies in the context of related efforts: [ Don’t mind ] * Visualizations of data and policy information to help data self determination: [ Ranked 2 ] --------------------------------- Other Thoughts I'm very interested in technology behind cryptocurrencies. Not just calling it blockchain because 3rd gen currencies like MIOTA is based on Tangle (a DAG model). Currencies are just to get these tech hyped... they have a lot more potential in almost every domain for trust and decentralization. I think given censorship issues and malicious attacks due to implicit flaws in protocol implementation at technical (like old plain dns) or people (like compromised Root CAs) level... it's high time to start strengthening and moving web services towards a ground up trust based decentralized web service ecosystem.