Basic and important internet principles that we have seen getting increasingly ignored
That's a nicer approach Engberg (that security approach is just not going to work because this is the wrong forum. We'll see if we can get a few unbiased techs in the daa involved after this week's talk fest. BTW, yu might like some of the discussions here. https://tnc2012.terena.org/web/media/archive/4A).
At least we're starting to see the DC (info team) begin to attempt some interactive stuff with in this daa.ec.europa.eu domain. We'll SEE how well they put together the broadcasting of the local event with the feedback from a global listening audience, and grow the consultation into the required specialist areas of inquiry (like security).
I'd like to say I'd meet you at the conference, but after receiving an invitation, it was passed onto to AMEX to action my transport, and like all things EC, it "fell between the cracks". Every failure is an opportunity to learn something, so there's another lesson for the info team = someone has to "own the customer", or give them the security access into a network so they can make their own arrangements. Have fun.
Absolute - send me a note on the event
I disagree that this is the "wrong forum".
People dealing with economics better begin to deal with and get security right, because otherwise security is controlling economics, deliberate or not.
Security is were distribution of power, flexibilility, interoperability and isolation against the endless list of threats and active attacks are determined and mostly in ways that damage the economics.
E.g. SIM is controlling the entire mobile value chain - because we allowed telco operators to be in control of mobile users through bad standardisation. We now see how e.g. Apple use the same to create a full lock-in to their platform taking control and ownership of transactions using their mobile devices as trojan horses.
Making technology flexible and able to customise to context is hard in itself. Making scalable and inclusive interoperable security that are both isolating and empowering is by far our biggest challange not only in ICT, but in Economics as such.
E.g. the EU IP Project HYDRA making opensource middleware for ambient interoperabilty is a great example of how you can overcome many of the problems of re-empowering endpoints without trusted parties taking control - it is not full production status, but getting closer.
I have earlier looked into some of the talks. There was a nice openness focussing on problems. Solution thinking seemed to be suffering from the assumption that there are shared interests between serviecs and endusers and that services could be trusted.
In the realworld this is - in my view - the wrong approach to security as it makes you both create unmanageable security risks and unblanced economic constructs where e.g. consumers and corporate providers are reduced to products of intermediating services.
OK, That's better,
I'm only saying this is the wrong forum because in the EC world, there's little attempt to bring the silotic conversations together. So maybe I should give the INFO team the benefit, and hope this daa approach might be the beginnings of a more inclusive approach to addressing challenges. The one I pointed you at - the annual terena meeting - is primarily one that brngs the NRENs together. So it has no economic discussions; technical only.
So far as the security issues are concerned, I think you're right. Economic decisions will eventually be THE (decision) maker. I was watching a conference presentation last week in Australia, by a prof from Portugal, about how, now that many Euro sovereigns are broke, we might see some innovation.
Now that you're pointing at concrete examples like SIM cards and Apple, as examples of "the gatekeepers", there's a chance you'll make yourself understood to the non techs around here. So that's
good. The thing i never see in the EC funded projects, like Hydra/Linksmart, is that with all the good intentions, we never get to the point of having a demonstrator/proof-of concept, which helps the average person "get it". http://www.hydramiddleware.eu/news.php
You know I agree with your primary mental model of empowering users. So does the average citizen. It always appears "top of the pops". e.g. https://dae.uservoice.com/forums/162839-public-innovation-in-the-digital... (you get around) But from the ideal to delivery takes a project which illustrates to the average person just how that may happen.
Can you point at (just) one or scope one which yu see as having legs?
Re: This year's daa Conference. If habits remain true to form, the organisers will sigh with relief and start on the next; leaving the convergence of broadcast (from the conference) and interactive - this embryonic social space - in it's stillborn condition. Still, they, like so many others, are at least trying to bring the two together.
We are very much in line here - agree to all your points.
As to EU project, my concern is more that despite nice and lots of words, they move to implement non-solutions. Often because many partners simply cannot agree on anything relevant except working on their own agenda.
HYDRA is one project with true potential thinking so far ahead that it realised the problems generated by IPv6.
Sourcecode is released - for those that can use it - as said, i want to upgrade the implemented security model to XACML2 (which havent been defined as a standard yet ;-)
I tried to make a simple Proof-of-concept scenario described here as the specific example based on a closed-loop structure of a foreign service agent entering your home while your are away.
Handling generic identity is much more demanding. You want to hide the complexity while ensuring you dont have to trust the middleware - which was the exact goal of HYDRA achieveable with just a bit more maturing.
Personally I am and have been involved in lots of projects. But it is hard to overcome bad regulation and bad infrastructure. E.g. this - still state-of-the-art - on RFID is super operational and implemented in production technology
See this on cloud