Midge wrote:
<<Q1. The unanswered question there though is whether the principle
that all
accesses shall be _reported_ to the data subject is going to be applied?
I've written on it before, clearly it is the accesses when the pateint
is not
present that need reporting, and clearly the reports should be
aggregated to
an annual report or one when accesses reach a page.>>
Agree
<<Surely this is not a duplication of the national ID card the Rt hon
David
Blunkett MP Secretary of State at the Home Office has announced will
solve
all our problems, even those nobody else has noticed?>>
We discussed this. Rather amazingly they have not yet collaborated, but
anticipate easy togetherness later on given their use of industry
standards ( .. Ha ha!)
<<I'd actually prefer the Texas Industries iButton, if we are talking
about form
factors. Built into a ring or pendant it would be less losable, and its
hermetically sealed one point network contact is more durable. but
whatever.>>
Too late mate!
<<I prefer the web of trust, decentralised, accretive, as used in PGP.
But not
very attractive to governments, it appears.>>
Easier to maintain, but the trust gets diluted.
> ... However, for the purpose of identifying the origin of a given
> request, workstations which are used to interface with NCRS will need
> to have software installed which will give them a unique identity.
<<THis is meat!
Q. Will this be open sourced, open algorithms, and/or available for
operating
systems other than microsoft Windows?>>
No idea but I'll ask
<<Q. Has an existing OSS PIDS been adopted, or has a proprietary one
been taken
on, and if the latter, how has lock in been avoided and cost minimised,
and
FFS, why? (You see my pessimism coming in though).>>
No idea but I'll ask
>The IA will be generated automatically without user intervention when
>it is installed and is a hashed function of various hardware
>components. This means that significant hardware upgrades may require
>a reauthorisation process for the new IA (yet more maintenance
>considerations).
<<I don't see the point of that.
is this becuase actually the smart cards are insufficient, or because
despite
having a roaming ID that works for ht ewhole NHS, we are each only to be
allowed to log on from specific places?>>
Another layer of accountability I suppose, supplies the where in who
where when why how what.
Laurie
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.688 / Virus Database: 449 - Release Date: 18/05/2004
|