[WG-P3] AD-HOC P3 call Oct 14? RSVPs? (was) Re: Liaisons with KI WG's
Anna Slomovic
aslomovic at anakam.com
Fri Oct 8 11:50:47 EDT 2010
I am seriously interested. Would prefer if the call could be moved an hour either direction because I have another call already scheduled for 11 EDT.
Anna Slomovic
Chief Privacy Officer
Anakam, an Equifax company
1010 N. Glebe Rd.
Suite 500
Arlington, VA 22201
P: 703.888.4620
F: 703.243.7576
From: jonibrennan at gmail.com [mailto:jonibrennan at gmail.com] On Behalf Of Joni Brennan
Sent: Friday, October 08, 2010 11:51 AM
To: Anna Slomovic
Cc: Mark Lizar; Kantara P3WG; Anna Ticktin
Subject: AD-HOC P3 call Oct 14? RSVPs? (was) Re: [WG-P3] Liaisons with KI WG's
My thought was to schedule an ad-hoc P3 WG for P3 members who have serious interest in the focus we're discussing. Also depending on who is available. So the proposal is
Ad-Hoc call
Thursday Oct 14 8am PDT / 11am EDT / 5pm CEST (CEST please double check my conversion)
Topic: P3WG Focus, Trust Frameworks, Privacy Framework
Duration: 60 mins
I will lead the call. I think if we can get 3-4 others to confirm their attendance we have critical mass to move forward.
Who can attend?
Who is seriously interested but not available?
Thanks - Joni
On Fri, Oct 8, 2010 at 8:41 AM, Anna Slomovic <aslomovic at anakam.com<mailto:aslomovic at anakam.com>> wrote:
Joni,
I think you make good points, which I will address in a separate mail. Unfortunately, I cannot attend the Paris call on the 20th unless it's in the middle of the night. The American Bar Association Federated Identity Task Force is having a face-to-face meeting in Washington on that day, and it's important for me to participate. They are working through issues such as a legal obligations of various participants in a digital credential system, liability framework for relying on digital credentials, limitations on collection and use of certain types of data (such as biometrics), etc. The ABA effort is also international in scope. Unfortunately, I can participate only in the first day of a two-day face-to-face meeting because I have another commitment on Friday. As a result, I need to focus on the ABA work on Thursday, the 20th.
I would be happy to participate in a P3WG meeting next Thursday, the 14th, but need to know ahead of time so I can reschedule another meeting on my calendar at the usual time (11 AM Eastern). I think we do need to work through the issues around integration between privacy and IAF, and I would like to be involved in the effort.
Anna
Anna Slomovic
Chief Privacy Officer
Anakam, an Equifax company
1010 N. Glebe Rd.
Suite 500
Arlington, VA 22201
P: 703.888.4620
F: 703.243.7576
From: jonibrennan at gmail.com<mailto:jonibrennan at gmail.com> [mailto:jonibrennan at gmail.com<mailto:jonibrennan at gmail.com>] On Behalf Of Joni Brennan
Sent: Friday, October 08, 2010 11:23 AM
To: Anna Slomovic
Cc: Mark Lizar; Kantara P3WG; Anna Ticktin
Subject: Re: [WG-P3] Liaisons with KI WG's
Thanks All for this line of discussion. I will be in Paris and believe I'm not needed with the BoT during the P3 Session. I plan to work directly with those in attendance to discuss focus of the P3WG. I had also wanted to attend the call yesterday but could not as I was presenting on a BrightTalk Panel on AuthN.
I agree that it's integral to understand the focus of the P3WG with special regard to the Identity Assurance Framework. Anna is spot on regarding the linking of the Privacy Framework to the IAF. I don't see that linking as 1-1 though. Meaning - I don't see Privacy as needing to map directly to Levels of Assurance. Rather, a Privacy Framework is a basis which can be profiled as necessary to sit in the venn of a Trust Framework. A Trust Framework has 3 components - Policy, Privacy, Protocol. IAF covers all aspects of Policy and we're already planning in IAWG to build pathways to foster its profiling. We do have the US Federal Privacy Profile which are the US Gov Privacy requirements that link with IAF to fulfill the ICAM Program needs. With those 2 components Protocol piece is simply laid in to complete the Trust Framework.
However, we can not assume that the US Privacy Profile will suite all jurisdictions and all verticals. Rather this profile is specifically for assessment and certification to align with US Gov procurement 'ready' requirements. So as we have a framework for Policy (the IAF) we need similar for Privacy. The Privacy Framework is a start but not the complete picture.
That said the P3 WG is not set to meet again until Paris. But I know all active P3 members won't be able to attend. May I suggest we convene a special meeting at the regular time on Thursday next week for the sole purpose of discussing the Privacy Framework, the Trust Framework model and the development of a plan of action to build Privacy not directly on to the IAF but as a equal component of certification?
Who of the P3 Members is willing/able to attend? I would be happy to lead the discussion.
Thanks - Joni
On Fri, Oct 8, 2010 at 6:48 AM, Anna Slomovic <aslomovic at anakam.com<mailto:aslomovic at anakam.com>> wrote:
Mark,
As I read you note, I realized that it is not clear to me what P3WG is about. Is it a group that builds privacy into all Kantara efforts, trust framework, etc., or is it basically a marketing group directed toward the privacy community? I am one of the "boots on the ground" privacy people, although I have a PhD in Public Policy and have done policy work for governments and private sector organizations in the US and Europe. I want to make sure that if someone builds a system that is certified by Kantara, this system will include privacy protections. My biggest concern with annual briefings and analyses done in isolation from other groups is that P3WG will either have no impact on what is being created and made available to companies that will be asking for Kantara certification or that the annual review will raise issues at a much later stage in the development cycle than would be useful.
I think P3 needs to have greater involvement with the development of the Kantara identity assurance framework, both to influence that work and to align Kantara's public policy positions with what is actually being built. I thought the Privacy Framework was a good start, but it cannot stand alone. It needs to become part of the identity assurance framework and part of the certification requirements for a Kantara certification.
Anna
Anna Slomovic
Chief Privacy Officer
Anakam, an Equifax company
1010 N. Glebe Rd.
Suite 500
Arlington, VA 22201
P: 703.888.4620
F: 703.243.7576
-----Original Message-----
From: wg-p3-bounces at kantarainitiative.org<mailto:wg-p3-bounces at kantarainitiative.org> [mailto:wg-p3-bounces at kantarainitiative.org<mailto:wg-p3-bounces at kantarainitiative.org>] On Behalf Of Mark Lizar
Sent: Friday, October 08, 2010 8:33 AM
To: Kantara P3WG
Cc: Anna Ticktin
Subject: [WG-P3] Liaisons with KI WG's
As liaising with other WG is a charter item of the P3 this issue has
been brought up numerous times. From what I have gathered the P3 WG
has a focus that is less about analysing the privacy impact of various
WG's, but more in understanding, advertising, and developing privacy
and public policy around existing KI efforts.
In the last meeting we discussed various approaches to liaising with
other WG's these included:
- Having WG present to the P3
- Having P3 members regularly attend other WG's
- Auditing other WG's privacy impact
It was mentioned in the previous WG call that we need a more formal
process and approach to liaising with other WG's. It was also
mentioned that we are invited to presentations which currently are
arranged with the LC and that Trent would present a consolidated
approach to the LC for P3 if we were to present one.
One approach may be to provide/develop a yearly KI WG privacy and
public policy impact survey that we could consolidate and cross
reference. As a multi-stakeholder approach to Public Policy is a
cornerstone work item that has been delivered to the P3 in the form of
the Rossetta Stone document by Robin Wilton, that we evolve this work,
and strive for a multi-stakeholder approach in KI privacy and public
policy.
I propose that we add to this list the option of asking (through the
Leadership council) working groups to provide the P3 with privacy
impact of their technologies and with the support of Kantara staff we
as P3 discuss the impact of these in Kantara and in the P3 work
group. Putting us in a position where we some analysis can be
conducted of how various KI efforts work together for the purposes of
Privacy and Public Policy.
Perhaps we could combine the three suggestions above, by asking WG to
deliver a finished Survey, have P3 members regularly attend other
WG's, and on occasion ask other WG's to present their efforts and
discuss the impact WG's are having on Privacy and Public Policy in
Identity Management?
I suggest that we discuss this further at the Paris F2F and further
evolve our approach. Perhaps with a discussion of a budget allocation
of $2000, to deliver a survey and produce a report. (depending on the
scope of the effort). An addition idea would be to ask for a small
budget or KI staff time to help lead a Kantara wide discussion of
Public Privacy Policy, with an aim to produce policy that Public
Policy (through a multi-stake holder approach) that Kantara as a whole
can support. This could be supplemented by regular announcements to
our list (by Kantara Staff) when WG's are presenting their work to the
LC.
Best Regards,
Mark Lizar
_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org<mailto:WG-P3 at kantarainitiative.org>
http://kantarainitiative.org/mailman/listinfo/wg-p3
_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org<mailto:WG-P3 at kantarainitiative.org>
http://kantarainitiative.org/mailman/listinfo/wg-p3
--
Joni Brennan
IEEE-ISTO
Kantara Initiative | Managing Director
voice:+1 732-226-4223
email: joni @ ieee-isto.org<http://ieee-isto.org>
gtalk: jonibrennan
skype: upon request
Join the conversation on the community@ list -
http://kantarainitiative.org/mailman/listinfo/community
--
Joni Brennan
IEEE-ISTO
Kantara Initiative | Managing Director
voice:+1 732-226-4223
email: joni @ ieee-isto.org<http://ieee-isto.org>
gtalk: jonibrennan
skype: upon request
Join the conversation on the community@ list -
http://kantarainitiative.org/mailman/listinfo/community
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20101008/af7aac74/attachment-0001.html
More information about the WG-P3
mailing list