[WG-P3] [WG-UMA] NSTIC Privacy Workshop

Mark Lizar mark at smartspecies.com
Thu Jun 23 09:50:03 EDT 2011 

Hi Sal,

I am glad this input is helpful.

On 23 Jun 2011, at 13:18, Salvatore D'Agostino wrote:

> With regard to FICAM, the 25 February draft guidance document (aka  
> part B) references privacy considerations and FIPP in 6.3, is your  
> thought that we can build on this as best practice and supporting  
> policy, as you mentioned, or would you want to leverage FICAM or  
> include it in other contexts?  There is the references in this  
> section to the TFPAP and since Kantara is on board, Kantara then  
> also has built in privacy in the Kantara TFPAP process


UMA seems to clearly address many of the FIPP principles in section  
6.3, especially; Individual Participation, Use Limitation,  
Accountabilty and Auditing,   Depending on the context e.g. if it was  
a Personally Controlled Data Store/Credential that is User Managed  
this would also include Data Quality and Integrity.   I think UMA  
could also be implemented to address other principles listed in this  
section.

As for the TFPAP you refer too.  I too this quote From Section 6.3.1

"Adopting the FIPPs to support privacy-protecting ICAM solutions  
requires deliberate effort. One
example of such an effort is the development of the privacy  
requirements of the Trust
Framework Provider Adoption Process (TFPAP), ,which aims to enable the  
Federal Government
to leverage industry-based credentials that citizens already have for  
other purposes. In order for an
external entity to be certified to provide credentials for use by the  
Federal Government, it must
demonstrate compliance with a rigorous set of privacy requirements  
built around the FIPPs. This
topic is discussed in greater detail in Chapter 12"

P3 is currently looking into this process with the intention of  
developing/proposing a Privacy Assessment Criteria to augment FICAM.   
Perhaps it may be worthwhile discussing how UMA would be positioned/ 
assessed as a part of this process once we have had a chance to look  
into this further?

Best Regards,

Mark



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110623/1f50855a/attachment.html

More information about the WG-P3 mailing list