[WG-P3] [WG-UMA] NSTIC Privacy Workshop

Rich Furr rfurr at safe-biopharma.org
Thu Jun 23 10:45:39 EDT 2011 

I wil also be there but only Tuesday

Rich Furr
Head, Global Regulatory Affairs, Policy & Compliance
Office 980-236-7576
Cell: 704-575-1680



From: Salvatore D'Agostino <sal at idmachines.com<mailto:sal at idmachines.com>>
Date: Thu, 23 Jun 2011 07:43:53 -0400
To: 'Mark Lizar' <mark at smartspecies.com<mailto:mark at smartspecies.com>>, 'Kantara P3WG' <wg-p3 at kantarainitiative.org<mailto:wg-p3 at kantarainitiative.org>>
Cc: 'WG UMA' <wg-uma at kantarainitiative.org<mailto:wg-uma at kantarainitiative.org>>, "dg-nstic at kantarainitiative.org<mailto:dg-nstic at kantarainitiative.org>" <dg-nstic at kantarainitiative.org<mailto:dg-nstic at kantarainitiative.org>>
Subject: Re: [WG-P3] [WG-UMA] NSTIC Privacy Workshop

Mark,

I will be there and would be happy to contribute, while not an active member of p3, I am a member of UMA and believe that user control and UMA’s ability to enable this has the does enable the first guiding principle of NSTIC ”privacy enhancing and voluntary”.  I am close to the FICAM process and ICAM is part of our practice and as extend this to the enterprise as well as the Fed, state and local infrastructures.  Let me know.

So here is pass.  I would go further in the statement below saying that UMA by making user control a tenet of the design does (as opposed to may) build privacy in through allowing individuals to protect personal information and resources and control access to these resources by requesters.  UMA’s use of an authorization manager to establish the policy and manner in which individual attributes and information are handled as protected resources, as opposed to generally available information, in cyberspace.  There is an UMA call today.  Perhaps the group could draft/comment on this statement and take up your good idea.

Regards,

Sal

From: wg-uma-bounces at kantarainitiative.org<mailto:wg-uma-bounces at kantarainitiative.org> [mailto:wg-uma-bounces at kantarainitiative.org] On Behalf Of Mark Lizar
Sent: Thursday, June 23, 2011 6:17 AM
To: Kantara P3WG
Cc: WG UMA; dg-nstic at kantarainitiative.org<mailto:dg-nstic at kantarainitiative.org>
Subject: [WG-UMA] NSTIC Privacy Workshop


Hello All,

A reminder that there is a NSTIC Privacy Workshop on Monday.  To this end I am wondering if P3/NSTIC-DG members would like to submit a paper or statement to this workshop?

I believe that there are two P3 members that will be attending who may be able to deliver this input personally. I realise that this is very short notice to organise input, but if members are interested in submitting I would be happy to edit and contribute to this input on behalf of P3.    We mentioned last week that we are not going to have a call to organise input today.  Instead there is a NSTIC-DG call tomorrow where input can be collated and discussed.

Workshop Information

Start Date: Monday, June 27, 2011
End Date: Tuesday, June 28, 2011

Purpose:

(1) Objectives<http://www.nist.gov/itl/upload/objectives_nstic-privacy-workshop.pdf> of Privacy Workshop
This workshop will discuss the privacy-enhancing objectives of the National Strategy for Trusted Identities in Cyberspace (NSTIC) and how to effectively implement them in the Identity Ecosystem Framework, including issues involved with overcoming the challenges of establishing user-centric privacy protections. The goal of this workshop is to provide a venue for discussion about developing workable policies, practices and guidelines for privacy protections as well as effective means of implementing these protection

Existing Input

Some Privacy related input from last week's call may be a good place to start.   Here is some salient points that were made in regards to Privacy.

 *   How is privacy going to be represented on the steering committee?
 *   How will privacy decisions be made by the steering committee?
 *   Kantara has a good model of governance to draw upon for response,
 *   A Kantara response may include representing international standards in privacy.  Suggestions were made that  the steering committee will need to represent standards community according to particular areas of governance.  Assessment criteria and process will be needed for each of these areas.  FICAM being one of them.
In addition, last week we discussed how education was a critical part to understanding privacy in the context of NSTIC.  Education in this respect may be a critical point of discussion at the workshop.  In this regard, contextual understanding of the use of identity in a national strategy may also be very valuable for understanding the international aspects of privacy the NSTIC strategy may need to include.

(Maybe something along the lines of)
Increased control of identity for individuals (an NSTIC objective) reduces the sharing and exposure of data and in this way fundamentally provides increased privacy protection.   Although,  once personal information is shared, the need for privacy transcends national borders and privacy protections will need to be considered in this context.   Emerging protocols like UMA may also present a privacy by design approach for NSTIC that is worth noting as a way to address some of these challenges.

In this regard, I urge members who are interested in contributing to this workshop to provide additional input/discussion in this thread in order to develop a draft input for the NSTIC-DG tomorrow.

Best Regards,

Mark Lizar
P3 Secretary





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110623/e82ec33e/attachment.html

More information about the WG-P3 mailing list