[WG-P3] Comment is here..RE: Privacy Assessment Criteria for the US Federal Privacy Profile

David Simonsen david at wayf.dk
Thu Sep 22 03:07:20 EDT 2011 

Hello Colin,

I believe what you suggest would certainly ease the reading of the document.
Perhaps a figure with accompanying explanation of user/data flows ?

When reading through it, I felt confused - but since I'm from 'over there/here' it's hard to judge:

1) what would be a reasonable level of pre-knowledge to expect of the reader
2) how the various US programs, legislation etc. plays into this document

I also felt something was wrong with my understanding of the data flow but then thought that a misplaced comment may be better than no comment ;)

Regards
David

On Sep 22, 2011, at 4:50 AM, Colin Wallis wrote:

> the comment can only be seen in 'view'mode so have repeated here..
> 
> 4 minutes ago
> Colin Wallis says:
> 
> 
> I haven't finished my comments and in any event, I doubt they will come up to the same quality as those offered so far.
> But I see a trend running through Bob's questions and the answers that I should bring up now..
> An example: About half way through the doc, Bob qualified his comments with law enforcement issues (see 1.5, drafters note 2... 'fraud detection and subpoenas must be accomodated..' 
> If we start mixing legitimate law enforcement, legal interceptione etc with run-of-the-mill citizen access to government services(at least in the normative part) , I think we are really going to confuse folks.
> It seems like we are missing an introduction which sets FICAM's context, and its over-arching use case with some over arching principles/assumptions we agree on...
> Let's indicate an over arching use case as a citizen logging on, and go as far as indicating a typical message flow for this. Why? Because from the comments from Jeff and David, they have a different  view of the message flow, and who is doing what to whom and when.
> Another example: privacy aspects of 'identification' (is this identiity proofing that some EU states call 'initial authentication?) vs authentication (where the identity is confirmed by way of the electronic credential bound to the identity being presented to the IdP and subsequently asserted to the RP.... There we go again. More assumptions about the actors, and their roles (is the actor doing the identity proofing the same actor who knows the electronic credential and 'authenticating' the user with the logon process, before passing the user back to the RP to continue the transaction?. Where does the scope of FICAM begin and end? I don't recall it extending to identity proofing (I would be wrong). so let's not go there (at least for the normative part of the doc)
> Another example: Applicability of the Privacy Act:If I understand the scope of FICAM correctly it is not just a federation of federal agencies. It covers State as well (please correct me if I'm wrong). So let's be explicit up front in the introduction: 'The use case covers joint state/federal federations, so the Privacy Act will not always be applicable (but as far as possible reflective of it)'.
> So what do you think? Will we clear up many of these questions by matching the docs scope directly with FICAM, make that explicit in some introduction text, and only then delve into the criteria?
> Cheers
> Colin
> 
> 
> 
> 
> 
> From: colin_wallis at hotmail.com
> To: wg-p3 at kantarainitiative.org
> Date: Thu, 22 Sep 2011 14:46:31 +1200
> Subject: Re: [WG-P3] Privacy Assessment Criteria for the US Federal Privacy Profile
> 
> +1 from me too.
> 
> I've added a comment on the wiki (the doc on the wiki is 'read only' for me) so you should be able to see it via the P3Wiki link Mark has given below.
> 
> Cheers
> Colin
> 
> From: mark.lizar at gmail.com
> To: david at wayf.dk
> Date: Wed, 21 Sep 2011 11:00:54 +0100
> CC: wg-p3 at kantarainitiative.org
> Subject: Re: [WG-P3] Privacy Assessment Criteria for the US Federal Privacy	Profile
> 
> Thank You David, 
> 
> These comment are now up on the P3Wiki - 
> 
> On 20 Sep 2011, at 20:22, David Simonsen wrote:
> 
> Hello all,
> 
> sitting on the other side of the pond (EU/Denmark) it seems that now could be the right time to build a harmonized (internationally interoperable) view on many of the subjects described in this good document?
> 
> The EU Article 29 working party (consisting of the many national data protection authorities) have recently reached consensus (!) on 'informed consent', described in http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf . Perhaps some of this can be useful?
> 
> WAYF (the federation I mange) has had 'informed consent' operational for all connected services for >2,5 years.
> We have consulted both legal experts and usability gurus (Fraunhofer Institute in Stuttgart, Germany) along the way.These days I'm writing a summery of our experience, which hopefully will be ready to circulate in a few weeks. 
> Would that be of interest to this group?
> 
> I have read the P3WG document and added what came to mind along the way. In the hope that at least some of it may be of help.
> 
> Regards
> David Simonsen
> 
> <RG-Kantara-1-4js-DSI-notes.doc>
> 
> 
> David Simonsen
> Executive manager
> Phone: +45 31216152
> 
> H. C. Andersens Boulevard 2
> DK-1553 København V
> 
> http://blog.wayf.dk
> 
> 
> On Sep 18, 2011, at 4:13 AM, j stollman wrote:
> 
> Bob,
> 
> I reviewed your extremely thoughtful and useful document and incorporated comments and markups in the attached.
> 
> Thank you.
> 
> Jeff
> 
> On Wed, Sep 14, 2011 at 6:22 PM, Mark Lizar <mark.lizar at gmail.com> wrote:
> Thanks Anna & Bob, 
> 
> This is a terrific start to the PAC draft, I look forward to the P3WG comments and discussion. 
> 
> Mark 
> 
> 
> On 13 Sep 2011, at 22:14, Anna Slomovic/Equifax wrote:
> 
> Everyone,
>  
> Attached please find a draft of the Privacy Assessment Criteria for the US Federal Privacy Profile. Here are some explanations for the way the document is structured and color-coded.
>  
> Proposed language is shaded in gray.
>  
> Each set of proposed assessment criteria is followed by Drafter’s Notes, which raise issues and questions that need to be addressed for clarity and usability of the criteria.
>  
> Some of the Notes are shaded yellow; those need to be cross-referenced with IAWG and other Kantara documents. Most of the issues shaded in yellow are definitional, but not all. Some involve capability required in the Privacy Profile but absent in the current set of overall Service Assessment Criteria, like the ability to deliver a separate optional notice from the Relying Party in addition to the CSP’s notice about its own operations.
>  
> The issues that are unshaded will constitute the bulk of P3WG’s work to complete the Privacy Assessment Criteria. These issues form the substance of how the Privacy Profile will be implemented by CSPs and how their privacy practices will be judged. For example, under “Informed Consent,” we need to answer the question about whether notice and consent-related behavior can or should be different at different Levels of Assurance. In another example, the Minimalism requirement in the Profile applies only to the data transmitted to the Relying Party—but should there be any kind of limitation on data collected for identity verification or attribute verification?
>  
> I think you will find the document interesting and thought-provoking. In order to bring this work to conclusion, we will be discussing various topics as part of our P3WG calls. We need someone to serve as a champion and subject-matter expert to document the group’s deliberation, draft proposed language based on the group’s consensus, and then incorporate the changes into a final document. At the same time, Anna T will connect with the editors at IAWG to work through the issues related to the cross-reference between various Kantara documents.
>  
> Please let me and Mark know whether you would like to serve as champion for the Privacy Assessment Criteria going forward. I look forward to our first discussion of the document in about 10 days.
>  
> Thanks.
>  
> Anna
>  
>  
> Anna Slomovic
> Chief Privacy Officer
> Equifax, Inc.
> 1010 N. Glebe Rd.
> Suite 500
> Arlington, VA 22201
>  
> P: 703.888.4620
> M: 703.254.9656
> F: 703.243.7576
> E: Anna.Slomovic at equifax.com
>  
>  
> 
> This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster at equifax.com.
> <RG-Kantara-1-4.doc>_______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
> 
> 
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
> 
> 
> 
> 
> -- 
> Jeff Stollman
> stollman.j at gmail.com
> 1 202.683.8699
> <RG-Kantara-1-4js.doc>_______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
> 
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
> 
> 
> _______________________________________________ WG-P3 mailing list WG-P3 at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/wg-p3
> 
> _______________________________________________ WG-P3 mailing list WG-P3 at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/wg-p3
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110922/e79e1b80/attachment-0001.html

More information about the WG-P3 mailing list