[KI-LC] GDPR and Kantara approach question

mary hodder hodder at gmail.com
Wed Mar 1 09:17:42 CST 2017


Interesting discussion.

Another way to look at this is that Kantara makes things in WGs but once
those things are made, they need a "productizing" phase group, in this case
for the GDPR.

A toolkit is part of it.. it's also about explaining how, what for, why,
whom and when to use things, and to test them through the user's
perspective of implementation and then both adjust them (based upon
learnings from the productization process) and market them in the right
places and with early adopters.

It makes a lot of sense to me that we would have a group that takes all the
WGs stuff .. and frames it, tests it, makes it accessible and focuses on
solving a user's problem (I know the work groups do this now for a certain
percentage of this, but it's the final piece of showing the end user of our
work), putting things together from different WGs to solve a problem the
end user has.

So the first problem set we could address is how to deal with the GDPR with
our tools, and communicate the solutions to end users (folks who need to
implement solutions for GDPR).

Later the group could add more "product areas" as Allan mentioned: privacy
issues generally, US FIPPS and Privacy Shield issues (if that continues to
exist in light of Trump's recent executive order that negated it), etc. We
could chooses the end user cases to solve and then communicate and factor
the "products" to address those needs.

mary


On Wed, Mar 1, 2017 at 6:42 AM, Andrew Hughes <andrewhughes3000 at gmail.com>
wrote:

> This is why I'm testing this team on what, if anything, Kantara needs to
> do to help our members and the community address GDPR.
>
> We know there's a new industry forming up around it - and if we wait until
> implementation time it will be too late & our work products will go
> unnoticed. So my feeling is that now is the time to get organized about
> what Kantara can offer.
>
> andrew.
>
> *Andrew Hughes *CISM CISSP
> Independent Consultant
> *In Turn Information Management Consulting*
>
> o  +1 650.209.7542 <(650)%20209-7542>
> m +1 250.888.9474 <(250)%20888-9474>
> 1249 Palmer Road,
> Victoria, BC V8P 2H8
> AndrewHughes3000 at gmail.com
> ca.linkedin.com/pub/andrew-hughes/a/58/682/
> *Identity Management | IT Governance | Information Security *
>
> On Wed, Mar 1, 2017 at 6:36 AM, John Wunderlich <john at wunderlich.ca>
> wrote:
>
>> Thanks Allan, for voicing what was in the back of my mind as well. The
>> GDPR - since it's not implemented yet - serves as kind of a Rorshach test.
>> You take away from it what you bring to it. It's a big piece of legislation
>> with many potential impacts. But it seems to me that as people start to
>> grapple with the GDPR in terms of real world prospects  &  problems (to
>> your point about specific work products) or prospect new work group ideas
>> will emerge or existing work groups will need to factor this into their
>> roadmaps. Otherwise we might hare madly off in all directions.
>>
>> For example, one question I have is whether an identity federation
>> qualifies as 'profiling' under the GDPR. If so are all the participants in
>> a federation controllers per GDPR with obligations to individuals? Might to
>> something for OTTO to look at...or not.
>>
>> JW
>>
>>
>>
>> John Wunderlich, BA, MBA
>>
>> IAPP Fellow of Information Privacy
>> CISA, CIPM, CIPP/C, PbD Ambassador
>> @PrivacyCDN <https://twitter.com/PrivacyCDN> & Privacist
>>
>> On 1 March 2017 at 04:04, Allan Foster <allan.foster at forgerock.com>
>> wrote:
>>
>>> So in theory,  I am kinda agnostic about the WG.  however,  this brings
>>> up an interesting chicken and egg issue.
>>>
>>> Surely we should be looking at specific work products that we should
>>> work on,  and then try and find them a home?  I have a gut feeling that
>>> much of GDPR is going to find homes in several of our workgroups.  For
>>> example  privacy,  and consent receipts already are being addressed....
>>> Federation Interop might actually have some valid input as well...
>>>
>>>
>>> I suggest we work on what work items we want to do,  and THEN find them
>>> a home?
>>>
>>> Allan
>>>
>>>
>>> On 2/28/17 4:30 PM, Colin Wallis wrote:
>>>
>>> Good discussion.
>>>
>>> I like the cadence (Jeeez I'm starting to hate that term) of toolkits
>>> because UMA has used that approach successfully, and leveraging successful
>>> things typically results in more success.
>>>
>>> I would have thought a time-bound DG is appropriate, else you risk
>>> breaking your own rules Mr Hughes..:-).
>>>
>>> Cheers
>>>
>>> On Tue, Feb 28, 2017 at 11:53 PM, Andrew Hughes <
>>> andrewhughes3000 at gmail.com> wrote:
>>>
>>>> OK - that would be interesting
>>>>
>>>> I'm also wondering if any of our members are doing work related to GDPR
>>>> and could use some Kantara tools to help - sample text, some of the lists
>>>> and categories coming soon from consent receipt, hmmmm...
>>>>
>>>> On Tue, Feb 28, 2017 at 3:49 PM Salvatore D'Agostino <
>>>> sal at idmachines.com> wrote:
>>>>
>>>>> So how about a contribution from each of the DGs, WGs on a single
>>>>> aspect of their effort for sharing in a toolkit.  I we need to have the
>>>>> groups contribute and be directly involved or you cross wires.  Challenge
>>>>> is bandwidth per usual.
>>>>>
>>>>>
>>>>>
>>>>> So for IRM it might be a GDPR use case as a way to exercise a
>>>>> relationship manager effort in the next phase of work.
>>>>>
>>>>>
>>>>>
>>>>> *From:* lc-bounces at kantarainitiative.org [mailto:
>>>>> lc-bounces at kantarainitiative.org] *On Behalf Of *Andrew Hughes
>>>>> *Sent:* Tuesday, February 28, 2017 6:15 PM
>>>>> *To:* Mark OCG <m.lizar at openconsentgroup.com>
>>>>> *Cc:* Julian Ranger <julian at digi.me>; Robin Wilton <wilton at isoc.org>;
>>>>> Kantara Leadership Council < <lc at kantarainitiative.org>
>>>>> lc at kantarainitiative.org>
>>>>> *Subject:* Re: [KI-LC] GDPR and Kantara approach question
>>>>>
>>>>>
>>>>>
>>>>> Hi mark - yes it is vague - I'm looking for opinions.
>>>>>
>>>>> The only thing behind this is that I was wondering if there
>>>>> could/should be a "Kantara GDPR Toolkit"
>>>>>
>>>>> Because I keep hearing that there is great demand for assistance and
>>>>> I'm wondering it Kantara can do something useful for the community.
>>>>>
>>>>> Andrew.
>>>>>
>>>>> On Tue, Feb 28, 2017 at 2:56 PM Mark OCG <
>>>>> <m.lizar at openconsentgroup.com>m.lizar at openconsentgroup.com> wrote:
>>>>>
>>>>> Hi Andrew,
>>>>>
>>>>>
>>>>>
>>>>> This is all bit vague. Not clear from what perspective Kantara should
>>>>> be inclined to ‘do something’ for the GDPR.
>>>>>
>>>>>
>>>>>
>>>>> As you may or may not be aware Data Protection and Data Control
>>>>> mitigate each other in terms of risk and liability.  GDPR is fundamentally
>>>>> about data protection. Standards address risk and liability in different
>>>>> ways.
>>>>>
>>>>>
>>>>>
>>>>> It is conceivable that Kantara could have a program that spans this
>>>>> space - but not sure if a GDPR centric approach would achieve such a
>>>>> result.   Perhaps evaluating how Kantara efforts relate to GDPR might be
>>>>> fruitful?  A little survey perhaps?
>>>>>
>>>>>
>>>>>
>>>>> Is there a deeper insight/motivation missing from this email ?
>>>>>
>>>>>
>>>>>
>>>>> *Mark Lizar*
>>>>>
>>>>> CEO Open Consent Group
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 28 Feb 2017, at 21:53, Andrew Hughes < <andrewhughes3000 at gmail.com>
>>>>> andrewhughes3000 at gmail.com> wrote:
>>>>>
>>>>>
>>>>>
>>>>> I'm not sure if we need a DG or not - there are some very specific
>>>>> things about GDPR (and lots of analysis everywhere)
>>>>>
>>>>> I'm also hoping that this will bring new faces to the table.
>>>>>
>>>>> On Tue, Feb 28, 2017 at 1:52 PM Ken Dagg < <kendaggtbs at gmail.com>
>>>>> kendaggtbs at gmail.com> wrote:
>>>>>
>>>>> As much as I don't want to spread Kantara's thin participative
>>>>> resources thinner I think that your suggestion of a new WG makes sense. A
>>>>> new WG would enable a keen focus on GDPR without the distraction of what
>>>>> the other WG's are attempting to achieve. Does it make sense to start with
>>>>> a DG to identify what things need to be done and in what order or is that
>>>>> the first task of the WG?
>>>>>
>>>>>
>>>>>
>>>>> Ken
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Feb 28, 2017 at 4:14 PM Andrew Hughes <
>>>>> <andrewhughes3000 at gmail.com>andrewhughes3000 at gmail.com> wrote:
>>>>>
>>>>> Hi LC and (some) Board of Directors...
>>>>>
>>>>>
>>>>>
>>>>> I've been wrestling with how Kantara would best serve the community
>>>>> with respect to GDPR.
>>>>>
>>>>>
>>>>>
>>>>> Many of the WGs have work products and knowledge that is relevant to
>>>>> GDPR topics. But whenever I try to think about what it would mean to ask
>>>>> for GDPR-specific work inside any particular WG I hit mental roadblocks.
>>>>>
>>>>>
>>>>>
>>>>> So, how does this different approach sound to you all:
>>>>>
>>>>>
>>>>>
>>>>> Start a WG whose goal is to build a 'Kantara GDPR Toolkit' comprised
>>>>> of guidance, profiles of selected standards, pointers to useful analysis
>>>>> reports (inside and outside of Kantara), and other technical or
>>>>> recommendation stuff.
>>>>>
>>>>>
>>>>>
>>>>> It would help ease the tension between addressing the near term
>>>>> demands to 'do something' for GDPR and help to harness the bits and pieces
>>>>> of work inside and near Kantara. It would possibly avoid distracting the
>>>>> WGs from their main work products that are for the longer term.
>>>>>
>>>>>
>>>>>
>>>>> Looking for opinions and alternative views on this please
>>>>>
>>>>>
>>>>>
>>>>> andrew.
>>>>>
>>>>> _______________________________________________
>>>>> LC mailing list
>>>>> <LC at kantarainitiative.org>LC at kantarainitiative.org
>>>>> <http://kantarainitiative.org/mailman/listinfo/lc>
>>>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>>>
>>>>> --
>>>>>
>>>>> Kenneth Dagg Independent Consultant Identification and Authentication
>>>>> 613-825-2091 <%28613%29%20825-2091>kendaggtbs at gmail.com
>>>>>
>>>>> --
>>>>>
>>>>> *Andrew Hughes *CISM CISSP
>>>>> Independent Consultant
>>>>> *In Turn Information Management Consulting*
>>>>>
>>>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>>>> 1249 Palmer Road,
>>>>> Victoria, BC V8P 2H8
>>>>> AndrewHughes3000 at gmail.com
>>>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>>>> *Identity Management | IT Governance | Information Security *
>>>>>
>>>>> _______________________________________________
>>>>> LC mailing list
>>>>> LC at kantarainitiative.org
>>>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Andrew Hughes *CISM CISSP
>>>>> Independent Consultant
>>>>> *In Turn Information Management Consulting*
>>>>>
>>>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>>>> 1249 Palmer Road,
>>>>> Victoria, BC V8P 2H8
>>>>> <AndrewHughes3000 at gmail.com>AndrewHughes3000 at gmail.com
>>>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>>>> *Identity Management | IT Governance | Information Security *
>>>>>
>>>> --
>>>>
>>>> *Andrew Hughes *CISM CISSP
>>>> Independent Consultant
>>>> *In Turn Information Management Consulting*
>>>>
>>>> o  +1 650.209.7542 <%28650%29%20209-7542>
>>>> m +1 250.888.9474 <%28250%29%20888-9474>
>>>> 1249 Palmer Road,
>>>> Victoria, BC V8P 2H8
>>>> AndrewHughes3000 at gmail.com
>>>> ca.linkedin.com/pub/andrew-hughes/a/58/682/
>>>> *Identity Management | IT Governance | Information Security *
>>>>
>>>> _______________________________________________
>>>> LC mailing list
>>>> LC at kantarainitiative.org
>>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>>
>>>>
>>>
>>>
>>> --
>>> Executive Director
>>> Kantara Initiative Inc. <https://kantarainitiative.org/>
>>> Cell: +44 (0)7490 266 778 <+44%207490%20266778>
>>>
>>>
>>>
>>> _______________________________________________
>>> LC mailing listLC at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/lc
>>>
>>>
>>> --
>>> Simplify Email: Email Charter <http://emailcharter.org/>
>>>
>>> [image: ForgeRock Logo] *Allan  Foster - Forge Rock *
>>> *Vice President Global Partner Enablement*
>>> *Location:* Vancouver, WA, US
>>> *p:* +1.360.229.7102 <(360)%20229-7102>
>>> *email:* <allan.foster at forgerock.com>allan.foster at forgerock.com
>>> *www:* www.forgerock.com
>>> *www:* www.forgerock.org
>>> *blogs:* blogs.forgerock.com/GuruAllan
>>>
>>> _______________________________________________
>>> LC mailing list
>>> LC at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/lc
>>>
>>>
>>
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. If you have received this email in error please notify the
>> system manager. This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee
>> you should not disseminate, distribute or copy this e-mail. Please notify
>> the sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system. If you are not the
>> intended recipient you are notified that disclosing, copying, distributing
>> or taking any action in reliance on the contents of this information is
>> strictly prohibited.
>>
>
>
> _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20170301/735bd94f/attachment-0001.html>


More information about the LC mailing list