[Wg-p3] Prep For Privacy Workshop in Washington DC - August 10
Susan.Landau at sun.com
Tue Aug 4 06:32:35 PDT 2009
On 08/04/09 09:20, J. Trent Adams wrote:
> Brett -
> What I find interesting in the list of invited speakers is the dearth of
> official representation from the SAML, PKI, and OAuth camps. I see RL
> Bob will be there, but from the looks of it he's representing InCommon.
> As someone who has been contacted by the event organizers, do you have
> any insight into why OpenID and InfoCard have center stage? From my
> initial read of the documents , I don't see them discussed. I'm
> wondering why these two technologies are being singled out as part of a
> proposed open trust framework.
> Any ideas?
I believe OpenID is getting center stage because it is greatly beloved
by the blogging community, some of whom have now moved into positions in
the White House. I know this sounds trite, but what you have is a
transition from a non online WH to an active online community. But most
of the lawyers who have moved into cyber-related positions in the WH do
not come from industry, but from policy areas, and don't fully get the
technical issues, including the security and privacy aspects raised.
> Brett McDowell wrote:
>> I believe you should all also be subscribed to the community@ list, so
>> apology for the forward. But I thought this WG might want to
>> deep-dive a bit more than the community@ list will so kicking off a
>> fresh thread.
>> If you look closely at this agenda you'll see I'm on it. I'd like to
>> as the P3WG for advice for how to position the privacy issues as they
>> relate to the Open Government topic, especially (but not exclusively)
>> in the US. The context for this event is the US Government evaluating
>> the acceptance of more identity protocols to expand the user-base of
>> eGov applications. The US Government has been accepting X.509 PKI for
>> awhile now, and SAML 2.0. Now they are looking on OpenID and
>> Information Cards technology. There are issues in the background
>> about how does any "credential provider/identity provider" prove they
>> meet the Level of Assurance requirements of the US Government, but
>> that's not the focus of Monday's event. Monday's event seems to be
>> more focused on the privacy impact of these new technologies (and I
>> think pure PKI and SAML might get re-visited as well).
>> With that... anyone have any comments or suggestions as I prepare my
>> notes for the workshop?
Eve got in touch with me yesterday and I think I will also go. I will
be in the audience but I intend to make comments about security and how
that impacts privacy. I would suggest that you make remarks about
extensibility and the need to ensure that adopted solutions are robust
enough to be extensible. Make sense?
More information about the Wg-p3