[Wg-p3] Prep For Privacy Workshop in Washington DC - August 10

Susan Landau Susan.Landau at sun.com
Tue Aug 4 06:32:35 PDT 2009

On 08/04/09 09:20, J. Trent Adams wrote:
> Brett -
> What I find interesting in the list of invited speakers is the dearth of
> official representation from the SAML, PKI, and OAuth camps.  I see RL
> Bob will be there, but from the looks of it he's representing InCommon.
> As someone who has been contacted by the event organizers, do you have
> any insight into why OpenID and InfoCard have center stage?  From my
> initial read of the documents [1][2], I don't see them discussed.  I'm
> wondering why these two technologies are being singled out as part of a
> proposed open trust framework.
> Any ideas?
I believe OpenID is getting center stage because it is greatly beloved 
by the blogging community, some of whom have now moved into positions in 
the White House.  I know this sounds trite, but what you have is a 
transition from a non online WH to an active online community.  But most 
of the lawyers who have moved into cyber-related positions in the WH do 
not come from industry, but from policy areas, and don't fully get the 
technical issues, including the security and privacy aspects raised.
> Brett McDowell wrote:
>> I believe you should all also be subscribed to the community@ list, so
>> apology for the forward.  But I thought this WG might want to
>> deep-dive a bit more than the community@ list will so kicking off a
>> fresh thread.
>> If you look closely at this agenda you'll see I'm on it.  I'd like to
>> as the P3WG for advice for how to position the privacy issues as they
>> relate to the Open Government topic, especially (but not exclusively)
>> in the US.  The context for this event is the US Government evaluating
>> the acceptance of more identity protocols to expand the user-base of
>> eGov applications.  The US Government has been accepting X.509 PKI for
>> awhile now, and SAML 2.0.  Now they are looking on OpenID and
>> Information Cards technology.  There are issues in the background
>> about how does any "credential provider/identity provider" prove they
>> meet the Level of Assurance requirements of the US Government, but
>> that's not the focus of Monday's event.  Monday's event seems to be
>> more focused on the privacy impact of these new technologies (and I
>> think pure PKI and SAML might get re-visited as well).
>> With that... anyone have any comments or suggestions as I prepare my
>> notes for the workshop?
Eve got in touch with me yesterday and I think I will also go.  I will 
be in the audience but I intend to make comments about security and how 
that impacts privacy.  I would suggest that you make remarks about 
extensibility and the need to ensure that adopted solutions are robust 
enough to be extensible.  Make sense?


More information about the Wg-p3 mailing list