[Wg-p3] Prep For Privacy Workshop in Washington DC - August 10

J. Trent Adams jtrentadams at gmail.com
Tue Aug 4 06:47:51 PDT 2009


Susan -

[comments in-line]

Susan Landau wrote:
> On 08/04/09 09:20, J. Trent Adams wrote:
>> Brett -
>>
>> What I find interesting in the list of invited speakers is the dearth of
>> official representation from the SAML, PKI, and OAuth camps.  I see RL
>> Bob will be there, but from the looks of it he's representing InCommon.
>>
>> As someone who has been contacted by the event organizers, do you have
>> any insight into why OpenID and InfoCard have center stage?  From my
>> initial read of the documents [1][2], I don't see them discussed.  I'm
>> wondering why these two technologies are being singled out as part of a
>> proposed open trust framework.
>>
>> Any ideas?
>>
>>   
> I believe OpenID is getting center stage because it is greatly beloved
> by the blogging community, some of whom have now moved into positions
> in the White House.  I know this sounds trite, but what you have is a
> transition from a non online WH to an active online community.  But
> most of the lawyers who have moved into cyber-related positions in the
> WH do not come from industry, but from policy areas, and don't fully
> get the technical issues, including the security and privacy aspects
> raised.

If true, this is a troubling situation for our policy-makers.  I applaud
their movement as being in a generally positive direction, however I'm
concerned about the presumption of details.  Specifically, I'm troubled
by a full sprint toward something that could begin to bake technologies
into the solution space which have unintended consequences.

Beyond this event, do you know if there are other avenues for public
input on the plan?  If not, what about direct lines of communication we
could use to share our opinions?

- Trent

>>
>> Brett McDowell wrote:
>>  
>>> I believe you should all also be subscribed to the community@ list, so
>>> apology for the forward.  But I thought this WG might want to
>>> deep-dive a bit more than the community@ list will so kicking off a
>>> fresh thread.
>>>
>>> If you look closely at this agenda you'll see I'm on it.  I'd like to
>>> as the P3WG for advice for how to position the privacy issues as they
>>> relate to the Open Government topic, especially (but not exclusively)
>>> in the US.  The context for this event is the US Government evaluating
>>> the acceptance of more identity protocols to expand the user-base of
>>> eGov applications.  The US Government has been accepting X.509 PKI for
>>> awhile now, and SAML 2.0.  Now they are looking on OpenID and
>>> Information Cards technology.  There are issues in the background
>>> about how does any "credential provider/identity provider" prove they
>>> meet the Level of Assurance requirements of the US Government, but
>>> that's not the focus of Monday's event.  Monday's event seems to be
>>> more focused on the privacy impact of these new technologies (and I
>>> think pure PKI and SAML might get re-visited as well).
>>>
>>> With that... anyone have any comments or suggestions as I prepare my
>>> notes for the workshop?
> Eve got in touch with me yesterday and I think I will also go.  I will
> be in the audience but I intend to make comments about security and
> how that impacts privacy.  I would suggest that you make remarks about
> extensibility and the need to ensure that adopted solutions are robust
> enough to be extensible.  Make sense?
>
> Susan

-- 
J. Trent Adams
=jtrentadams

Profile: http://www.mediaslate.org/jtrentadams/
LinkedIN: http://www.linkedin.com/in/jtrentadams
Twitter: http://twitter.com/jtrentadams




More information about the Wg-p3 mailing list