[Wg-p3] Prep For Privacy Workshop in Washington DC - August 10

j stollman stollman.j at gmail.com
Tue Aug 4 05:07:00 PDT 2009

I am currently an advocate of the Information Cards approach because of its
ability to tailor identity information asserted for a particular transaction
to the specific requirements of the transaction.

For example, should I order a  widget from an online vendor for whom I have
no reputation information, I can provide an identity that consists of the

   1. a name that may be a pseudonym to keep from being pestered 9e.g.,
   spammed) by the vendor after my order, but can still be tied to the
   information below
   2. a "ship to" number from my shipper of choice (e.g., FedEx, UPS) that
   does not disclose my actual "ship to" address
   3. a credit authorization from my credit-card provider that does not
   require disclosure of my credit card information
   4. substantiation that I am over 21 and eligible to purchase the wdiget

This allows preservation of privacy as long as the claims provided by me as
the purchaser can be verified by the vendor and include sufficient vetting
and [liability] recourse to give the vendor trust to ship the item to me.

I think that the atomic nature of claims provided is what is important here
-- not information cards as one implementation that embodies this
principle.  Most other approaches require assertion of a comprehensive
portfolio of identity claims which discloses more information than is
necessary about the subject -- putting such information in the [semi-]
public domain where it is not safe.

Thank you.


On Tue, Aug 4, 2009 at 7:27 AM, Brett McDowell <email at brettmcdowell.com>wrote:

> I believe you should all also be subscribed to the community@ list, so
> apology for the forward.  But I thought this WG might want to deep-dive a
> bit more than the community@ list will so kicking off a fresh thread.
> If you look closely at this agenda you'll see I'm on it.  I'd like to as
> the P3WG for advice for how to position the privacy issues as they relate to
> the Open Government topic, especially (but not exclusively) in the US.  The
> context for this event is the US Government evaluating the acceptance of
> more identity protocols to expand the user-base of eGov applications.  The
> US Government has been accepting X.509 PKI for awhile now, and SAML 2.0.
>  Now they are looking on OpenID and Information Cards technology.  There are
> issues in the background about how does any "credential provider/identity
> provider" prove they meet the Level of Assurance requirements of the US
> Government, but that's not the focus of Monday's event.  Monday's event
> seems to be more focused on the privacy impact of these new technologies
> (and I think pure PKI and SAML might get re-visited as well).
> With that... anyone have any comments or suggestions as I prepare my notes
> for the workshop?
> Thanks in advance!
> Brett McDowell  |  +1.413.652.1248  |  http://KantaraInitiative.org
> Begin forwarded message:
> *From: *"J. Trent Adams" <jtrentadams at gmail.com>
> *Date: *August 4, 2009 7:14:04 AM EDT
> *To: *community at kantarainitiative.org
> *Subject: **[Community] Privacy Workshop in Washington DC - August 10*
> All -
> In case you're interested in what the OpenID and InfoCard crew have been
> up to for the past few months, now's your chance to find out.  Check out
> the Privacy Workshop in Washington DC on August 10th.
> http://www.idmanagement.gov/drilldown.cfm?action=privacy_workshop
> The meeting will present the work that's been done so far, and solicit
> questions and comments from the wider community.  Remember to register
> as space is limited.
> - Trent
> -----
> Open Government Identity Management Solutions Privacy Workshop, August
> 10, 2009
> Location of the Workshop: The American Institute of Architects (AIA)
> Building, The AIA Boardroom, 1735 New York Avenue, NW, Washington, DC 20006
> Agenda:
> 8:00 am Registration & check-in
> 9:00 am Welcome & Overview of the Initiative
>    Judith Spencer Co-Chair ICAMSC
> 9:15 am White House Vision
>    Vivek Kundra, Federal CIO
> 9:45 am Technical Approach
>    Chris Louden, Protiviti Government Services
> 10:30 am Break
> 10:45 am Open Trust Frameworks for Open Government
>    Don Thibeau (OpenID),
>    Drummond Reed (InfoCard),
>    Bob Morgan (InCommon),
>    Brett McDowell (Kantara)
> 11:30 am Panel discussion - benefits of initiative
>    Representatives of OpenID,
>    InfoCard,
>    InCommon,
>    Kantara Initiative
> 12:30 pm Lunch (on own)
> 1:30 pm Federal Privacy Considerations
>    CIO Privacy Committee Chair/designee
> 2:00 pm Panel discussion/question & answer session
>    Privacy protections of the schemes;
>    representatives from OpenID,
>    InfoCard,
>    Kantara Initiative,
>    InCommon,
>    & Federal Government
> 3:15 pm Wrap-up - where to go for more information
>    Judith Spencer
> -----
> --
> J. Trent Adams
> =jtrentadams
> Profile: http://www.mediaslate.org/jtrentadams/
> LinkedIN: http://www.linkedin.com/in/jtrentadams
> Twitter: http://twitter.com/jtrentadams
> _______________________________________________
> Community mailing list
> Community at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/community_kantarainitiative.org
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org

Jeff Stollman
stollman.j at gmail.com
1 202.683.8699
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090804/88d82f1c/attachment-0001.html>

More information about the Wg-p3 mailing list