[Wg-p3] Summary of P3WG conf call 6th Aug 2009

Robin Wilton futureidentity at fastmail.fm
Thu Aug 6 12:08:56 PDT 2009


Present: Trent Adams, Patrick Curry, Britta Glade, Ian Glazer,
Iain Henderson, Susan Landau, Georgia Marsh, Brett McDowell, Bob
Pinheiro, Darrell Shull, Toby Stevens, Jeff Stollmann, Edgar
Whitley, Robin Wilton
Apologies: Louise Bennett, Toshihiro Suzuki
Next call: Thursday August 20th, 16:00 BST, 17:00 CET, 08:00 PST,
11:00 EST
Dial-in details:
    *  US/Canada toll-free number:  1.866.305.1460
    * Direct dial (toll) number: +1.416.620.1296
    * Attendee Code: 9247530
    * International toll-free numbers:
          o UK: 0800 917 5847
          o Netherlands: 08002659007
          o Belgium: 080079491
          o Japan: 00531160345
These toll-free numbers are generously provided by BIPAC.
Please note - if you need access from a country not on the list
above, please notify the WG Chair with as much advance notice as
possible: mail at futureidentity dot eu
Comments:
RW - (1) Invited members to submit nominations for the posts of
P3WG Chair and Vice chair (see actions, below)
PC - gave summary of last week's meetings with various US Govt
bodies; general focus on high-assurance identity for USG
employees (as opposed to citizen ID, e-gov access etc): however,
it is appropriate for P3WG's overall strategy to be able to
accommodate these use-cases as well.
Noted that ICAM co-chairs (Judith Spencer and Paul Grant) tend to
focus on LoA=3 identities and higher, whereas David Temoshok's
focus would be at the LoA=1, LoA=2 levels.
GM - noted that a previous assessment classified some 60% of USG
applications as being in the LoA=1, LoA=2 categories.
[In general, I suggest we should seek to make sure the PIV and
PIV-I strategies are clearly understandable to P3WG, including
areas in which those strategies may intersect with non-US
implementations [1,2] ]
PC - Suggested the development of an identity
assurance/authentication framework which caters for the
viewpoints of Government, Citizen and Regulated Industry
stakeholders.
Discussion of 10 Aug Workshop (ICAM, Washington DC)
BM - Scope of meeting is specifically "USG <-> Privacy
Advocates", to discuss e-authentication based on Government
application consumption of LoA=1 consumer authentication
artifacts from. eg. OpenID, InfoCard and InCommon, and to discuss
the role of Trust Framework Providers [2]
Suggested questions to raise:
- what measures does the strategy include to ensure that the
goals of citizens/users are met, as well as those of government
and public sector service providers?
- has correlation and its possible effect on user privacy been
considered in the formulation of strategy? NB - a single service
might be considered to have a 'low' privacy impact, but if its
use can be correlated with access to other services (for
instance, through use of the same e-authentication method) the
over-all privacy impact may well be higher.
- has the USG classification of applications (according to
appropriate LoA) been reviewed recently to take account of
technical developments, changes in application and/or delivery
channel (e.g. mobile access, PKI applicability etc)?
- "scope and mission creep": if the strategy is to "segment"
applications according to LoA/authentication type, what plans are
there for handling cases where (i) the LoA pre-requisite of an
application changes over time; (ii) pressure grows to use a
deployed 'low-assurance' credential for access to a
'medium-assurance' service rather than incur the expense of
re-working for 'medium-assurance' credentials?
Closed actions from previous call:

- RW, IG to arrange meeting with US VISIT program CPO at Burton
Catalyst - DONE.


Actions:

(1) PC to help P3WG engage with policy-maker community - ONGOING
(with RW apologies for late distribution of previous action
items)
(2) Call for nominations to the posts of P3WG Chair and Vice
Chair. - ONGOING
    - First stage: nominations (staff at kantarainitiative dot
org)
    - Second stage: secret ballot (process to be determined)

(3) RW to invite Paul Hasson (CPO - US Visit) to participate in
P3WG and report status.
(4) RW to post draft of "Privacy Assurance Module" concept for
Identity Assurance schemes.
Document references:
- USG ICAM page, including documents on Trust Framework Providers
and Identity Scheme Adoption
[1]http://www.idmanagement.gov/drilldown.cfm?action=privacy_works
hop
- White House/OMB memorandum M-0404 (Levels of Assurance)
[2]http://www.whitehouse.gov/OMB/memoranda/fy04/m04-04.pdf

References

1. http://www.idmanagement.gov/drilldown.cfm?action=privacy_workshop
2. http://www.whitehouse.gov/OMB/memoranda/fy04/m04-04.pdf
Robin Wilton

Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance


www.futureidentity.eu
+44 (0)705 005 2931
====================================================================
Structured consulting on digital identity, privacy and public policy
====================================================================
Future Identity is a limited company number 6777002, registered in England & Wales

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090806/9ce4c1e4/attachment.html>


More information about the Wg-p3 mailing list