[Wg-p3] Link to useful IA document

Robin Wilton futureidentity at fastmail.fm
Fri Aug 7 10:23:55 PDT 2009


Many thanks to Edgar Whitley (LSE) for sending a link to this UK
Cabinet Office White Paper on a topic which came up during
yesterday's call. (I have shortened the URL, because the ones the
UK national archive uses are humungous)

 [1]http://bit.ly/DMikz

We were discussing the question of whether a single application
of 'low to moderate' privacy risk might need to be re-classified
if increased linkability meant it was more likely that a user
could be identifed when accessing it (for instance, if a single,
correlatable credential were used across multiple 'low-risk'
applications.

Thankfully, the UK Government adopted the same classification
levels as OM 04-04 and the preceding NIST/OMB standards, so the
document should be readily portable from that standpoint. It
describes a process and checklists for 'mapping' applications
onto levels of risk and assurance, and works through examples at
high level and in detail.

Well worth a read, even if you can't get to it by Monday.

Thanks, Edgar -

Yrs.,
Robin

References

1. http://http//bit.ly/DMikz
Robin Wilton

Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance


www.futureidentity.eu
+44 (0)705 005 2931
====================================================================
Structured consulting on digital identity, privacy and public policy
====================================================================
Future Identity is a limited company number 6777002, registered in England & Wales

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090807/409d7f99/attachment.html>


More information about the Wg-p3 mailing list