[Wg-p3] Link to useful IA document
futureidentity at fastmail.fm
Fri Aug 7 10:23:55 PDT 2009
Many thanks to Edgar Whitley (LSE) for sending a link to this UK
Cabinet Office White Paper on a topic which came up during
yesterday's call. (I have shortened the URL, because the ones the
UK national archive uses are humungous)
We were discussing the question of whether a single application
of 'low to moderate' privacy risk might need to be re-classified
if increased linkability meant it was more likely that a user
could be identifed when accessing it (for instance, if a single,
correlatable credential were used across multiple 'low-risk'
Thankfully, the UK Government adopted the same classification
levels as OM 04-04 and the preceding NIST/OMB standards, so the
document should be readily portable from that standpoint. It
describes a process and checklists for 'mapping' applications
onto levels of risk and assurance, and works through examples at
high level and in detail.
Well worth a read, even if you can't get to it by Monday.
Thanks, Edgar -
Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance
+44 (0)705 005 2931
Structured consulting on digital identity, privacy and public policy
Future Identity is a limited company number 6777002, registered in England & Wales
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Wg-p3