[Wg-p3] Link to useful IA document

Robin Wilton futureidentity at fastmail.fm
Fri Aug 7 10:23:55 PDT 2009

Many thanks to Edgar Whitley (LSE) for sending a link to this UK
Cabinet Office White Paper on a topic which came up during
yesterday's call. (I have shortened the URL, because the ones the
UK national archive uses are humungous)


We were discussing the question of whether a single application
of 'low to moderate' privacy risk might need to be re-classified
if increased linkability meant it was more likely that a user
could be identifed when accessing it (for instance, if a single,
correlatable credential were used across multiple 'low-risk'

Thankfully, the UK Government adopted the same classification
levels as OM 04-04 and the preceding NIST/OMB standards, so the
document should be readily portable from that standpoint. It
describes a process and checklists for 'mapping' applications
onto levels of risk and assurance, and works through examples at
high level and in detail.

Well worth a read, even if you can't get to it by Monday.

Thanks, Edgar -



1. http://http//bit.ly/DMikz
Robin Wilton

Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance

+44 (0)705 005 2931
Structured consulting on digital identity, privacy and public policy
Future Identity is a limited company number 6777002, registered in England & Wales

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090807/409d7f99/attachment.html>

More information about the Wg-p3 mailing list