[Wg-p3] P3WG action item (Robin Wilton)

Brett McDowell email at brettmcdowell.com
Wed Aug 26 06:47:56 PDT 2009


I'm supportive of the modular approach as a stop-gap.  Eventually, and
in accordance with the P3WG charter, there will exist a full Privacy
Assurance Framework similar to, but orthogonal/complimentary to, the
Identity Assurance Framework.  But for now we have an immediate market
requirement in the world of Identity Assurance to have some criteria
and process for assessing an Identity Provider's privacy practices, at
least in the limited context of the US Federal Government's
E-Authentication/Open Trust Frameworks program
(http://idmanagement.gov).

BTW, I don't think the Assurance Review Board would implement this
module (and they have yet to evaluate it) if they thought it was only
useful to the US Federal Government, we do believe there is broader
applicability.

So this becomes immediately useful in a meaningful context, if
limited, yet motivates/ignites the more important work of the Privacy
Assurance Framework (I hope).

Robin, Trent, Iain, etc... If I'm off-base, please correct this
description of context and expectation.

Cheers,

Brett McDowell | http://info.brettmcdowell.com | http://kantarainitiative.org



On Wed, Aug 26, 2009 at 2:53 AM, Robin Wilton<futureidentity at fastmail.fm> wrote:
> Fair point. Trent and I opted, as a starting point, to 'attach' this
> module to the IAF - but mainly for 'internal' reasons to do with synergy
> and Kantara BoT focus, and definitely not in order to preclude its use
> in the cases you describe. We should and will capture your input as a
> requirement -
>
> Many thanks,
>
> Robin
>
> On Tue, 25 Aug 2009 11:27 -0600, "Ian Glazer" <iglazer at burtongroup.com>
> wrote:
>> Robin -
>>
>> In reading this I have a big concern about the invocation of such a
>> Module. Based on how I read this, this Privacy Assurance Module would
>> only be invoked as a subprocess to identity proofing and credentialing.
>> If that is correct, then this Module would not be invoked for information
>> that is not associated with credentialing such as customer data
>> (especially customer data in a partnership situation.)
>>
>> Have I misread this?
>>
>> i
>> --
>> Ian Glazer    |    Senior Analyst, Identity and Privacy Strategies    |
>>  Burton Group
>> e: iglazer at burtongroup.com   |    p: +1(202) 255-3166
>> http://identityblog.burtongroup.com | http://www.tuesdaynight.org
>>
>> _______________________________________________
>> Wg-p3 mailing list
>> Wg-p3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
> Robin Wilton
>
> Director, Future Identity
> Director of Privacy and Public Policy, Liberty Alliance
>
>
> www.futureidentity.eu
> +44 (0)705 005 2931
> ====================================================================
> Structured consulting on digital identity, privacy and public policy
> ====================================================================
> Future Identity is a limited company number 6777002, registered in England & Wales
>
>
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>



More information about the Wg-p3 mailing list