[Wg-p3] P3WG action item (Robin Wilton)
J. Trent Adams
jtrentadams at gmail.com
Wed Aug 26 10:24:45 PDT 2009
I think your characterization of the nascent work is accurate.
Another flavor on the initial discussions pushing toward a "Module"
approach was the perceived immediate economic drivers for adoption.
While we're seeing a path for entities realizing they may need the IAF
work, it's not as obvious that they'll follow suit with an entirely
separate Privacy Framework.
So, our approach is to avoid chasing another issue, opening more
discussions, building additional modeling, and potentially confusing the
market further. Instead, we considered following a path that would
potentially get something rolling more easily, allowing us to build and
grow into something more stand-alone as demands emerge to do so.
That all being said, if others believe a stand-alone PAF would have more
success than a modular approach, I'm hip to exploring the opportunity.
Brett McDowell wrote:
> I'm supportive of the modular approach as a stop-gap. Eventually, and
> in accordance with the P3WG charter, there will exist a full Privacy
> Assurance Framework similar to, but orthogonal/complimentary to, the
> Identity Assurance Framework. But for now we have an immediate market
> requirement in the world of Identity Assurance to have some criteria
> and process for assessing an Identity Provider's privacy practices, at
> least in the limited context of the US Federal Government's
> E-Authentication/Open Trust Frameworks program
> BTW, I don't think the Assurance Review Board would implement this
> module (and they have yet to evaluate it) if they thought it was only
> useful to the US Federal Government, we do believe there is broader
> So this becomes immediately useful in a meaningful context, if
> limited, yet motivates/ignites the more important work of the Privacy
> Assurance Framework (I hope).
> Robin, Trent, Iain, etc... If I'm off-base, please correct this
> description of context and expectation.
> Brett McDowell | http://info.brettmcdowell.com | http://kantarainitiative.org
> On Wed, Aug 26, 2009 at 2:53 AM, Robin Wilton<futureidentity at fastmail.fm> wrote:
>> Fair point. Trent and I opted, as a starting point, to 'attach' this
>> module to the IAF - but mainly for 'internal' reasons to do with synergy
>> and Kantara BoT focus, and definitely not in order to preclude its use
>> in the cases you describe. We should and will capture your input as a
>> requirement -
>> Many thanks,
>> On Tue, 25 Aug 2009 11:27 -0600, "Ian Glazer" <iglazer at burtongroup.com>
>>> Robin -
>>> In reading this I have a big concern about the invocation of such a
>>> Module. Based on how I read this, this Privacy Assurance Module would
>>> only be invoked as a subprocess to identity proofing and credentialing.
>>> If that is correct, then this Module would not be invoked for information
>>> that is not associated with credentialing such as customer data
>>> (especially customer data in a partnership situation.)
>>> Have I misread this?
>>> Ian Glazer | Senior Analyst, Identity and Privacy Strategies |
>>> Burton Group
>>> e: iglazer at burtongroup.com | p: +1(202) 255-3166
>>> http://identityblog.burtongroup.com | http://www.tuesdaynight.org
>>> Wg-p3 mailing list
>>> Wg-p3 at kantarainitiative.org
>> Robin Wilton
>> Director, Future Identity
>> Director of Privacy and Public Policy, Liberty Alliance
>> +44 (0)705 005 2931
>> Structured consulting on digital identity, privacy and public policy
>> Future Identity is a limited company number 6777002, registered in England & Wales
>> Wg-p3 mailing list
>> Wg-p3 at kantarainitiative.org
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
J. Trent Adams
More information about the Wg-p3