[Wg-p3] P3WG action item (Robin Wilton)

Bob Pinheiro kantara at bobpinheiro.com
Wed Aug 26 20:45:27 PDT 2009


In addition to the privacy of personally identifiable information that 
is collected during identity proofing and credentialing, or the privacy 
of other customer data, there is another aspect of privacy that should  
be accounted for.  By analogy, credit card companies know a lot about 
the purchasing behaviors of their customers, and financial institutions 
that issue credit cards have privacy policies to deal with how they may 
use this information.  Likewise, identity providers could develop 
profiles of the people to whom they have issued credentials, based on 
the identity assertions they issue to various relying parties on behalf 
of these people.  This would be especially problematic if identity 
providers could collude and share this kind of information about 
specific people.  So the privacy issue I'm raising here pertains not to 
personally identifiable information about specific people, but to 
inferred behaviors of those people based on their use of the credentials 
they have been issued.

Bob

---------------------------
Bob Pinheiro
Chair, Consumer Identity WG
908-654-1939
kantara at bobpinheiro.com
www.bobpinheiro.com



Robin Wilton wrote:
> Fair point. Trent and I opted, as a starting point, to 'attach' this
> module to the IAF - but mainly for 'internal' reasons to do with synergy
> and Kantara BoT focus, and definitely not in order to preclude its use
> in the cases you describe. We should and will capture your input as a
> requirement -
>
> Many thanks,
>
> Robin
>
> On Tue, 25 Aug 2009 11:27 -0600, "Ian Glazer" <iglazer at burtongroup.com>
> wrote:
>   
>> Robin -
>>
>> In reading this I have a big concern about the invocation of such a
>> Module. Based on how I read this, this Privacy Assurance Module would
>> only be invoked as a subprocess to identity proofing and credentialing.
>> If that is correct, then this Module would not be invoked for information
>> that is not associated with credentialing such as customer data
>> (especially customer data in a partnership situation.)
>>
>> Have I misread this?
>>
>> i
>> --
>> Ian Glazer    |    Senior Analyst, Identity and Privacy Strategies    |  
>>  Burton Group
>> e: iglazer at burtongroup.com   |    p: +1(202) 255-3166
>> http://identityblog.burtongroup.com | http://www.tuesdaynight.org
>>
>> _______________________________________________
>> Wg-p3 mailing list
>> Wg-p3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>>     
> Robin Wilton
>
> Director, Future Identity
> Director of Privacy and Public Policy, Liberty Alliance
>
>
> www.futureidentity.eu
> +44 (0)705 005 2931
> ====================================================================
> Structured consulting on digital identity, privacy and public policy
> ====================================================================
> Future Identity is a limited company number 6777002, registered in England & Wales
>
>
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>
>   


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090826/69804722/attachment.html>


More information about the Wg-p3 mailing list