[Wg-p3] P3WG action item (Robin Wilton)

Mark Lizar info at smartspecies.com
Thu Aug 27 07:02:51 PDT 2009


This appears to be a common Identity & Trust issue and one that is  
specific to many scenarios that arise when any identifier is  
systematically tracked both online and offline.  In many ways it comes  
down to trust standards e.g. transparency over the activities and  
practices of the identity provider or relying party.   This issue can  
be addressed with standards and ways in which the individual can  
control the release of information which is something being addressed  
by Mydex and Iain Henderson)

Standards can also be coupled with a greater access by the individual  
to see the practices of an organisation. Perhaps this scenario is  
something that should be a specific sub focus with scenarios taken  
across working groups and policy/standards developed accordingly?

- Mark


On 27 Aug 2009, at 04:45, Bob Pinheiro wrote:

> In addition to the privacy of personally identifiable information  
> that is collected during identity proofing and credentialing, or the  
> privacy of other customer data, there is another aspect of privacy  
> that should  be accounted for.  By analogy, credit card companies  
> know a lot about the purchasing behaviors of their customers, and  
> financial institutions that issue credit cards have privacy policies  
> to deal with how they may use this information.  Likewise, identity  
> providers could develop profiles of the people to whom they have  
> issued credentials, based on the identity assertions they issue to  
> various relying parties on behalf of these people.  This would be  
> especially problematic if identity providers could collude and share  
> this kind of information about specific people.  So the privacy  
> issue I'm raising here pertains not to personally identifiable  
> information about specific people, but to inferred behaviors of  
> those people based on their use of the credentials they have been  
> issued.
>
> Bob
> ---------------------------
> Bob Pinheiro
> Chair, Consumer Identity WG
> 908-654-1939
> kantara at bobpinheiro.com
> www.bobpinheiro.com
>
>
> Robin Wilton wrote:
>>
>> Fair point. Trent and I opted, as a starting point, to 'attach' this
>> module to the IAF - but mainly for 'internal' reasons to do with  
>> synergy
>> and Kantara BoT focus, and definitely not in order to preclude its  
>> use
>> in the cases you describe. We should and will capture your input as a
>> requirement -
>>
>> Many thanks,
>>
>> Robin
>>
>> On Tue, 25 Aug 2009 11:27 -0600, "Ian Glazer" <iglazer at burtongroup.com 
>> >
>> wrote:
>>
>>> Robin -
>>>
>>> In reading this I have a big concern about the invocation of such a
>>> Module. Based on how I read this, this Privacy Assurance Module  
>>> would
>>> only be invoked as a subprocess to identity proofing and  
>>> credentialing.
>>> If that is correct, then this Module would not be invoked for  
>>> information
>>> that is not associated with credentialing such as customer data
>>> (especially customer data in a partnership situation.)
>>>
>>> Have I misread this?
>>>
>>> i
>>> --
>>> Ian Glazer    |    Senior Analyst, Identity and Privacy  
>>> Strategies    |
>>>  Burton Group
>>> e: iglazer at burtongroup.com   |    p: +1(202) 255-3166
>>> http://identityblog.burtongroup.com | http://www.tuesdaynight.org
>>>
>>> _______________________________________________
>>> Wg-p3 mailing list
>>> Wg-p3 at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>>>
>> Robin Wilton
>>
>> Director, Future Identity
>> Director of Privacy and Public Policy, Liberty Alliance
>>
>>
>> www.futureidentity.eu
>> +44 (0)705 005 2931
>> ====================================================================
>> Structured consulting on digital identity, privacy and public policy
>> ====================================================================
>> Future Identity is a limited company number 6777002, registered in  
>> England & Wales
>>
>>
>> _______________________________________________
>> Wg-p3 mailing list
>> Wg-p3 at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org
>>
>>
>
>
> _______________________________________________
> Wg-p3 mailing list
> Wg-p3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090827/8588b450/attachment-0001.html>


More information about the Wg-p3 mailing list