[Wg-p3] FW: P3 Call to Action: Strategic Focus

Susan Landau Susan.Landau at Sun.COM
Fri Sep 25 14:54:40 PDT 2009

On 09/25/09 04:01, Robin Wilton wrote:
> ...
> Some weeks ago I circulated to P3WG some draft notes on the idea of 
> the Privacy Module. As the group now has quite a few more members, I 
> attach a further copy of those notes and would again welcome members' 
> review and comment. The document is not long - just a couple of pages 
> and some diagrams - so please, everyone, take a few moments to read 
> and respond.

In the diagram, you have a data minimization piece on page 2. I wonder 
if any standards/protocol work has been in this direction. Here I'm 
thinking of technology that would reply "over 18" to a question that ask 
"old enough to vote" rather than "birthdate = June 5, 1944".

The paper that you, Hubert Le Van Gong and I did on privacy in federated 
identity systems* mentions that Sun had implemented this but --- I think 
--- in a one-off situation and a paper by Gevers, Verslype, and De 
Decker** that we cite proposes an architecture. But in the context of 
"providing value," I think a recommendation to develop a 
standard/protocol for this type of minimization --- if such doesn't 
already exist --- would be useful.



* S. Landau, H. Le Van Gong, and R. Wilton, "Achieving Privacy in a 
Federated Identity Management System," 
Financial Cryptography and Data Security '09. <http://fc09.ifca.ai/>

** Gevers, Steven, Kristof Verslype, and Bart De Decker, “Enhancing 
Privacy in Identity Management Systems,” Workshop on Privacy in the 
Electronic Society,2007, pp. 60-63.

Susan Landau                     phone: 413-259-2018
Distinguished Engineer           fax: 413-253-2156

        Sun Microsystems Laboratories
        MS UBUR02-311
        35 Network Drive
        Burlington MA 01803-0902

        susan.landau at sun.com

More information about the Wg-p3 mailing list