[Wg-p3] Wg-p3 Digest, Vol 2, Issue 30

Patrick Curry patrick.curry at clarionidentity.com
Tue Sep 29 06:36:06 PDT 2009


Dear all

I enclose a document produced by the International Identity Proofing &
Vetting Framework WG a couple of years ago, which comprised the governments
of US, UK, Canada, France, Germany and NL plus European Commission support.
It sought to map out the identity proofing processes behind the issuance of
government ID documents, in order to improve the international
interoperability and acceptability of identity credentials in
multi-jurisdictional situations e..g. employing a foreigner.   Events have
moved on considerably but many of the challenges remain.

 

I offer this because it provides:

.         An explicit context for examining the balance/inverse relationship
between states' rights and citizens' rights when it comes to privacy.  In
the current cyber security situation, we have to consider this (or address
it, if we can).

.         It provides a comparison model that may be useful to our P3WG
privacy work.

.         It involved a number of people in governments and some industry
folk that are available to Kantara today e.g. Richard Wilsher on IAWG.

.         Insight, by inference, of some of the privacy issues that need to
be addressed.

 

For those of you aware of Project STORK, there is a strong case for standing
up the IIPVF WG again!!

 

 

yours sincerely

 

Patrick

 

Patrick Curry

Director

Clarion Identity Ltd
M:   +44 786 024 9074
T:   +44 1980 620606
 <mailto:patrick.curry at clarionidentity.com>
patrick.curry at clarionidentity.com 

Disclaimer
Internet communications are not secure and therefore Clarion Identity
Limited, Rock House, SP3 4JY does not accept legal responsibility for the
contents of this message. Any views or opinions presented are solely those
of the author and do not necessarily represent those of Clarion Identity
Limited unless otherwise specifically stated. If this message is received by
anyone other than the addressee, please notify the sender and then delete
the message and any attachments from your computer.

 

 

From: j stollman [mailto:stollman.j at gmail.com] 
Sent: 20 August 2009 18:36
To: Mark Lizar
Cc: patrick.curry at clarionidentity.com; wg-p3 at kantarainitiative.org
Subject: Re: [Wg-p3] Wg-p3 Digest, Vol 2, Issue 30

 

Mark,

I think you recommendation about engaging Canada is quite apt.  From a US
perspective, given the number of people who cross the border with the US'
largest trading partner on a daily basis, I think that harmonization with
Canada would prove of great value.  Furthermore, the ability of Canadians to
participate in what are currently US-centric meetings is enhanced by their
proximity and similar time zones.

Jeff

On Thu, Aug 20, 2009 at 1:24 PM, Mark Lizar <info at smartspecies.com> wrote:


Is there a document initiative for mapping these gaps between governments?
Perhaps, first to map the gap between the UK, US, to set the tone and pace,
then to continue on by country.  This would be an extremely helpful document
and a good basis for industry/gov related research.

In addition, I am currently hunting some participation in the Canadian
Government as I have contacts there and am from Ottawa (the capital).  Is
there anyone else focusing here?

Mark



On 20 Aug 2009, at 08:08, Patrick Curry wrote:

You ought to be aware that the main UK document for levels of assurance is
the Information Assurance Requirements for Transformational Government
(IARTG), which is in draft circulation amongst a small group of UK
government, contractors and advisers.  The levels of assurance in the IARTG
do not map very well to M0404 and make no technical specification in quite
the way NIST SP 800-63 does.  I have been asking the UK gov folks to take
account of some of the features of 800-63 and also to focus on
interoperability.  Hence, I have invited UK gov policy folks onto P3WG to
talk about how we close the gaps, but it will take a while to get an answer
on representation as it is vacation time.

I suspect the ID Assurance WG faces the same problem, so we ought to work
together.

yours sincerely

Patrick

Patrick Curry
Director
Clarion Identity Ltd
M:   +44 786 024 9074
T:   +44 1980 620606
patrick.curry at clarionidentity.com
Disclaimer
Internet communications are not secure and therefore Clarion
Identity Limited, Rock House, SP3 4JY does not accept legal responsibility
for the contents of this message. Any views or opinions presented are solely
those of the author and do not necessarily represent those of Clarion
Identity Limited unless otherwise specifically stated. If this message is
received by anyone other than the addressee, please notify the sender and
then delete the message and any attachments from your computer.



-----Original Message-----
From: wg-p3-bounces at kantarainitiative.org
[mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of
wg-p3-request at kantarainitiative.org
Sent: 19 August 2009 20:00
To: wg-p3 at kantarainitiative.org
Subject: Wg-p3 Digest, Vol 2, Issue 30

Send Wg-p3 mailing list submissions to
       wg-p3 at kantarainitiative.org

To subscribe or unsubscribe via the World Wide Web, visit
       
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org

or, via email, send a message with subject or body 'help' to
       wg-p3-request at kantarainitiative.org

You can reach the person managing the list at
       wg-p3-owner at kantarainitiative.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wg-p3 digest..."


Today's Topics:

 1. Re: US and UK IA/LoA approaches (Robin Wilton)
 2. Re: US and UK IA/LoA approaches (Georgia Marsh)
 3. Congratulations P3WG--leadership confirmed! (Britta Glade)
 4. Re: Congratulations P3WG--leadership confirmed! (Robin Wilton)


----------------------------------------------------------------------

Message: 1
Date: Tue, 18 Aug 2009 20:20:54 +0100
From: "Robin Wilton" <futureidentity at fastmail.fm>
Subject: Re: [Wg-p3] US and UK IA/LoA approaches
To: "Paul Madsen" <paulmadsen at rogers.com>
Cc: Kantara P3WG <wg-p3 at kantarainitiative.org>
Message-ID: <1250623254.20281.1330458389 at webmail.messagingengine.com>
Content-Type: text/plain; charset="us-ascii"

Hi Paul -

I'm sure it's not unique to the UK... but I think you're right
that the combination of the 'technical standard' approach plus
the 'risk assessment' guidance is more effective than either of
the parts separately.

R

On Tue, 18 Aug 2009 14:31 -0400, "Paul Madsen"
<paulmadsen at rogers.com> wrote:

Hi Robin, wrt the US/UK distinction, does not the combination
of OMB m04-04 & NIST 800 63 provide the model that you suggest is
unique to the UK ?
Paul
Robin Wilton

Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance


www.futureidentity.eu
+44 (0)705 005 2931
====================================================================
Structured consulting on digital identity, privacy and public policy
====================================================================
Future Identity is a limited company number 6777002, registered in England &
Wales

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachme
nts/20090818/31ab3b78/attachment-0001.html>

------------------------------

Message: 2
Date: Tue, 18 Aug 2009 14:48:56 -0500
From: "Georgia Marsh" <georgia-marsh at sbcglobal.net>
Subject: Re: [Wg-p3] US and UK IA/LoA approaches
To: "'Robin Wilton'" <futureidentity at fastmail.fm>,      "'Paul Madsen'"
       <paulmadsen at rogers.com>
Cc: 'Kantara P3WG' <wg-p3 at kantarainitiative.org>
Message-ID: <000f01ca203c$ed162ae0$c74280a0$@net>
Content-Type: text/plain; charset="us-ascii"

In the US,  M04-04 and NIST 800-63 are foundational IDM documents  used
together to determine risk and then to ascertain what technology (ies) and
vetting  is (are) necessary to mitigate the risk. The OMB doc is more SP/RP
based  in that it's instructing the SP/RP on risk and specific assurance
levels. Several years ago  federal agencies were mandated by OMB to conduct
"risk assessments" on all their external facing web applications. The NIST
document is all about technical requirements because that's what they do-
write the specs....



Georgia



From: wg-p3-bounces at kantarainitiative.org
[mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of Robin Wilton
Sent: Tuesday, August 18, 2009 2:21 PM
To: Paul Madsen
Cc: Kantara P3WG
Subject: Re: [Wg-p3] US and UK IA/LoA approaches



Hi Paul -



I'm sure it's not unique to the UK... but I think you're right that the
combination of the 'technical standard' approach plus the 'risk assessment'
guidance is more effective than either of the parts separately.



R



On Tue, 18 Aug 2009 14:31 -0400, "Paul Madsen" <paulmadsen at rogers.com>
wrote:

Hi Robin, wrt the US/UK distinction, does not the combination   of OMB
m04-04 & NIST 800 63 provide the model that you suggest is unique to the UK
?

Paul



Robin Wilton

Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance


www.futureidentity.eu
+44 (0)705 005 2931
====================================================================
Structured consulting on digital identity, privacy and public policy
====================================================================
Future Identity is a limited company number 6777002, registered in England &
Wales
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachme
nts/20090818/7dd7bc5a/attachment-0001.html>

------------------------------

Message: 3
Date: Tue, 18 Aug 2009 17:28:26 -0700
From: Britta Glade <britta at kantarainitiative.org>
Subject: [Wg-p3] Congratulations P3WG--leadership confirmed!
To: wg-p3 at kantarainitiative.org
Message-ID:
       <c1e582880908181728s75fe88dcg16464e0d3923b035 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Congratulations Privacy & Public Policy Work Group--your first WG vote has
successfully closed above the requisite number of votes needed to proceed.
Robin--you have earned the support of your group in leading them forward as
chair.  Congratulations on crafting such a compelling charter and gathering
such a sharp group of folks to collaborate and contribute.  Now that process
is out of the way, you can get on to some terrific work :).

Thanks, all, for taking the time to vote.  I'm sure Robin, as your new
chair, looks forward to your participation on Thursday's call.

--b.

-- 
Britta Glade Kantara Initiative 925-254-4233
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachme
nts/20090818/4c37cff0/attachment-0001.html>

------------------------------

Message: 4
Date: Wed, 19 Aug 2009 09:24:35 +0100
From: "Robin Wilton" <futureidentity at fastmail.fm>
Subject: Re: [Wg-p3] Congratulations P3WG--leadership confirmed!
To: "Britta Glade" <britta at kantarainitiative.org>, "Kantara P3WG"
       <wg-p3 at kantarainitiative.org>
Message-ID: <1250670275.32411.1330554195 at webmail.messagingengine.com>
Content-Type: text/plain; charset="us-ascii"

Many thanks, everyone; I'm flattered, and also somewhat awed by
the task ahead.

However, with your help I know we can contribute something useful
and truly groundbreaking in this field.

Best wishes,

Robin

On Tue, 18 Aug 2009 17:28 -0700, "Britta Glade"
<britta at kantarainitiative.org> wrote:

Congratulations Privacy & Public Policy Work Group--your first WG
vote has successfully closed above the requisite number of votes
needed to proceed.  Robin--you have earned the support of your
group in leading them forward as chair.  Congratulations on
crafting such a compelling charter and gathering such a sharp
group of folks to collaborate and contribute.  Now that process
is out of the way, you can get on to some terrific work :).



Thanks, all, for taking the time to vote.  I'm sure Robin, as
your new chair, looks forward to your participation on Thursday's
call.



--b.

--
Britta Glade Kantara Initiative 925-254-4233
Robin Wilton

Director, Future Identity
Director of Privacy and Public Policy, Liberty Alliance


www.futureidentity.eu
+44 (0)705 005 2931
====================================================================
Structured consulting on digital identity, privacy and public policy
====================================================================
Future Identity is a limited company number 6777002, registered in England &
Wales

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachme
nts/20090819/c147be1e/attachment-0001.html>

------------------------------

_______________________________________________
Wg-p3 mailing list
Wg-p3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org


End of Wg-p3 Digest, Vol 2, Issue 30
************************************



_______________________________________________
Wg-p3 mailing list
Wg-p3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org



_______________________________________________
Wg-p3 mailing list
Wg-p3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3_kantarainitiative.org




-- 
Jeff Stollman
stollman.j at gmail.com
1 202.683.8699

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090929/3ca00d0f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: I-IPVF Final Report 2-0-0.pdf
Type: application/pdf
Size: 557741 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-p3_kantarainitiative.org/attachments/20090929/3ca00d0f/attachment-0001.pdf>


More information about the Wg-p3 mailing list