[WG-P3] P3WG: Minutes and NSTIC NOI Questions and Comments

Mark Lizar mark at smartspecies.com
Thu Jun 16 15:54:43 EDT 2011

Hello All,

We had very productive meeting in P3 this week.  We announced the new  
Privacy Framework direction and had a great working session on the  
topic of NSTIC.  The call included updates from Joni Brennon and Tom  
Smedinghoff who were NSTIC panellist.   The call also produced  
comments in developing a  NSTIC NOI response.

The minutes can be found here.   Please review, comment, and correct.

Below is a summary of the feedback and comments captured from the  
call.  Please review, comment and add to these comments.  I will  
collate feedback and provide this input to the NSTIC discussion group  
when it is created.    If anyone has links or references that may be  
helpful please provide them as well.


Mark Lizar
P3WG Secretary,

  Please Review - NSTIC NOI input from P3WG Call June 16th, 2011:
Notes of importance:

An ACLU representative seemed to suggest an aggressive privacy  
challenge to the NSTIC effort.   This brings important issues of NSTIC  
Privacy education, assurance  and inclusion that P3 may want to  
consider contributing and discussing further.
  In terms of educating around NSTIC privacy.  There are many  
different levels of assurance and different levels of privacy needed  
in different context of identity management.  Explaining this  
appropriately makes the discussion more productive in terms of  
discussing privacy.  Mentioning that discussing the economic pressures  
in terms of law and privacy expectations by different stakeholders may  
be one approach to driving privacy discussion in NSTIC.
Event: A second NSTIC workshop has been announced – focused on privacy  
issues in NSTIC – on Monday June 27 and Tuesday June 28.  The event  
will take place at the MIT Media Lab in Cambridge, Massachusetts.   
Details (including a link to online registration) are at:  http://www.nist.gov/itl/nstic-privacy-workshop.cfm 
The registration fee for this workshop will be only $20 – a notable  
discount from the fee for our first governance workshop.  A draft  
agenda will be posted shortly.
Questions raised:

How is privacy going to be represented on the steering committee?
How will privacy decisions be made by the steering committee?
What is the authority structure and organisation of the steering  
Are there any synergies in effect between privacy and the private  
sector other than what this initiative is pushing?
Any efforts connecting the dots between Legislation and NSTIC?
Mentioning that a very strong privacy framework helps a lot as a back  
drop which is comfortable for the Canadian Identity management  
industry.  In this regard what will NSTIC really strong privacy  
framework look like?
  What do we see the authority of this governing body to be? Do they  
have the authority to define, bless or veto something? How will we  
unilaterally accept all the work coming from this body with respect to  
acceptance and approval of it's process.
Whilst the government pushes industry to drive it's work, to what  
extent will the gov't be a stakeholder? Will it have a golden vote?
Who will represent Gov't interests to protect privacy?
Points Raised for NSTIC NOI Input

There are various structures that the governance committee can  
explore. Aaron mentions the educational - legal - industry  
representation in the governance steering committee.
Different structure that can be organised by issues, (privacy/ 
security) Another approach - organise by type of expertise. (policy/ 
legal/policy) as these include various types of representation that  
need to be brought up.
- Many of the participants that will be involved are not even thinking  
about this today.
Needs to be organised with future participation in mind.
The issue of liability was raised.
Presumption that there would need to be a corporate entity to  
accommodate the needs of NSTIC operations.   Which would need to  
address issues pertaining to liability.
Authority will come from with-in the structure. from the participants.
Indicating that the governance committee needs to be representative
What stake will the government take in the steering of this corporate  
Kantara has a good model of governance to draw upon for response,
  a Kantara response may include representing international standards  
in privacy.  Suggestions were made that  the steering committee will  
need to represent standards community according to particular areas of  
governance.  Assessment criteria and process will be needed for each  
of these areas.  FICAM being one of them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110616/072a04b3/attachment.html 

More information about the WG-P3 mailing list