[WG-P3] [WG-UMA] NSTIC Privacy Workshop

Mark Lizar mark at smartspecies.com
Thu Jun 23 07:55:00 EDT 2011

Hi Salvatore,

That sounds like a great idea. The NSTIC Objectives  for the workshop  
concludes with,

"The Strategy recognizes that privacy-enhancing technologies can play  
an important role in creating a
user-centric identity model, but there may be hurdles to developing  
widespread use of such
technologies.  In addition to hurdles to adoption, the workshop will  
also consider additional challenges
that may arise in designing or implementing privacy protections for  
the Identity Ecosystem and issues
associated with implementing those privacy protections, such as  
increased operational complexity
organizations must deal with in an environment of multiple  
international privacy frameworks and
creating enforcement mechanisms for maintaining privacy protections. "

I think it is definitely worth discussing the proposition that UMA  
both address the privacy by design requirements for NSTIC and the   
need to address 'multiple international privacy frameworks'.

A high level summary/picture may go a very long way for UMA at the  
workshop next week.  In addition, P3 may be able to support UMA in  
advocacy of UMA as a way to address Privacy and Public Policy in the  
National Strategy.

Best Regards,


On 23 Jun 2011, at 12:43, Salvatore D'Agostino wrote:

> Mark,
> I will be there and would be happy to contribute, while not an  
> active member of p3, I am a member of UMA and believe that user  
> control and UMA’s ability to enable this has the does enable the  
> first guiding principle of NSTIC ”privacy enhancing and voluntary”.   
> I am close to the FICAM process and ICAM is part of our practice and  
> as extend this to the enterprise as well as the Fed, state and local  
> infrastructures.  Let me know.
> So here is pass.  I would go further in the statement below saying  
> that UMA by making user control a tenet of the design does (as  
> opposed to may) build privacy in through allowing individuals to  
> protect personal information and resources and control access to  
> these resources by requesters.  UMA’s use of an authorization  
> manager to establish the policy and manner in which individual  
> attributes and information are handled as protected resources, as  
> opposed to generally available information, in cyberspace.  There is  
> an UMA call today.  Perhaps the group could draft/comment on this  
> statement and take up your good idea.
> Regards,
> Sal
> From: wg-uma-bounces at kantarainitiative.org [mailto:wg-uma-bounces at kantarainitiative.org 
> ] On Behalf Of Mark Lizar
> Sent: Thursday, June 23, 2011 6:17 AM
> To: Kantara P3WG
> Cc: WG UMA; dg-nstic at kantarainitiative.org
> Subject: [WG-UMA] NSTIC Privacy Workshop
> Hello All,
> A reminder that there is a NSTIC Privacy Workshop on Monday.  To  
> this end I am wondering if P3/NSTIC-DG members would like to submit  
> a paper or statement to this workshop?
> I believe that there are two P3 members that will be attending who  
> may be able to deliver this input personally. I realise that this is  
> very short notice to organise input, but if members are interested  
> in submitting I would be happy to edit and contribute to this input  
> on behalf of P3.    We mentioned last week that we are not going to  
> have a call to organise input today.  Instead there is a NSTIC-DG  
> call tomorrow where input can be collated and discussed.
> Workshop Information
> Start Date: Monday, June 27, 2011
> End Date: Tuesday, June 28, 2011
> Purpose:
> (1) Objectives of Privacy Workshop
> This workshop will discuss the privacy-enhancing objectives of the  
> National Strategy for Trusted Identities in Cyberspace (NSTIC) and  
> how to effectively implement them in the Identity Ecosystem  
> Framework, including issues involved with overcoming the challenges  
> of establishing user-centric privacy protections. The goal of this  
> workshop is to provide a venue for discussion about developing  
> workable policies, practices and guidelines for privacy protections  
> as well as effective means of implementing these protection
> Existing Input
> Some Privacy related input from last week's call may be a good place  
> to start.   Here is some salient points that were made in regards to  
> Privacy.
> How is privacy going to be represented on the steering committee?
> How will privacy decisions be made by the steering committee?
> Kantara has a good model of governance to draw upon for response,
> A Kantara response may include representing international standards  
> in privacy.  Suggestions were made that  the steering committee will  
> need to represent standards community according to particular areas  
> of governance.  Assessment criteria and process will be needed for  
> each of these areas.  FICAM being one of them.
> In addition, last week we discussed how education was a critical  
> part to understanding privacy in the context of NSTIC.  Education in  
> this respect may be a critical point of discussion at the workshop.   
> In this regard, contextual understanding of the use of identity in a  
> national strategy may also be very valuable for understanding the  
> international aspects of privacy the NSTIC strategy may need to  
> include.
> (Maybe something along the lines of)
> Increased control of identity for individuals (an NSTIC objective)  
> reduces the sharing and exposure of data and in this way  
> fundamentally provides increased privacy protection.   Although,   
> once personal information is shared, the need for privacy transcends  
> national borders and privacy protections will need to be considered  
> in this context.   Emerging protocols like UMA may also present a  
> privacy by design approach for NSTIC that is worth noting as a way  
> to address some of these challenges.
> In this regard, I urge members who are interested in contributing to  
> this workshop to provide additional input/discussion in this thread  
> in order to develop a draft input for the NSTIC-DG tomorrow.
> Best Regards,
> Mark Lizar
> P3 Secretary

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110623/470c1fe6/attachment-0001.html 

More information about the WG-P3 mailing list