[WG-P3] [WG-UMA] NSTIC Privacy Workshop

Salvatore D'Agostino sal at idmachines.com
Thu Jun 23 07:43:53 EDT 2011



I will be there and would be happy to contribute, while not an active member
of p3, I am a member of UMA and believe that user control and UMA's ability
to enable this has the does enable the first guiding principle of NSTIC
"privacy enhancing and voluntary".  I am close to the FICAM process and ICAM
is part of our practice and as extend this to the enterprise as well as the
Fed, state and local infrastructures.  Let me know.


So here is pass.  I would go further in the statement below saying that UMA
by making user control a tenet of the design does (as opposed to may) build
privacy in through allowing individuals to protect personal information and
resources and control access to these resources by requesters.  UMA's use of
an authorization manager to establish the policy and manner in which
individual attributes and information are handled as protected resources, as
opposed to generally available information, in cyberspace.  There is an UMA
call today.  Perhaps the group could draft/comment on this statement and
take up your good idea.






From: wg-uma-bounces at kantarainitiative.org
[mailto:wg-uma-bounces at kantarainitiative.org] On Behalf Of Mark Lizar
Sent: Thursday, June 23, 2011 6:17 AM
To: Kantara P3WG
Cc: WG UMA; dg-nstic at kantarainitiative.org
Subject: [WG-UMA] NSTIC Privacy Workshop



Hello All, 


A reminder that there is a NSTIC Privacy Workshop on Monday.  To this end I
am wondering if P3/NSTIC-DG members would like to submit a paper or
statement to this workshop? 


I believe that there are two P3 members that will be attending who may be
able to deliver this input personally. I realise that this is very short
notice to organise input, but if members are interested in submitting I
would be happy to edit and contribute to this input on behalf of P3.    We
mentioned last week that we are not going to have a call to organise input
today.  Instead there is a NSTIC-DG call tomorrow where input can be
collated and discussed. 


Workshop Information


Start Date: Monday, June 27, 2011 

End Date: Tuesday, June 28, 2011



(1) Objectives
<http://www.nist.gov/itl/upload/objectives_nstic-privacy-workshop.pdf>  of
Privacy Workshop

This workshop will discuss the privacy-enhancing objectives of the National
Strategy for Trusted Identities in Cyberspace (NSTIC) and how to effectively
implement them in the Identity Ecosystem Framework, including issues
involved with overcoming the challenges of establishing user-centric privacy
protections. The goal of this workshop is to provide a venue for discussion
about developing workable policies, practices and guidelines for privacy
protections as well as effective means of implementing these protection 


Existing Input


Some Privacy related input from last week's call may be a good place to
start.   Here is some salient points that were made in regards to Privacy. 

*	How is privacy going to be represented on the steering committee?
*	How will privacy decisions be made by the steering committee?
*	Kantara has a good model of governance to draw upon for response,
*	A Kantara response may include representing international standards
in privacy.  Suggestions were made that  the steering committee will need to
represent standards community according to particular areas of governance.
Assessment criteria and process will be needed for each of these areas.
FICAM being one of them.

In addition, last week we discussed how education was a critical part to
understanding privacy in the context of NSTIC.  Education in this respect
may be a critical point of discussion at the workshop.  In this regard,
contextual understanding of the use of identity in a national strategy may
also be very valuable for understanding the international aspects of privacy
the NSTIC strategy may need to include. 


(Maybe something along the lines of) 

Increased control of identity for individuals (an NSTIC objective) reduces
the sharing and exposure of data and in this way fundamentally provides
increased privacy protection.   Although,  once personal information is
shared, the need for privacy transcends national borders and privacy
protections will need to be considered in this context.   Emerging protocols
like UMA may also present a privacy by design approach for NSTIC that is
worth noting as a way to address some of these challenges. 


In this regard, I urge members who are interested in contributing to this
workshop to provide additional input/discussion in this thread in order to
develop a draft input for the NSTIC-DG tomorrow. 


Best Regards, 


Mark Lizar

P3 Secretary






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110623/3bba79a9/attachment-0001.html 

More information about the WG-P3 mailing list