[WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Mark Lizar mark at smartspecies.com
Tue May 10 09:12:43 EDT 2011

Dear All,

As we re-group and re-focus the effort in P3 it is clearly important  
that we as a group gather and mutually contribute to a clear  
understanding of where we are and where we would like to go.  With  
renewed focus made apparent and agreed by all of us we are then able  
to solicit nominations for a Co-Chair to lead the P3 effort for the  
next year.  In this context I have endeavoured to write this summary  
of the evolving scope of P3.

The scale and the scope of the privacy and public policy issues faced  
in the privacy an identity management community are now stark as the  
P3 landscape is evolving dramatically.  P3 has endeavoured to liaise  
with both the public policy community and the federated identity  
management community on the technical issues and opportunities for  
privacy in identity management.

In the last year the privacy landscape has become much more dynamic.   
What has become clear is that a Privacy by Design approach to  
federated identity management is required that can provide a basis for  
Kantara efforts to integrate into. The core requirement of privacy in  
identity management is explicit.  The need to integrate policy with  
technology has never been more apparent. Challenges posed by  
globalisation of data flows and different privacy regimes are brining  
recognition for the need for a common, global approach to assuring  
privacy in identity management.   Nothing less than a privacy by  
design approach will be sufficient to engage in the emerging trust  
landscape of Identity Management.

In addition to seeking a global privacy assurance certification,  
consideration in P3 also needs to be given to ways to improve current  
co-ordination among the increasing number of regional and  
international fora for addressing privacy issues and enhancing multi- 
stakeholder participation. This is an iterative and long term effort  
that requires an active P3 role which will require resources,  
participation and co-ordinated commitment from other WG in Kantara.    
Something which must be facilitated by a clear P3 scope and PF effort.

A clear call to the international standards community has been made by  
the OECD for identity management efforts to facilitate the minimising  
of jurisdictional and territorial differences globally operating  
organisations face. Enterprise, the OECD explains, "are not always be  
able, or willing, to tailor their service offerings to meet the  
specific needs of smaller jurisdictions. Individuals expect privacy  
protection wherever they are. The issue of reducing global compliance  
challenges facing businesses while ensuring more effective data  
privacy protection is at the forefront" (OECD, 2011)  of what the  
market is demanding at this time.

Credentials integrated with privacy designed policy has the potential  
to provide a legitimate foundation for the global management of  
privacy for all stakeholders.  A new international effort into the use  
of the Accountability Principle is currently underway in the  
international policy community and is directed at making much more  
accountable the participation in Safe Harbour Agreement and those  
Enterprises bounded by Binding Corporate Rules (BCR) in order to  
assure the privacy of international data flows.   The Accountability  
"principle will explicitly require data controllers to implement  
appropriate and effective measures to put into effect the legal  
principles and obligations and demonstrate this to the supervisory  
authority upon request." (OECD, 2011)  We are seeing signs of this  
APEC/CIPL driven regulation emerging already in the European  
Community, as well as in the United States.

As P3 is in a unique position to liaise with the Identity Management  
community and the International Policy community we are in an  
opportune position to understand the privacy gap and the opportunity  
this gap provides for Kantara.

As such, I propose that we evolve further and make crystal clear the  
scope and focus of the P3 effort to address this gap and attract the  
resources, membership, and leadership to drive this P3 initiative  

For all those in favour of an evolved scope for P3 please contribute a  
+1 and where possible provide suggestions and further clarification on  
how we can move forward from here.  For the next step I will draft  
proposed topics for discussion to be delivered at the Kantara F2F that  
includes a scope summary for the Privacy Framework.  Again, as we are  
clearly at crossroads in P3 the time has come to rally together and as  
a group contribute (or not) to evolve P3 and direct our efforts.

Best Regards / Mark Lizar
Secretary of the Privacy and Public Policy Work Group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110510/91f9ff8e/attachment-0001.html 

More information about the WG-P3 mailing list