[WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Colin Wallis colin_wallis at hotmail.com
Tue May 10 10:24:38 EDT 2011

Excellently written Mark
I'm going to give it another read, and a highly likely +1, knowing that others whose knowledge of the space is much more complete than mine, will find ways to fine tune this or that.
But I would doubt there will be much to disagree about at the high level.

From: mark at smartspecies.com
To: wg-p3 at kantarainitiative.org
Date: Tue, 10 May 2011 14:12:43 +0100
Subject: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Dear All, 

As we re-group and re-focus the effort in P3 it is clearly important that we as a group gather and mutually contribute to a clear understanding of where we are and where we would like to go.  With renewed focus made apparent and agreed by all of us we are then able to solicit nominations for a Co-Chair to lead the P3 effort for the next year.  In this context I have endeavoured to write this summary of the evolving scope of P3. 

The scale and the scope of the privacy and public policy issues faced in the privacy an identity management community are now stark as the P3 landscape is evolving dramatically.  P3 has endeavoured to liaise with both the public policy community and the federated identity management community on the technical issues and opportunities for privacy in identity management.   

In the last year the privacy landscape has become much more dynamic.  What has become clear is that a Privacy by Design approach to federated identity management is required that can provide a basis for Kantara efforts to integrate into. The core requirement of privacy in identity management is explicit.  The need to integrate policy with technology has never been more apparent. Challenges posed by globalisation of data flows and different privacy regimes are brining recognition for the need for a common, global approach to assuring privacy in identity management.   Nothing less than a privacy by design approach will be sufficient to engage in the emerging trust landscape of Identity Management. 

In addition to seeking a global privacy assurance certification, consideration in P3 also needs to be given to ways to improve current co-ordination among the increasing number of regional and international fora for addressing privacy issues and enhancing multi-stakeholder participation. This is an iterative and long term effort that requires an active P3 role which will require resources, participation and co-ordinated commitment from other WG in Kantara.   Something which must be facilitated by a clear P3 scope and PF effort.

A clear call to the international standards community has been made by the OECD for identity management efforts to facilitate the minimising of jurisdictional and territorial differences globally operating organisations face. Enterprise, the OECD explains, "are not always be able, or willing, to tailor their service offerings to meet the specific needs of smaller jurisdictions. Individuals expect privacy protection wherever they are. The issue of reducing global compliance challenges facing businesses while ensuring more effective data privacy protection is at the forefront" (OECD, 2011)  of what the market is demanding at this time. 

Credentials integrated with privacy designed policy has the potential to provide a legitimate foundation for the global management of privacy for all stakeholders.  A new international effort into the use of the Accountability Principle is currently underway in the international policy community and is directed at making much more accountable the participation in Safe Harbour Agreement and those Enterprises bounded by Binding Corporate Rules (BCR) in order to assure the privacy of international data flows.   The Accountability "principle will explicitly require data controllers to implement appropriate and effective measures to put into effect the legal principles and obligations and demonstrate this to the supervisory authority upon request." (OECD, 2011)  We are seeing signs of this APEC/CIPL driven regulation emerging already in the European Community, as well as in the United States.  

As P3 is in a unique position to liaise with the Identity Management community and the International Policy community we are in an opportune position to understand the privacy gap and the opportunity this gap provides for Kantara.  

As such, I propose that we evolve further and make crystal clear the scope and focus of the P3 effort to address this gap and attract the resources, membership, and leadership to drive this P3 initiative forward. 

For all those in favour of an evolved scope for P3 please contribute a +1 and where possible provide suggestions and further clarification on how we can move forward from here.  For the next step I will draft proposed topics for discussion to be delivered at the Kantara F2F that includes a scope summary for the Privacy Framework.  Again, as we are clearly at crossroads in P3 the time has come to rally together and as a group contribute (or not) to evolve P3 and direct our efforts. 

Best Regards / Mark Lizar
Secretary of the Privacy and Public Policy Work Group

_______________________________________________ WG-P3 mailing list WG-P3 at kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-p3 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110511/4e1f1c57/attachment.html 

More information about the WG-P3 mailing list