[WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Anna Slomovic/Equifax anna.slomovic at equifax.com
Thu May 12 13:54:42 EDT 2011


Thanks for sending this along. It is, indeed, interesting. I do have a question, though. "Security v. privacy" is a standard formulation that seems to imply some kind of opposition or zero-sum game. Is this the intent? Does the proposal include a discussion of privacy-enhancing technologies designed to provide both security and privacy?



Anna Slomovic
Chief Privacy Officer
Equifax, Inc.
1010 N. Glebe Rd.
Suite 500
Arlington, VA 22201

P: 703.888.4620
M: 703.254.9656
F: 703.243.7576
E: Anna.Slomovic at equifax.com

From: wg-p3-bounces at kantarainitiative.org [mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of Mark Lizar
Sent: Thursday, May 12, 2011 1:32 PM
To: Louise Bennett
Cc: Anna Ticktin; Kantara P3 WG
Subject: Re: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Thank you Louise,

The IGF would be an incredible opportunity for Kantara to facilitate and align efforts with the international community.  I will pass this to the appropriate people and put it on the agenda for discussion.

Best Regards / Mark Lizar

On 12 May 2011, at 17:00, Louise Bennett wrote:

Dear Mark and Kantara members

The BCS in UK has developed an series of workshops on Identity Assurance - the first was given at Infosec in London in April - The second will be given at EURODIG in Belgrade at the end of May.

We have put in a proposal to the UN Internet Governance Forum in Nairobi in September to provide a workshop. At present we are doing this with EEMA and EURIM. Would Kantara Initiative be interested in being associated with this workshop as well?

An overview is as below:
This proposal is for a workshop covering the balance between privacy and security for online identity. It addresses various debate points that are critical to the success of the Internet as so many aspects rely on the effective registration and authentication of individuals using digital identities.
It uses a round table or panel debate to solicit discussion on 5 sets of questions:
Citizens Rights & Control of Personal Data:
Minimising Access & Protecting Privacy:
Registration Authorities & ID Assurance:
Rights & Responsibilities of ID Providers:
Security v. Privacy, The Balancing Act
The workshop as a round table was presented at InfoSec 2011 where a UK input was sought. It is being presented as a panel discussion at EuroDIG 2011 in Belgrade in May to solicit a European perspective and the intention is to present it at IGF to seek an international perspective. The results and conclusions from the debates will then be published as a report and made freely available.

I can provide much fuller descriptions if there is interest



Dr Louise Bennett
louise.bennett at vivasltd.net<mailto:louise.bennett at vivasltd.net>
+44 (0)20 8748 0598
vivas ltd, 30 Castelnau, SW13 9RU
Company: 4136811

From: wg-p3-bounces at kantarainitiative.org<mailto:wg-p3-bounces at kantarainitiative.org> [mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of Colin Wallis
Sent: 10 May 2011 15:25
To: Kantara P3 WG
Subject: Re: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Excellently written Mark
I'm going to give it another read, and a highly likely +1, knowing that others whose knowledge of the space is much more complete than mine, will find ways to fine tune this or that.
But I would doubt there will be much to disagree about at the high level.
From: mark at smartspecies.com<mailto:mark at smartspecies.com>
To: wg-p3 at kantarainitiative.org<mailto:wg-p3 at kantarainitiative.org>
Date: Tue, 10 May 2011 14:12:43 +0100
Subject: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Dear All,

As we re-group and re-focus the effort in P3 it is clearly important that we as a group gather and mutually contribute to a clear understanding of where we are and where we would like to go.  With renewed focus made apparent and agreed by all of us we are then able to solicit nominations for a Co-Chair to lead the P3 effort for the next year.  In this context I have endeavoured to write this summary of the evolving scope of P3.

The scale and the scope of the privacy and public policy issues faced in the privacy an identity management community are now stark as the P3 landscape is evolving dramatically.  P3 has endeavoured to liaise with both the public policy community and the federated identity management community on the technical issues and opportunities for privacy in identity management.

In the last year the privacy landscape has become much more dynamic.  What has become clear is that a Privacy by Design approach to federated identity management is required that can provide a basis for Kantara efforts to integrate into. The core requirement of privacy in identity management is explicit.  The need to integrate policy with technology has never been more apparent. Challenges posed by globalisation of data flows and different privacy regimes are brining recognition for the need for a common, global approach to assuring privacy in identity management.   Nothing less than a privacy by design approach will be sufficient to engage in the emerging trust landscape of Identity Management.

In addition to seeking a global privacy assurance certification, consideration in P3 also needs to be given to ways to improve current co-ordination among the increasing number of regional and international fora for addressing privacy issues and enhancing multi-stakeholder participation. This is an iterative and long term effort that requires an active P3 role which will require resources, participation and co-ordinated commitment from other WG in Kantara.   Something which must be facilitated by a clear P3 scope and PF effort.

A clear call to the international standards community has been made by the OECD for identity management efforts to facilitate the minimising of jurisdictional and territorial differences globally operating organisations face. Enterprise, the OECD explains, "are not always be able, or willing, to tailor their service offerings to meet the specific needs of smaller jurisdictions. Individuals expect privacy protection wherever they are. The issue of reducing global compliance challenges facing businesses while ensuring more effective data privacy protection is at the forefront" (OECD, 2011<http://www.oecd-ilibrary.org/science-and-technology/the-evolving-privacy-landscape-30-years-after-the-oecd-privacy-guidelines_5kgf09z90c31-en>)  of what the market is demanding at this time.

Credentials integrated with privacy designed policy has the potential to provide a legitimate foundation for the global management of privacy for all stakeholders.  A new international effort into the use of the Accountability Principle is currently underway in the international policy community and is directed at making much more accountable the participation in Safe Harbour Agreement and those Enterprises bounded by Binding Corporate Rules (BCR) in order to assure the privacy of international data flows.   The Accountability "principle will explicitly require data controllers to implement appropriate and effective measures to put into effect the legal principles and obligations and demonstrate this to the supervisory authority upon request." (OECD, 2011<http://www.oecd-ilibrary.org/science-and-technology/the-evolving-privacy-landscape-30-years-after-the-oecd-privacy-guidelines_5kgf09z90c31-en>)  We are seeing signs of this APEC/CIPL driven regulation emerging already in the European Community, as well as in the United States.

As P3 is in a unique position to liaise with the Identity Management community and the International Policy community we are in an opportune position to understand the privacy gap and the opportunity this gap provides for Kantara.

As such, I propose that we evolve further and make crystal clear the scope and focus of the P3 effort to address this gap and attract the resources, membership, and leadership to drive this P3 initiative forward.

For all those in favour of an evolved scope for P3 please contribute a +1 and where possible provide suggestions and further clarification on how we can move forward from here.  For the next step I will draft proposed topics for discussion to be delivered at the Kantara F2F that includes a scope summary for the Privacy Framework.  Again, as we are clearly at crossroads in P3 the time has come to rally together and as a group contribute (or not) to evolve P3 and direct our efforts.

Best Regards / Mark Lizar
Secretary of the Privacy and Public Policy Work Group

_______________________________________________ WG-P3 mailing list WG-P3 at kantarainitiative.org<mailto:WG-P3 at kantarainitiative.org> http://kantarainitiative.org/mailman/listinfo/wg-p3
WG-P3 mailing list
WG-P3 at kantarainitiative.org<mailto:WG-P3 at kantarainitiative.org>

This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster at equifax.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110512/5a92116f/attachment-0001.html 

More information about the WG-P3 mailing list