[WG-P3] For your consideration

Colin Wallis colin_wallis at hotmail.com
Wed May 25 09:52:05 EDT 2011


 







<<AS: If it’s taken from an EU baseline, we will need to be careful. Many issues are in dispute between the EU and the US, starting with the definition of what constitutes PII. >>
 
CW: We should be ok there. Sue G and others debated it ad infinitum several versions ago, and got to a consensus.
 
<<AS: Additionally, we need to understand how a privacy framework would apply in the context of an identity transaction or an identity federation. FIDIS might help, but it is, once again, a European effort.>>
 
CW: Well that's where we need to study 29101, the privacy reference architecture. It (well the new material that's being integrated) gives you some broad guidelines from the actor perspectives). And it should do no more than that. As an ISO standard it has got to fit loads of uses cases, not just identity federation.  We ought to know enough about the message flow and what processes, systems etc are engaged, to draw out the necessary guidance for Trust Framework Providers (and the assessors that will later assess them) to follow in regard to identity federation.   
 
I think all these issues need to be discussed on the call. I will send out the agenda later today.
 
Thanks.
 
Anna
 

Anna Slomovic
Chief Privacy Officer
Equifax, Inc.
1010 N. Glebe Rd.
Suite 500
Arlington, VA 22201
 
P: 703.888.4620
M: 703.254.9656
F: 703.243.7576
E: Anna.Slomovic at equifax.com
 


From: Colin Wallis [mailto:colin_wallis at hotmail.com] 
Sent: Wednesday, May 25, 2011 8:09 AM
To: Anna Slomovic; Rainer Hoerbe
Cc: sg-p3pf at kantarainitiative.org; Kantara P3 WG; staff at kantarainitiative.org
Subject: RE: [WG-P3] For your consideration
 
OK, but it should. It was probably taken from an EU baseline but the idea is that any nation could profile it as a sub set. If it isn't able to do that, we're in trouble..given that the co-editor for 29100 is Sue Glueck from MSFT. 29101 has an Estonian editor with some US inputs. But what need sto be done is a quick mapping against ISTPA and if it maps ok, we should be ok there too..I suspect changes on that one though...
 



To: colin_wallis at hotmail.com; rainer at hoerbe.at
CC: anna.slomovic at equifax.com; sg-p3pf at kantarainitiative.org; wg-p3 at kantarainitiative.org; staff at kantarainitiative.org
Date: Wed, 25 May 2011 08:00:08 -0400
Subject: RE: [WG-P3] For your consideration
From: anna.slomovic at equifax.com

I have not had the time to review to see whether the ISO work would play in the US. I am cheered that it us principles-based, so it is possible. Let's discuss on the call tomorrow.
Anna 

Anna Slomovic
CPO, Equifax

Sent via DROID on Verizon Wireless


-----Original message-----

From: Colin Wallis <colin_wallis at hotmail.com>
To: Rainer Hoerbe <rainer at hoerbe.at>
Cc: Anna Slomovic <anna.slomovic at equifax.com>, "sg-p3pf at kantarainitiative.org" <sg-p3pf at kantarainitiative.org>, Kantara P3 WG <wg-p3 at kantarainitiative.org>, "staff at kantarainitiative.org" <staff at kantarainitiative.org>
Sent: Wed, May 25, 2011 11:49:56 GMT+00:00
Subject: RE: [WG-P3] For your consideration


And I will try to help where I can, but the wireframe was about as far as my knowledge runs.
 
It will be a tight fit for me to get on the call tomorrow between other calls and jetlag but I'll try...
 
Cheers
Colin

 



Subject: Re: [WG-P3] For your consideration
From: rainer at hoerbe.at
Date: Wed, 25 May 2011 12:48:43 +0200
CC: anna.slomovic at equifax.com; sg-p3pf at kantarainitiative.org; wg-p3 at kantarainitiative.org; staff at kantarainitiative.org
To: colin_wallis at hotmail.com

I agree. For my part, I hope to help with assurance metrics.  

 

 


Am 25.05.2011 um 12:20 schrieb Colin Wallis:

 

So to summarise the input from Anna, Jeff and Rainer as I understand it..
 
1) We continue with a (global) Principles based approach
2) We agree to adopting definitions from ISO 29100 A privacy Framework (also used in 29101 a privacy reference archictecure), though we have to be careful as these can't be publicly released at this stage 
3) We leverage the architecture-to-principles mapping proposed in the latest 29101 drafts (still being worked on in the ad hoc) to help us contruct that part of our framework
4) We leverage the LoP and LoC concepts, but do not try to make any sort of direct binding of LoAs to LoPrivacy (yuk)
5) We aim towards an assurance metric.
 
I didn't get any response on my early wireframe on how the doc might look (remember that we have to give advice to Trust Framework deployers and also to Privacy Framework Assessors, so it is at least a two part doc).
 
Are we good to go then?
 
Cheers
Colin    
 



From: rainer at hoerbe.at
Date: Mon, 23 May 2011 19:56:28 +0200
To: anna.slomovic at equifax.com
CC: SG-P3PF at kantarainitiative.org; wg-p3 at kantarainitiative.org; staff at kantarainitiative.org
Subject: Re: [WG-P3] For your consideration

 


Am 23.05.2011 um 16:31 schrieb Anna Slomovic/Equifax:
 





Please see inline.

 







How does the work in P3WG done so far compare to the ISO 2910x draft? Do the principles match? To what extent is the terminology aligned? Could the Kantara PF be crafted as instance of a 29101-compatible framework?



 


On the long term Kantara will have to provide the full set of principles that reach beyond US eGovernment use cases.







            I do not have a copy of the standard or the architecture in its current state. According to the ISO website, it will be published 10/15/2011.
 

Kantara does have a liaison with ISO SC 27 WG 5 and can make the draft documents available to its members (but not to mere list subscribers). Please contact Kantara staff - I think that this is a must read for P3 members.

 

 
 



This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster at equifax.com.


This message contains information from Equifax Inc. which may be confidential and privileged. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster at equifax.com.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110526/90259f2f/attachment.html 


More information about the WG-P3 mailing list