[WG-P3] P3WG Ad Hoc group on Privacy Assessment Criteria --Minutes for 7/5

Colin Wallis colin_wallis at hotmail.com
Thu Jul 5 21:53:47 EDT 2012

Thanks Ann
5. Tasks Assigned
> Open
> • Collin Soutar—identify candidate definitions from industry standards
> for “persistent abstract identifier.”

Actually, I think it was this Colin who offered to help on the definitions.. :-)
So nothing is ever perfect in Definitions-land as the following will attest to.
Enjoy! :-)
ITU-T x.1252 - baseline identity management terms and defiitions:
Identifier: One or more attributes used to identify an entity witin a context
Persistent: Existing and able to be used in services outside the direct control of the issuing assigner, without a stated time limit.
ISO 24760-1 A framework for Identity Management - Terminology and concepts:

3.1.4 identifier 
unique identity
distinguishing identity 
identity information (3.2.4) that unambiguously distinguishes one entity (3.1.1) from another one in a given domain (3.2.3) 

NOTE 1 An identifier may be suitable for use outside the domain. 
NOTE 2 An identifier may be an attribute with an assigned value. 
NOTE 3 An identifier may be the one or more attributes that determine if an identity passes or fails specific criteria. 
EXAMPLE A name of a club with a club-membership number, a health insurance card number together with a name of the insurance company, an email address, or a Universal Unique Identifier (UUID) can all be used as identifiers. In a voter’s register, the combination of attributes name, address and date of birth are sufficient to unambiguously distinguish a voter.  

3.1.6 reference identifier RI 
identifier (3.1.4) in a domain (3.2.3) that is intended to remain the same for the duration an entity (3.1.1) is known in the domain and is not associated with another entity for a period specified in a policy after the entity ceases to be known in that domain 

NOTE 1 A reference identifier persists at least for the existence of the entity in a domain and may exist longer than the entity, e.g. for archival purposes. 
NOTE 2 A reference identifier for an entity may change during the lifetime of an entity at which point the old reference identifier is no longer applicable for that entity. 
EXAMPLE A driver license number that stays the same for an individual driver’s driving life is a persistent identifier, which references additional identity information and that is a reference identifier. An IP address is not a reference identifier as it can be assigned to other entities. .

3.6.3 pseudonym 
identifier (3.1.4) that contains the minimal identity information (3.2.4) sufficient to allow a verifier (3.3.6) to establish it as a link to a known identity (3.1.2) 

NOTE 1 A pseudonym can be used to reduce privacy risks that are associated with the use of identifiers with fixed or known values. 
NOTE 2 A pseudonym can be an identifier with a value chosen by the person, or assigned randomly.  

> Date: Thu, 5 Jul 2012 10:02:46 -0700
> From: ageyer at tunitas.com
> To: wg-p3 at kantarainitiative.org
> Subject: [WG-P3] P3WG Ad Hoc group on Privacy Assessment Criteria --Minutes for 7/5
> The minutes of today's PAC discussion are included below and also
> posted at the Kantara site at
> http://kantarainitiative.org/confluence/pages/viewpage.action?pageId=49775195
> Date: 7-5-2012
> PAC Drafting Conference Call
> Attendees:
> Ann Geyer
> Collin Soutar
> Collin Wallis
> Peter Kapek
> Tom Smedingham
> 1. Drafting Discussion --General
> • None
> 2. Drafting Discussion – Minimalism #2.3
> • Clarified that the RP has the right to specify the information it
> requires from the CSP, provided the specification is made in writing.
> • If the RP has not provided written instructions, then the CSP may
> provide only the information specified in the Federal Profile
> • If the RP requests information that is a subset of the Federal
> Profile, it should but need not be by written request.
> • Identified that there is no mechanism in this document to place
> minimal data collection and usage requirements on a RP, since RP are
> out of scope. Issue is placed in the parking lot for further
> discussion.
> • Identified that there is minimal data collection and usage
> requirements on the CSP for CSP purposes not directly related to the
> RP authentication transactions. Issue is place in the parking lot for
> further discussion.
> 3. Drafting Discussion – Unique Identity #2.4
> • Discussed the context for this requirement. Agreed that some context
> explanation should be included to guide the assessor. For example,
> purpose of the persistent abstract identifier is to allow the RP to
> consolidate transactions from the same individual without requiring
> information about the individual’s identity.
> • Agreed to include a definition of “persistent abstract identifier”
> from ISO or other industry standards organization. Collin Soutar
> volunteered to track down candidate definitions for next call.
> • Clarified that the requirement calls for the identifier to be unique
> to a specific RP. The purpose is to minimize the likelihood that
> individual can be profiled and possibly identified by combining
> transactions across multiple RPs using the individual’s persistent
> abstract identifier. Collin Wallis mentioned that in Canada, RPs are
> not permitted to share and consolidate information in this way.
> • Identified a need to include requirements for information protection
> for the identifier. Absent specific requirements added to the
> Requirements document, we will provide recommendations to the
> assessors as to what safeguards to evaluation. We are relying on the
> inclusion of information protection as a core privacy principle.
> 4. Parking Lot Items (Consolidated List)
> >From 7/5/2012
> • Requirements on RP for collecting only the minimal information
> necessary from the CSP for its authentication transactions.
> • Look ahead to Adquate Notice shows that the notice requirements
> apply only to the information transmitted to a RP and not to other
> uses that the CSP may have for collecting PII. There is a general
> concern that requiring the disclosure of too much PII would invalidate
> the voluntary participation/consent privacy principle.
> • Is there a US restriction on whether Federal RP can share identity
> information across RP applications?
> • Need to determine what information protections/data safeguards
> should be included in the assessment of Unique Identity requirements.
> >From 6/7/2012
> • Discussants felt that guidance on how the private information
> collected and maintained by a CSP is protected should be part of this
> document
> 5. Tasks Assigned
> Open
> • Collin Soutar—identify candidate definitions from industry standards
> for “persistent abstract identifier.”
> Closed
> • Collect the relevant working and reference documents and post them
> to the P3WG site for easy reference. Ann Geyer done 6/8/2012
> • When feasible, extract from passages for discussion and post then in
> the meeting reminder email for easy reference. Ann Geyer done
> 6/8/2012
> 6. Items Referred to Full P3WG: none
> 7. Attachments: none
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20120706/84fba2cf/attachment-0001.html 

More information about the WG-P3 mailing list