Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Richard Wilsher
Hedy Kirkby (Gov't of Canada)
Mark Lizar
Tom Smeddinghof
Susan Landau
Peter Capek
Rich Furr
Aaron Titus
Trent Adams
Gershon Janssen

Guests:
Jane Galloway (Gov't of Canada)
Rainer Hoerbe

...

  • Last Thursday and Friday Kantara Initiative participated in the NSTIC Governance workshop panel which discussed real world examples of governance models which could be modeled for the governance of the NSTIC initiatives.  The Day 1 video is posted here: http://www.nist.gov/itl/nstic-workshop-june2011.cfm.   The summaries of the breakout sessions will soon be posted as well.  

...

  • Additionally, there will be a NSTIC privacy workshop held in Cambridge Mass (see further details below).  The Kantara Privacy WG will discuss the next workshop in their meeting today to identify who from the Kantara Privacy community may attend and what further strategy includesthe P3 strategy and input will include.

Notes of importance:

  • An ACLU representative stated a seemingly thinly veiled threat something to the effect of privacy folks "having a 'pass' for 12 years", but no longer!  This brings important issues of NSTIC Privacy education and inclusion that P3 may want to consider contributing. 
  • Susan Mentioned:  In terms of explaining privacy in terms of NSTIC there is a need for education and discussion.  There are many different levels of assurance and different levels of privacy needed in different context -
  • New book from Susan and called "Economic Puzzles in Federated Identity. "  There are economic pressures in terms of law, and by different stakeholders which drive privacy economically.  
  • A second workshop has been announced – focused on privacy issues in NSTIC – on Monday June 27 and Tuesday June 28.  The event will take place at the MIT Media Lab in Cambridge, Massachusetts.  Details (including a link to online registration) are at:  http://www.nist.gov/itl/nstic-privacy-workshop.cfm.
  • The registration fee for this workshop will be only $20 – a notable discount from the fee for our first governance workshop.  A draft agenda will be posted shortly.

...

  • Tom Smedinghoff Liaison Report on  ABA Activities and recent NSTIC Workshopon NSTIC Workshop
    • Tom explains that there was confusion around which aspects of governance the meeting and comments are focused on.  This meeting an the comments are about setting up a governance of the steering group not so much a trust framework.  Although there was confusion and overlap of the two main aspects of governance that was brought up: The Governance of NSTIC as a whole and the NSTIC Governance Committee,  
    • Tom presented about what trust framework is from the ABA perspective.  Mentioned that it is important to understand what the group is building when creating the steering structure within NSTIC.
  • ABA Report - Tom Chairs the ABA - Identity Management Legal Task Force
  • Identity Management Conference Next Week IN Chicago with Aerospace Industry
  • ABA is not putting comments in for the NSTIC NOI (may get involved with an informal response)
  • ABA Goal to produce a Draft Report (the working title is "Building the Legal Framework for Online Identity Management").  It's focus is to identify and examine the legal issues related to IdM, and to evaluate possible legal structures for IdM systems.
  • ABA are holding a joint meeting with TSCP on June 22-23, 2011 (see attached email).  However, that meeting will not address the ABA report directly. in mid july with a follow up meeting (August, Sep) in Washington for comments which P3 is invited to provide

5. Topics on the List (Open Invitation for Topics in Privacy and Public Policy. )

(Drummond Reed was unable to join the call...) (so his talk was tabled and we moved on to discussing P3 NSTIC response

  • Emerging areas of identity based trust frameworks and assurance metrics.
  • Two Types of Trust.  Institutional Trust (a.k.a Identity Assurance), and (Social Trust- Governance). 
  • Does this require multiple types of trust assurance metrics?   How does Trust Assurance effect Privacy?

Proposed 6. Brainstorm for NSTIC NOI responses from P3:

Tom :
How will privacy interests be represented  by the steering group?
And how will privacy decisions be made by the steering committee?

...

  • What will the International aspects be?
  • US gov't must first develop it's national strategy, then look to international directions.
  • We could leverage International work efforts and technical solutions to inform our thinking so as not to waste time reinventing the wheel.

Question:

  • How is privacy going to be represented on the steering committee?
  • What is the authority structure and organisation of the steering committee?  Will it include org structures
  • Hedy: Are there any synergies in effect between privacy and the private sector other than what this initiative is pushing?
  • Any efforts connecting the dots between Legislation and NSTIC? 
  • Mentioning that a very strong privacy framework helps a lot as a back drop which is comfortable for the Canadian Identity management industry

Question:

  • Aaron : What do we see the authority of this governing body to be? Do they have the authority to define, bless or veto something? How will we unilaterally accept all the work coming from this body with respect to acceptance and approval of it's process.
  • Richard : Whilst the government pushes industry to drive it's work, to what extent will the gov't be a stakeholder? Will it have a golden vote?

Points Raised

  • There are various structures that the governance committee can explore. Aaron mentions the educational - legal - industry representation in the governance steering committee.
  • Tom brings up different structure that can be organised by issues, (privacy/security) Another approach - organise by type of expertise. (policy/legal/policy) various types of representation that need to be brought up.
  • Many participants are not even thinking about this today.  Needs to be organised with future participants in mind.
  • The issue of liability was raised.
  • Presumption that there would need to be a corporate entity to accommodate the needs of NSTIC operations.   Which would have a potential for liability.
  • Tom notes that authority will come from with-in the structure. from the participants.
  • Mark this means that the governance structure needs to be inclusive
  •  
  • What stake will the government take in the steering of this corporate body?
  • Kantara has a good model of governance to draw upon for response,
  •  Mark Notes: a Kantara response may include international standards in privacy, Perhaps -the need for members of the steering committee to represent standards community according to

Issues

- Organize by Issue or type of expertise.

  • ACTION : Joni will be drafting a charter to quickly spin up a discussion group as a forum to complete, compile and compose the Kantara response to the NOI. Members from all work groups will be invite to join the collaborative effort.

...