Versions Compared

Old Version 2

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees 

...

Voting:

  1. Jeff Stollman
  2. Mark Lizar
  3. Trent Adams
  4.  Anna S
  5. Susan 
  6. Colin Walis
  7. Rich Furr
  8. Colin Sutter

NON Voting

  1. Anna T
  2. Eve 
  3. Don Thebault? 
  4. John Bradly
  5. Joni BrennanAnna Slomovic
  6. Susan Landau

Non-Voting:

  1. Eve Maler
  2. Don Thibeau
  3. John Bradley
  4. Colin Wallis
  5. Colin Soutar
  6. Rich Furr

Staff:

  1. Joni Brennan
  2. Anna Ticktin
Apologies

Abbie Barbir

AGENDA

1.       Roll call - Quorum achieved

2.       Action Item updates

- Talk about privacy framework at half way through

- Trent Update on OECD - Leadership position open - Abbie is stepping down due to work constraints. Will continue on as an observer -

  • ACTION ITEM 20101104-01: Mark to send request for nominations to the list. Ballot to follow. 

3. Action Item - updates

OECD -Trent

  • It was incredibly high profile.  The prime minister gave the opening address.  Set the tone for privacy is important aspect of life even in light of security issues.  Made it clear that privacy was not to take a back seat to security concerns.
  • - Session on fostering innovation.  - Christine did a fantastic job of representing ITAC membership.  Presented the talking points.  ITAC points have been submitted, Canadian and Israeli, US gov came up to Trent and Christine and expressed appreciation for these talking points. - Session ran away from Innovation and fostering privacy.
  • - Concept of the right to be forgotten.  - Was a theme throughout the conference.  Should be allowed to be re-invent yourself, does resonate with a lot of the people and referenced a book called the "League?." rights to have photo's removed - etc.. tempered with good conversation and is an issue for 2011.
  • - What kind of new legal tools need to be in place.  Countries are not indicating that they are pushing for new laws.  
  • - Most important take away - Too much conversation on the social web.  
  • Should focus on and consider - other issues beyond the social web.  - Action - Future Agenda Item. . 

3. Abbie - Stepping - Action : send nominations to Jeff & Mark. .

...


  • ACTION ITEM 20101104-02 : MARK will post this as a future agenda item.

4. UMAWG / P3WG Presentation - Eve Maler

  • UMA: Quickly control information (the goal)
  • Please check the slides for this excellent presentation.

5. Trent - Privacy Whitepaper..

5. Privacy Whitepaper - Trent

  • Whitepaper call for a privacy framework around credential management life cycle. 
  • Goal: To So deployers dont don't need to change your work flow, just to identify privacy considerations in existing practices and call out what needs to be considered.   The type of things that can be done to move the framework forward.
  • The group that put this together has dis-banded and submitted to this group to progress.
  • As of right now there is no current intent.
  • Jeff - Is talking about getting privacy framework as a subgroup
  • John - Privacy Framwork Framework Requirements : some document that can be profiled to create service assessment criteria that can be applied to IDP's, relying parties, attributes providers... to be able to establish credity credibility according to community interest.  Whether ; whether or not they can join a federation. 
    • At the end of the day an assessor is going to need to establish that a trust framework is trustabletrustworthy.
      • This needs concrete - service assessment criteria- each . Each community interest is going to have an interest, technical review
      • Need technical process, and procedures that can be  be certified..  
      • Also Communities of Interest - needs need to input criteria of community of interests for assessments.. Communities mCommunities do profiles in the IAF
        • needs Needs a menu for service assessments need to be.  
          • THis This is what we can call for assessment criteria..
          • The IAF is a starting point for what is going on now. .  but But what is the starting point we should be at ?
          • What is needed is a starting point. .  For ICAM is really Lame ass.. :-)  What the IDP can do with
            • E.g. ICAM privacy profile allows facebook Facebook and google Google do whatever they want with the IDP. in In general this is not going to fly in a privacy assessment. As there are privacy assessments that are missing from current industry practice.
            • Nothing in ther there that says what relying partie parties (not gov relying parties) aught to do ...  - (Gov rely parties are subject to regulation.). Some of the IDPs need to be certified for LOA levels. .  how How do we know if an relying party is reliable, according to the criteria of the transactions that are being conducted ?  subject Subject to regulation..   Nothing to offer at the moment, there is only policy that is hard to assess against.   t
            • If their signatories..  are a legal framework that will be enforceable in some jurisdictions.
            • Question: - What kind of sanctions can be applied to for these assessments? Obvious - needing a model for enforcement, but needs value to extend out of trust frameworks. . John responds they wont won't get certified..  It depends on the particular trust framework and rules that they are governed by..  (Need live assessment Criteria)
            • John refers to the chain of liability issues that are on the table currently in commercial contract..
  • John: We need Assessment criteria that can be enforced by commercial criteria.
  • look Look at existing assessment critereiacriteria
  • Colin - Privacy Framework might be easier than it looks. Agenda
    AGENDA TOPIClook Look at IAF, gives an idea and needs the privacy angle applied..
  • Mark - Motion meeting next  week. Motion Second by John BradlyMotions that the P3WG move to convene weekly meetings, with every other meeting dedicated to the Privacy Framework. Seconded by John Bradley.
  • Joni - High profile piece that has broader impact. Needs to work beyond ICAM. Agenda: First thing is how the PF will be done, where
    • Who is interested? This is a high priority item for the trust framework.
    • Focus of adpting adopting this into the Kantara INitative Initative Assurance Program - This is a first step that needs to be done to enable this as a framework for trust frameworks.
      • AgendaAGENDA TOPIC: IAF Assessment Criteria
        • Adopting into assurance framework program for certification
        • Feedback into the governement government programs - for a more robust privacy offering
        • Working with the trust framework model
  •  
      • AGENDA TOPIC: How will the Privacy Framework be done? Where it will be done?
        • Mark asks for Interest : Trent, Jeff, Colin, John, Joni, Susan (at low level), Mark, ColinS (low level).
        • Susan away for two calls with OASIS.
        • Joni - Will liase with other groups and project call for participants
  • Susan away for two calls with OASIS.
        • Jeff cant make next Thursday.
    Roll Call