Attendees:
Gershon Janssen
Susan Landau
Mark Lizar
Anna Slomovic
...
Apologies:
John Bradley
Joni Brennan
Staff:
Anna Ticktin
MINUTES:
1. ADMINISTRATIVE
- Roll Call
- Motion of minutes approval for 11 Jan 2011 will be carried over to the next call.
- Mark has announced Jeff's resignation and made a call for co-chair nominations to close on 26 May 2011
...
NSTIC Update: Susan Landau
(Follow
...
this link
...
for a full recap of the NSTIC launch (the panel discussion commences around 21mins into the video):http://www.youtube.com/watch?v=32P-IEmBfEA
...
)
- there seems to be a commitment to oversight at a public level
- Disappointed she was disappointed not to see more federated since it's more private and more secure. Needs
- there needs to be data accountability.
- Anna asks: Reaction What's the reaction to privacy issues? Incentives The incentives are not clear.
- "Privacy on the books and privacy on the ground paper" : LINK .
- Addresses FTC enforcement.
- Seems there is a federal push for privacy. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1568385
Aaron Titus's response to NSTIC:
- It's in the private sector's best interest to make it "user-friendly" in order to achieve privacy goals.
- Paper: IDF-NSTIC-WP.pdf sent to the list
PF Update---Call to Action:
- Our call to action for PF is something Mark will bring up at the F2F and look at combing the PF effort with other privacy efforts in Kantara
Generic/Privacy Assurance Framework: Richard Wilsher (IAWG)
Discussion : Developing an assurance framework for the P3
- Idea of a "Generic" Assurance Framework---as a reference and model, not a working instantiation.
- Use the IAF as a model to draft a "Generic" Assurance Framework which could include the IAF, a Privacy Assurance Framework and/or an Attribute Assurance Framework
- Richard explained the structure of the IAF and suggested how the "PAF" could be drafted "sideways" from the work and effort already completed by the IAWG and standing up for KI.
- Producing the GAF would be relevant to the developments in NSTIC as it makes Kantara more visible with a more complete assurance offering.
- What is the IAWG — P3 bridge? The DRAC "Data Recipient Assessment Criteria"
- Scopes are converging between P3 and IAWG work efforts.
- Industry The industry is working to satisfy ICAM requirements, but many feel that ICAM is a barrier, narrow in its views and not being responses to that the responsive. The industry could be mustering energy to move beyond it's narrow views.
- What are the market needs? To be relevant, we must tune into working into the right space and working against the right effort.
- ACTION ITEM 20110505-01 Mark : send a request to iawg the IAWG asking that they identify to the what extent that do the sacs SACs address privacy / security issues?
where Where are we going to apply and combine issues/efforts?
- P3-PFSG will focus on profiles and managing the credential in P3-PFSC
identity credentials vs privacy credentials argument for sep frameworks, as well as - The issue at hand : "Identity Credentials" vs "Privacy Credentials"
- There is an argument for separate frameworks, one issuing being not wanting to water down the iaf IAF and derail it from being Identity-driven and specific. iaf However, the IAF does not stack up in icamICAM's eyes regarding privacy
- "privacy Privacy criteria related to identity"
- Rich Furr : what What bar of privacy do you shoot for? do Do we look at different levels of assurance? We don't want to be too " high " or US-centric.
- The P3- PFSC has drifted towards profiles.
- Richard Wilsher:
Does HIPPA map to the IAF 4 assurance levels. Privacy impact assessment
LOAs? A privacy impact assessment must be conducted ...enterprise context must be entered into by an agreed upon risk assessments scaled to LOAs.
...
- Liaison with IAWG: Generic Assurance Framework an Privacy Assurance Framework
- Kantara Trust Framework Summit Presentation
- Face-to-face meeting in Berlin
- Recruiting: Inviting participants (Privacy Community/Identity Community) Invite David Wasley to P3,
4. AOB