Notes from 23 August 2012 P3WG teleconference
Participants
Voting
- Colin Soutar
- Ann Geyer
- Anna Slomovic
Non-voting
- Tom Smedinghoff
- Nathan Faut
- Gershon Janssen
- Peter Capek
Kantara Staff:
- Brenda Mancuso
- Heather Flanagan
Notes:
1. Administrative:
Roll call - Quorum was not achieved – 3 of 9 voting members were present during the roll call.
2. Review of face-to-face meeting in Washington 7/8 August.
Co-Chair Colin Soutar stated that the P3WG, IAWG, and Attribute Management Discussion Group would determine the assessment criteria for identity/privacy assurance. They would maintain the generic requirements, while other WGs may submit other requirements to help refine the requirements for a particular industry sector or jurisdiction. The next step is a draft of notes from the meeting (to be provided by Joni.)
The group discussed what should be covered in a trust framework and what is considered to be outside of the scope. An agreement is needed on the responsibilities of members, such as protection of personal information by IDP’s and RP’s.
There was discussion of two considerations relating to RPs:
- What are the best practices recommended to, or the obligations required by, RP’s in terms of handling PII?
- What is the enforcement mechanism to ensure that such requirements are met?
3. Review of NSTIC meeting in Chicago.
Colin stated that the main meeting was more organizational, including elections. The group successfullyprogressed with a framework for moving forward.
There was not much substantive issues discussed in the main meeting or the Working Group/Standing Committee meetings. There were different interpretations of the by-laws (e.g., whether the privacy standing committee had veto power) that may result in recommendations for the by-laws task force, or clarification of the individual Standing Committee charters.
The BoD is in the process of deciding whether Kantara will participate in NSTIC as an entity. The group discussed whether P3WG should request to Kantara to serve as Liaison to the NSTIC Privacy Standing Committee.
4. Privacy Assessment Criteria
Ann Geyer gave an update on the progress of PAC. On the last 5 calls, there were three or fewer attendees (could be due to vacation). The ad hoc group needs resources to create/edit the document. Ann stated that the group may want to adopt the FICAM document and edit that, instead of create a document from the beginning.
The group discussed the need to modify the process to address inconsistencies between PAC and FICAM. Ann suggested to shift the focus to improve the existing assessment document instead of working with the profile. The group agreed that FICAM is important to Kantara, and it may be valuable to the P3WG to present the discrepancies and highlight the work of the P3.
The path forward is to conclude the U.S. specific FICAM document, and present the work in 3 columns (FICAM Guidance; Kantara Additional Requirements; and Privacy Assessment Criteria and/or discrepancies). This topic should also be moved to plenary calls instead of ad hoc calls.
5. Future Presentations
Gershon will present the topic below on the 6 September teleconference. Brenda will set up a test call with Gershon.
Presenter:
Gershon Janssen, Secretary, OASIS Privacy Management Reference Model Technical Committee
Topic:
OASIS Privacy Management Reference Model
6. AOB
No other business was discussed
Meeting ended at 11:59am EDT.