1. Roll Call
Myisha
Anna S
Rainer
Thomas H,
Staff
Anna T
2. F2F Meeting
Discuss - the similarities and common ground between IAF.
3. Privacy Framework Scope
4. AOB
Below is a summary of PF going forward, scope and F2F topic ideas.
Privacy Framework Going Forward
P3 and Kantara, are clearly at a privacy cross-roads. Kantara is ideally poised to benefit from bold initiatives to provide internet scale privacy assurance and to bridge the gap in diverse communities between legal-privacy policy and federated identity management with a Kantara certification.
UMA and the ISWG propose radically different approaches to the current management of personal and sensitive information. The IAF provides the pioneering infrastructure for Identity Assurance on the Internet. A privacy framework that can provide a method of assurance and an understanding of the privacy benefits of Kantara efforts is clearly required by ICAM and NSTIC as well as the international policy and regulatory communities. Furthermore a certification can be developed to provide an anchor for existing privacy efforts to extend privacy and trust online. An anchor created by producing a certification that can be designed to have the full legal weight of the international and regulatory policy communities behind it.
The TFMM-WG effort provides impetus for this collaboration as to provide a central picture of effort inside and out of Kantara. P3 Scope is to underline that need and requirement for a privacy approach and how this approach provides us with a clear opportunity. This is an opportunity to rally a collaborative Kantara Initiative that can co-ordinate and educate a better framework of Trust.
Of course there are significant challenges that need to be faced, this is not the easiest activity to undertake, but as Colin has very aptly pointed out these are green fields that are now accessible to us as a community to collaborate in.
In line with these challenges here is an update to the scope already presented.
Privacy Framework Scope
Produce a Privacy Framework (comprised of privacy principles) for Kantara that provides a Privacy Assurance Framework/Profiles for integration with IAF and that can be used to assert the privacy assurance of efforts in the ISWG and UMA.
The PF is exploring the development of privacy profiles that can anchor credentials and attributes as to integrate technical privacy rules for the recipient and privacy assurance in the use of the credential from the provider.
In order to facilitate this Scope and the P3 rallying call to action at the imminent face to face meeting in Berlin please review this PF Scope.
Below is the schedule for the F2F meeting, In which we have a list of topics and suggestion that we can discuss in the F2F Tuesday meetings.
Topics:
1. Socialise the PF effort with UMA, ISWG, IAF and others WG's
2. P3 to discuss the privacy aspects from IAF, UMA, ISWG as to provide a description of the privacy components and to outline initial understanding of privacy service assessment criteria
3. Discuss a re-write of the IAF into a PAF with the IAWG with a goal of encorporating the IAF infrastructure as the core foundation for the development of PAF
4. Extrapolate from these two efforts an outline of a Privacy Profile Requirements for input into the P3 Privacy Framework Process
5. Submit these assurance requirements in to the analysis of a Privacy Principles and discovery at P3
6. Develop a draft of a privacy profile from the Privacy Assurance Framework for the use of Attributes using a use case. (HIPPA was mentioned again as the first use case) (Note: Interesting observation that health data across the internet has no privacy or regulatory protection, )