Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Attendees 

  1.  Jeff
  2. Mark
  3. Trent
  4.  Anna S
  5. Susan 
  6. Colin Walis
  7. Rich Furr
  8. Colin Sutter

NON Voting

  1. Anna T
  2. Eve 
  3. Don Thebault? 
  4. John Bradly
  5. Joni Brennan
Apologies

Abbie

AGENDA

1.      Roll call - Quorum
2.      Action Item updates

- Talk about privacy framework at half way through

- Trent Update on OECD - It was incredibly high profile.  The prime minister gave the opening address.  Set the tone for privacy is important aspect of life even in light of security issues.  Made it clear that privacy was not to take a back seat to security concerns.

  • - Session on fostering innovation.  - Christine did a fantastic job of representing ITAC membership.  Presented the talking points.  ITAC points have been submitted, Canadian and Israeli, US gov came up to Trent and Christine and expressed appreciation for these talking points. - Session ran away from Innovation and fostering privacy.
  • - Concept of the right to be forgotten.  - Was a theme throughout the conference.  Should be allowed to be re-invent yourself, does resonate with a lot of the people and referenced a book called the "League?." rights to have photo's removed - etc.. tempered with good conversation and is an issue for 2011.
  • - What kind of new legal tools need to be in place.  Countries are not indicating that they are pushing for new laws.  
  • - Most important take away - Too much conversation on the social web.  
  • Should focus on and consider - other issues beyond the social web.  - Action - Future Agenda Item. . 

3. Abbie - Stepping - Action : send nominations to Jeff & Mark. .

a.     Eve Presentation - UMA - Slides

  • UMA: Quickly control information (the goal)
  • Please check the slides for this excellent presentation.

5. Trent - Privacy Whitepaper..

  • White -paper call for a privacy framework around credential management life cycle. 
  • Goal: To deployers dont need to change your work flow, just to identify privacy considerations in existing practices and call out what needs to be considered.   The type of things that can be done to move the framework forward.
  • The group that put this together has dis-banded and submitted to this group to progress.
  • As of right now there is no current intent.
  • Jeff - Is talking about getting privacy framework as a subgroup
  • John - Privacy Framwork Requirements some document that can be profiled to create service assessment criteria that can be applied to IDP's, relying parties, attributes providers to be able to establish credity according to community interest.  Whether or not they can join a federation. 
    • At the end of the day an assessor is going to need to establish that a trust framework is trustable.
      • This needs concrete - service assessment criteria- each community interest is going to have an interest, technical review - 
      • Need technical process, and procedures that can be  certified..  
      • Also Communities of Interest - needs to input criteria of community of interests for assessments.. Communities do profiles in the IAF
        • needs a menu for service assessments need to be. 
          • THis is what we can call for assessment criteria..
          • The IAF is a starting point for what is going on now..  but what is the starting point we should be at?
          • What is needed a starting point..  For ICAM is really Lame ass.. :-)  What the IDP can do with
            • E.g. ICAM privacy profile allows facebook and google do whatever they want with the IDP. in general this is not going to fly in a privacy assessment. As there are privacy assessments that are missing from current industry practice.
            • Nothing in ther that says what relying partie (not gov relying parties) aught to do ...  - (Gov rely parties are subject to regulation.). Some of the IDPs need to be certified for LOA levels..  how do we know if an relying party is reliable, according to the criteria of the transactions that are being conducted ?  subject to regulation..  Nothing to offer at the moment, there is only policy that is hard to assess against.   t
            • If their signatories..  are a legal framework that will be enforceable in some jurisdictions.
            • Question: - What kind of sanctions can be applied to for these assessments? Obvious - needing a model for enforcement, but needs value to extend out of trust frameworks.. John responds they wont get certified..  It depends on the particular trust framework and rules that they are governed by..  (Need live assessment Criteria)
            • John refers to the chain of liability issues that are on the table currently in commercial contract..
  • John: We need Assessment criteria that can be enforced by commercial criteria.
              • look at existing assessment critereia
  • Colin - Privacy Framework might be easier than it looks. Agenda:  look at IAF, gives an idea and needs the privacy angle applied..
  • Mark - Motion meeting next  week. Motion Second by John Bradly
  • Joni - High profile piece that has broader impact. Needs to work beyond ICAM.
    • Who is interested? This is a high priority item for the trust framework.
    • Focus of adpting this into the Kantara INitative Assurance Program - This is a first step that needs to be done to enable this as a framework for trust frameworks.
      • Agenda: IAF Assessment Criteria
        • Adopting into assurance framework program for certification
        • Feedback into the governement programs - for a more robust privacy offering
        • Working with the trust framework model
  •  
  • Agenda: First thing is how the PF will be done, where it will be done
    • Mark asks for Interest : Trent, Jeff, Colin, John, Joni, Susan (at low level), Mark, ColinS (low level).
  • Joni - Will liase with other groups and project call for participants
  • Susan away for two calls with OASIS.
  • Jeff cant make next Thursday.
  • Roll Call
  • No labels