Draft - P3WG Meeting Minutes 2010-11-04

Attendees 

Voting:

  1. Jeff Stollman
  2. Mark Lizar
  3. Trent Adams
  4. Anna Slomovic
  5. Susan Landau

Non-Voting:

  1. Eve Maler
  2. Don Thibeau
  3. John Bradley
  4. Colin Wallis
  5. Colin Soutar
  6. Rich Furr

Staff:

  1. Joni Brennan
  2. Anna Ticktin
Apologies

Abbie Barbir

AGENDA

1. Roll call - Quorum achieved

2. Leadership position open - Abbie is stepping down due to work constraints. Will continue on as an observer -

  • ACTION ITEM 20101104-01: Mark to send request for nominations to the list. Ballot to follow. 

3. Action Item - updates

OECD -Trent

  • It was incredibly high profile.  The prime minister gave the opening address.  Set the tone for privacy is important aspect of life even in light of security issues.  Made it clear that privacy was not to take a back seat to security concerns.
  • Session on fostering innovation.  - Christine did a fantastic job of representing ITAC membership.  Presented the talking points.  ITAC points have been submitted, Canadian and Israeli, US gov came up to Trent and Christine and expressed appreciation for these talking points. - Session ran away from Innovation and fostering privacy.
  • Concept of the right to be forgotten.  - Was a theme throughout the conference.  Should be allowed to be re-invent yourself, does resonate with a lot of the people and referenced a book called the "League?." rights to have photo's removed - etc.. tempered with good conversation and is an issue for 2011.
  • What kind of new legal tools need to be in place.  Countries are not indicating that they are pushing for new laws.  
  • Most important take away - Too much conversation on the social web.
  • Should focus on and consider - other issues beyond the social web. 
    ACTION ITEM 20101104-02 : MARK will post this as a future agenda item.

4. UMAWG / P3WG Presentation - Eve Maler

5. Privacy Whitepaper - Trent

  • Whitepaper call for a privacy framework around credential management life cycle. 
  • Goal: So deployers don't need to change work flow, just identify privacy considerations in existing practices and call out what needs to be considered.   The type of things that can be done to move the framework forward.
  • The group that put this together has dis-banded and submitted to this group to progress.
  • As of right now there is no current intent.
  • Jeff - Is talking about getting privacy framework as a subgroup
  • John - Privacy Framework Requirements : some document that can be profiled to create service assessment criteria that can be applied to IDP's, relying parties, attributes providers... to be able to establish credibility according to community interest; whether or not they can join a federation. 
    • At the end of the day an assessor is going to need to establish that a trust framework is trustworthy.
      • This needs concrete service assessment criteria. Each community interest is going to have an interest, technical review
      • Need technical process, and procedures that can be certified..  
      • Also Communities of Interest - need to input criteria of community of interests for assessments.mCommunities do profiles in the IAF
        • Needs a menu for service assessments.
          • This is what we can call for assessment criteria.
          • The IAF is a starting point for what is going on now. But what is the starting point ?
          • What is needed is a starting point.
            • E.g. ICAM privacy profile allows Facebook and Google do whatever they want with the IDP. In general this is not going to fly in a privacy assessment. As there are privacy assessments that are missing from current industry practice.
            • Nothing in there that says what relying parties (not gov relying parties) aught to do (Gov rely parties are subject to regulation). Some of the IDPs need to be certified for LOA levels. How do we know if an relying party is reliable, according to the criteria of the transactions that are being conducted ?  Subject to regulation. Nothing to offer at the moment, there is only policy that is hard to assess against.  
            • If their signatories..  are a legal framework that will be enforceable in some jurisdictions.
            • Question: - What kind of sanctions can be applied for these assessments? Obvious - needing a model for enforcement, but needs value to extend out of trust frameworks. John responds they won't get certified.  It depends on the particular trust framework and rules that they are governed by.  (Need live assessment Criteria)
            • John refers to the chain of liability issues that are on the table currently in commercial contract.
  • John: We need Assessment criteria that can be enforced by commercial criteria.
  • Look at existing assessment criteria
  • Colin - Privacy Framework might be easier than it looks.
    AGENDA TOPIC:  Look at IAF, gives an idea and needs the privacy angle applied.
  • Mark - Motions that the P3WG move to convene weekly meetings, with every other meeting dedicated to the Privacy Framework. Seconded by John Bradley.
  • Joni - High profile piece that has broader impact. Needs to work beyond ICAM.
    • Who is interested? This is a high priority item for the trust framework.
    • Focus of adopting this into the Kantara Initative Assurance Program - This is a first step that needs to be done to enable this as a framework for trust frameworks.
      • AGENDA TOPIC: IAF Assessment Criteria
        • Adopting into assurance framework program for certification
        • Feedback into the government programs - for a more robust privacy offering
        • Working with the trust framework model
      • AGENDA TOPIC: How will the Privacy Framework be done? Where it will be done?
        • Mark asks for Interest : Trent, Jeff, Colin, John, Joni, Susan (at low level), Mark, ColinS (low level).
        • Susan away for two calls with OASIS.
        • Joni - Will liase with other groups and project call for participants
        • Jeff cant make next Thursday.

ACTION ITEM SUMMARY:

ACTION ITEM 20101104-01: MARK to send request for nominations to the list. Ballot to follow.

ACTION ITEM 20101104-02 : MARK will post this as a future agenda item ?---re: fostering innovation [OECD].

Adjourned.