P3WG Meeting Minutes 2009-08-06

Owned by Former user (Deleted)
Last updated: Aug 30, 2013 by Former user (Deleted)Version comment
3 min read

Kantara Initiative Privacy & Public Policy Teleconference

Date and Time

  • Date: Thursday, Aug. 6, 2009
  • Time: 8:00 PDT |11:00 EDT |15:00 UTC

Meeting Minute Status

Working Draft

This page is a Working Draft subject to further revision and has not yet been approved by the Privacy & Public Policy Work Group.

Attendees

  • J. Trent Adams
  • Patrick Curry
  • Britta Glade
  • Ian Glazer
  • Iain Henderson
  • Susan Landau
  • Georgia Marsh
  • Brett McDowell
  • Bob Pinheiro
  • Darrell Shull
  • Toby Stevens
  • Jeff Stollmann
  • Edgar Whitley
  • Robin Wilton

Apologies

  • Louise Bennett
  • Toshihiro Suzuki

Comments

RW - (1) Invited members to submit nominations for the posts of P3WG Chair and Vice chair (see actions, below)

PC - gave summary of last week's meetings with various US Govt bodies; general focus on high-assurance identity for USG employees (as opposed to citizen ID, e-gov access etc): however, it is appropriate for P3WG's overall strategy to be able to accommodate these use-cases as well.

Noted that ICAM co-chairs (Judith Spencer and Paul Grant) tend to focus on LoA=3 identities and higher, whereas David Temoshok's focus would be at the LoA=1, LoA=2 levels.

GM - noted that a previous assessment classified some 60% of USG applications as being in the LoA=1, LoA=2 categories.

[In general, I suggest we should seek to make sure the PIV and PIV-I strategies are clearly understandable to P3WG, including areas in which those strategies may intersect with non-US implementations 1,2 ]

PC - Suggested the development of an identity assurance/authentication framework which caters for the viewpoints of Government, Citizen and Regulated Industry stakeholders.

Discussion of 10 Aug Workshop (ICAM, Washington DC)

BM - Scope of meeting is specifically "USG <-> Privacy Advocates", to discuss e-authentication based on Government application consumption of LoA=1 consumer authentication artifacts from. eg. OpenID, InfoCard and InCommon, and to discuss the role of Trust Framework Providers 2

Suggested questions to raise:

  • what measures does the strategy include to ensure that the goals of citizens/users are met, as well as those of government and public sector service providers?
  • has correlation and its possible effect on user privacy been considered in the formulation of strategy? NB - a single service might be considered to have a 'low' privacy impact, but if its use can be correlated with access to other services (for instance, through use of the same e-authentication method) the over-all privacy impact may well be higher.
  • has the USG classification of applications (according to appropriate LoA) been reviewed recently to take account of technical developments, changes in application and/or delivery channel (e.g. mobile access, PKI applicability etc)?
  • "scope and mission creep": if the strategy is to "segment" applications according to LoA/authentication type, what plans are there for handling cases where i) the LoA pre-requisite of an application changes over time; ii) pressure grows to use a deployed 'low-assurance' credential for access to a 'medium-assurance' service rather than incur the expense of re-working for 'medium-assurance' credentials?

Closed actions from previous call:

  • RW, IG to arrange meeting with US VISIT program CPO at Burton Catalyst - DONE.

Actions

(1) PC to help P3WG engage with policy-maker community - ONGOING (with RW apologies for late distribution of previous action items)

(2) Call for nominations to the posts of P3WG Chair and Vice Chair. - ONGOING

  • First stage: nominations (staff at kantarainitiative dot org)
  • Second stage: secret ballot (process to be determined)

(3) RW to invite Paul Hasson (CPO - US Visit) to participate in P3WG and report status.

(4) RW to post draft of "Privacy Assurance Module" concept for Identity Assurance schemes.

Document references:

Next Meeting

  • Date: Thursday, Aug. 20, 2009
  • Time: 8:00 PDT | 11:00 EDT | 15:00 UTC (Time Chart)
    Dial-in details:
  • US/Canada toll-free number: 1.866.305.1460
  • Direct dial (toll) number: +1.416.620.1296
  • Attendee Code: 9247530
  • International toll-free numbers:
    o UK: 0800 917 5847
    o Netherlands: 08002659007
    o Belgium: 080079491
    o Japan: 00531160345
    These toll-free numbers are generously provided by BIPAC.