P3WG Meeting Notes 2012-02-16
Attendees:
Peter Capek
Colin Soutar
Colin Wallis
Tom Smedinghoff
Rich Furr
Staff:
Anna Ticktin
NOTES:
_(For a review of last week's draft minutes : http://kantarainitiative.org/confluence/display/p3wg/P3WG+Meeting+Minutes+2012-02-09)_
1. PAC deep-dive:
Sanity check:
- With the IAF's US FPC, NIST 80063 Appendix J and the FICAM Privacy Profile---What is the purpose of this document? Where is it meant to be in a year's time?
- The intent is to create a generalized document that encompasses privacy criteria that aren't currently covered. Whilst the guidance could be written and documented, where and how do auditors and assessors seek evidence against the criteria?
- Current privacy requirements only target CSPs---a subset. What accountability do relying parties have regarding their treatment of PII.
- 2 Goals: Create a document that is more inclusive of other actors in the identity ecosystem, and secondly, craft more general guidance applicable to other jurisdictions.
- What's Kantara's position going to be regarding privacy assurance and assessment---beyond existing law?
- Who is our (the PAC's) audience---ARB for their assessments?
- In advance of the next call, Colin Soutar will add some initial structure to the document reflective of today's discussion. Specifically, he will attempt to address the framework, scope and overview, but will leave open how the P3 would propose an implementation to be done. Additionally, there is considerable work that remains editorially.
- Ann Geyer, as lead editor of the document, looks to work with fellow stakeholders to address the comments and progress the PAC effort.