P3WG Meeting Notes 2011-10-21
Roll Call,
Mark Lizar
Anna Slomovic
Jeff Stollman
Iain Henderson
Gilad Rosner - University of Nottingham
Mickey Tevelow
Staff:
Dervla O'Reilly
Anna Ticktin
Started with an Introduction to the PAC by Anna for the Group with some clarity questions
Preparing Discussion about the IAW - P3 F2F.
- Ask IAWG for concerns with PAC for FICAM.
- Discuss the conflict of in-time consent with SAML2 and how this doesn't effect the development of PAC
- Discuss how the assessment may work upon implementation? Deliver an assessment report to FICAM.
- Is there different assessment criteria for different levels of assurance?
- PAC is focusing on the CSP. The government is the relying party.
We intend to make an active issues list for future PAC efforts and a lessons learned activity for FICAM
*********************** Drafted P3-PAC Vision and Milestones ********************
PAC The vision of the Kantara Initiative is to ensure secure, identity-based online interactions while preventing misuse of identification so that Kantara trust framework services are privacy protecting and native trustworthy activities. This vision is translated in to the P3 focus on the development of best assessment practices in identity oriented privacy frameworks that safe guard privacy and develop greater trust in online services.
Â
Privacy is a core principle of Kantara work, the Privacy and Public Policy Work Group was created to ensure that Kantara contributes to better privacy outcomes for users, data custodians and other stakeholders, by defining privacy-related principles and good practice applicable to a broad range of prevalent technology platforms.
Â
The development of Privacy Assessment Criteria is a core and critical focus in the development of trust framework as Assessment Criteria ensures a standard of transparency and privacy in the authorisation, authentication and use of digital identifiers and attributes.
Â
In the Kantara trust framework having trusted process in which Credential Service provides can ensure that identification is technically secure and low risk for Enterprise, and government, is reflected in the levels of assurance provided by the IAF.  The process by which these technical process are made socially trust worthy for the identity subject is fundamentally achieved through the development of privacy assessment criteria and the standards(Privacy Framework) that this technical infrastructure is held too.
Â
PAC Milestones:
Â
2011
1. Development of Assessment Criteria and Assessment Guide for FICAM and the Kantara Certification Process
- Testing of PAC
- FICAM Report
- Develop and maintain a: Active issues list for general PAC development, Active Issues for Relying Party Assessments (not included in FICAM PAC)
- Lessons learned and FICAM assessment report
2012
2. Development of a Generalized PAC for Jurisdictional Privacy Profiles
Â
2012/2013
3. Develop Privacy Assessment Criteria for all other Roles (besides CSP, such as RP, Framework Provider, etc.) to afford "Users" an end-to-end picture of how their information will be treated. (Ideally these PACs will have criteria closely aligned to the CSP PAC, so that the User won't have to keep track of dozens of different criteria.)
4. Development of International Privacy Profiles for Canada, EU, New Zealand.