P3WG Meeting Notes 2011-09-08

Attendees:

Anna Slomovic
Peter Capek
Colin Wallis
Colin Soutar
Hedy Kirkby

Guest:
Tim Bouma

Staff:
Anna Ticktin

Meeting Notes

 
1. Roll Call-quorum not reached

2. Updates
Privacy Assessment Criteria

• Initial draft received from Bob Gellman. The draft raises many questions, so the leadership is determining the best way to work through the questions and issues in an effective and sensible way.
• As an example with "Informed Consent"  there are several substantive issues and either undefined or inconsistencies with terminology.

NIST SP 800-53, Appendix J

• comments submitted. P3 comments were well received as they were both supportive and suggestive.

3. Gov Canada Digital Identity Presentation - (Hedy Kirby and Tim Bouma)

5 Published Papers:

• Federating Identity Mgmt in Govt of Canada - Federal paper detailing the approach and strategy both interdepartmentally and cross jurisdicitionally)
• Pan Canadian Approach to Trusted Identities - similar to NSTIC
• Pan Canadian Assurance Model - collaboration between the jurisdiction addressing LOAs and risk mgmt
• GTech Conference Materials
• Ministry of Finance (CA) Report

Standard on Federated Identity Guidance Doc:

• The CA Gov has focussed on differentiating between the notion of credential assurance and identity assurance.
• From the legislative side CA Gov could not absolve departments from identity proofing.
• Tim and Hedy agree that they have much insight to offer the Kantara efforts.

• Concepts for consideration :

• 1. You can have a high LOA of a credential, but there need be no identity mgmt necessary
• 2. In the second instance, you can have situations dictating a high LOA for identity, but not for credential management.

4. AOB

• None

Adjourned