Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Notes from 17 May 2012 P3WG teleconference

  File Modified
You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.
No files shared here yet.
  • Drag and drop to upload or browse for files

    • Attendees:

    Voting

    • Colin Soutar
    • Anna Slomovic
    • Mark Lizar

    Non-voting

    • Gershon Jensen
    • Nathan Faut

    Apologies:

    • Tom Smedinghoff
    • Aaron Brauer-Rieke
    • Myisha Frazier-Mc-Elveen

    Kantara Staff:

    • Joni Brennan

    Notes

    1. Administrative:

    Roll Call
    19 April 2012 minutes.

    2. Privacy Assessment Criteria

    a) Further review and discussion of draft P3WG Privacy Work Charter.

    The 17 May draft was discussed.

    The following three points were noted:

    There was some confusion in a previous version with the terminology around identity assurance framework. The Privacy Requirements Document expresses the requirements for a particular jurisdiction or industry sector and is not intended to mean that it would be part of the Kantara Identity Assurance Framework. The generic term “identity framework” has now been used to indicate an external framework, such as FICAM.

    The term “Privacy Guidance Document” was deemed to be a little ambiguous, in light of its use in other documents sets – this has been re-termed “Privacy Best Practices Document”.

    It was suggested that the Privacy Best Practices should relate to all actors within an identity framework – the text has been modified to reflect this. Note that while Best Practices are stated to relate to all actors within the identity framework, the work in progress on the Privacy Assessment Criteria is, of course, focused only on CSP’s as per the FICAM framework and current Kantara assessment process.

    The following additional point was discussed and noted:

    Some gaps have been identified between: “Federal Identity, Credentialing, and Access Management: Privacy Guidance for Trust Framework Assessors and Auditors”, issued by FICAM; and the “Identity Assurance Framework: Additional Requirements for Credential Service Providers: US Federal Privacy Criteria”, issued by Kantara. It was noted that these gaps will be clearly noted in the P3WG Privacy Assessment Criteria Document, as discussed by the ad hoc group, and the P3WG Privacy Work Charter document will be updated to reflect this.

    Attached is the updated document, dated 18 May 2012.

    b) Update on working draft of Privacy Assessment Criteria Document

    The Ad-Hoc calls will resume on the 24th May with “Consent” being the next Requirement for which Criteria will be developed. As a reminder, Ann Geyer is working with the Ad Hoc group to step through each of the FICAM Requirements individually, after which the collective set of Privacy Assessment Criteria will be re-reviewed.

    3. Upcoming Presentations

    May 31
    Presenter:
    Gershon Janssen, Secretary, OASIS Privacy Management Reference Model Technical Committee
    Topic:
    OASIS Privacy Management Reference Model

    June 7
    Presenter:
    Steve Johnston, Senior Security and Technology Advisor at Office of the Privacy Commissioner of Canada
    Topic:
    ISO/IEC SC27 WG 5 Identity Management and Privacy

    June 14
    Presenter:
    Joshua Harris, Associate Director of the Office of Technology and Electronic Commerce, US Department of Commerce, Vice-Chair of the APEC ECSG Data Privacy Sub-Group
    Topic:
    APEC Cooperation Arrangement for Cross-Border Privacy Enforcement

    4. AOB

    Joni met with Naomi Lefkovitz last week. Naomi was formerly the privacy lead for FICAM and is now privacy lead with NSTIC.

    Naomi has agreed to present her thoughts to the P3WG (tentatively set for 28 June 2012), regarding FICAM/NSTIC and the direction of the Privacy Assessment Criteria. For her review, the current draft of the P3WG Privacy Work Charter document will be sent to her, and the Privacy Assessment Criteria draft will be forwarded to her, shortly after the 7 June ad hoc call.

    Joni provided an update of other highlights of the Privacy Identity Innovation - PII 2012 – conference. There was a good percentage of attendees (~75%) that were not traditional identity experts, but were more focused on the privacy aspects, so it was a good opportunity to spread the P3WG message. Joni noted that the general theme supported a migration from an “opt-out of an ambiguous set of privacy regulations” to “opt-in to a clearly-defined and articulated set of requirements” and that this was engendering much more trust with users.

    5. Meeting Adjourned

    • No labels