P3WG Meeting Notes 2011-01-27

Owned by Mark Lizar (Unlicensed)
Last updated: Aug 30, 2013 by Former user (Deleted)

AGENDA:

1.      Roll call

Lindy Siegert
Rich Furr
Colin Soutar
Mark Lizar ---voting
Bill Braithwaite
Susan Landau---voting
Tom Smedinghoff
Colin Wallis
Anna Slomovic---voting
Dale Olds
Peter Capek---voting
Gershon Janssen---voting
Myisha Frazier McElveen-voting
Jeff Stollman

Apologies:
Trent Adams
Jay Unger

Staff:
Joni Brennan
Anna Ticktin

2.      Agenda review/prioritization

3.      Administrative actions

4.      Privacy News Updates

b.      NASPO (Anna S)

  • NASPO - the consensus body met in Atlanta last week -
  • -Went through methodology for creating the standards with repeatable results. focusing on Imposter Fraud, in identity standards. (Nist L04 - doesnt do idetity Fraud very well)  
  • Break out a Privacy WG - looking at the way FIPS is integrated into the standard its self.  To issues notice . (9:39) By the end of April - The applicability of FIPs - Way to apply FIPS - Notice would be applicable to the standard itself, as the standard needs to provide what needs to be provided.   Without a roadmap for fraud. 
  • NASPO to cover verification of public and private credentials.

c.       OASIS Privacy Management Reference Model Technical Committee update (Susan)

Discussing how to Mary policy to acutal operational control - problems with the high level approach have been discussed. 

- Have come up with a lifecycle approach

- with a very current thoughtful data model. 

- OASIS is doing some work with Use Cases.

  • one is smart grid
  • another with health care
  • Timelines are still being discussed
  • Life Cycle of Identity -

a.       CDT/K&L Gates meetings (Tom)

Tom Provide a great update

  • CDT Meeting  - reference to the NSTIC draft comments - critical mis understanding that the commerce dept was going to deliver DID,  The meeting was about, what are the positive aspects of the Identity Eco-system?  Looking at it from different perspectives.
  • THe afternoon session was focused on legal issues.  Tom, Scott, John Clippenger, found that there is challenges for a legal framework. 
  • Scott talked about different performance levels - levels of control, levels of protection. 
  • John did a presentation of a pilot project - taking these three metrics and turn them into a dashboard - on a mobile phone.
  • Wide range of legal issues
  • Bad press coverage.
  • ABA - Committee is going to release a report about legal issues - Discussed a lot about liability. Talking about the nature of the legal issues, existing laws across jurisdiction. 
  • Problem of contract to modify these laws through a Trust Framework, which comes down to a liability concerns, end of the day it comes down to policy,
  • Next two weeks delivering a staff report.

d.      ISO (Colin)

- ad hoc working groups developing the 29101 standard - privacy reference architecture.
- a lot of work in the last couple of months have progressed this greatly
- Needs to be submitted by national bodies which is difficult because of big changes later in the process

29100 - is up for final committee draft .  - Vote comes through in March (High Level Input)

29190 - Privacy capability framework . - Closer to what we do.

- Joni - Working towards an arrangement for a summary of these ISO drafts to be released to the group through a sub-committee.

- Aiming for early next weeks.  - Next meeting is in April in Singapore- ..

5. Privacy Framework update

- Scope is decided to start with the IAF/ICAM requirements. 

- Agreed milestones for discovery to finish and Analysis to start on March 3rd

- Please take a look at the Wiki for discovery information

6.       Other business

- P3 is refocusing as a forum to present to other organisations and provide feeback about the privacy landscape.

- P3 - To provide input and comments in to ITAC

- P3 - TDTrust Symposiumis another chance to represent Kantara

- Present - What Kantara is doing around the PF

- Point to organise A review of ISO Privacy Documents - To be Kantara's Submitting comments to draft standards

- FYI -  Board has approved a sub-committe who wants to take review of external documents are able to do so.- e.g. ISO, NSTIC,  - In order to gain access, must be a member of Kantara, Or apart of the leadership council. Agree to keep the information confidential.

7.       Update roll call

8.       Review Action Items

No Action Items Recorded