From britta at projectliberty.org Fri Feb 13 09:02:54 2009 From: britta at projectliberty.org (Britta Glade) Date: Fri, 13 Feb 2009 09:02:54 -0800 Subject: [Sig-ia] Invitation to the Identity Assurance SIG meeting next week: Feb. 17-18, Washington DC In-Reply-To: References: Message-ID: All-- As has been discussed, the Identity Assurance SIG will be hosting a face-to-face meeting next Tuesday and Wednesday in Washington DC. The full agenda and registration information is included in the attached invitation. PLEASE NOTE: the room has a maximum capacity of 35 and registration is required due to very strict security requirements, so if you are interested in attending, please contact Joni Brennan (joni at projectliberty.org) at your earliest convenience if you'd like to participate or with any questions. This information will also be posted to our wiki page . Many thanks! -- Britta Glade Liberty Alliance 925-254-4233 -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: IASIG Agenda.pdf Type: application/pdf Size: 37252 bytes Desc: not available URL: From rfurr at safe-biopharma.org Wed Feb 18 06:24:55 2009 From: rfurr at safe-biopharma.org (Rich Furr) Date: Wed, 18 Feb 2009 09:24:55 -0500 Subject: [Sig-ia] FW: Link to webcast Message-ID: <27D68E8D1692F34CBD0C4BC0ACD28FDD039EDE646F@man-130.SAFE-BIOPHARMA.LOCAL> Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer Office: 610-252-5922 Cell: 201-220-0160 Attend the 7th Annual Bio-IT World Conference & Expo and support me as a speaker. I would like to see you there. The Event is April 27-29, 2009 in Boston, MA. Visit www.bio-itworldexpo.com for further details. _____________________________________________ From: Rich Furr Sent: Wednesday, February 18, 2009 9:24 AM To: 'sig-ia at list.projectliberty.org' Subject: Link to webcast https://www1.gotomeeting.com/en_US/island/download.tmpl?Action=rgoto&_sf=1 Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer Office: 610-252-5922 Cell: 201-220-0160 Attend the 7th Annual Bio-IT World Conference & Expo and support me as a speaker. I would like to see you there. The Event is April 27-29, 2009 in Boston, MA. Visit www.bio-itworldexpo.com for further details. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at bobpinheiro.com Tue Feb 24 11:43:18 2009 From: bob at bobpinheiro.com (Bob Pinheiro) Date: Tue, 24 Feb 2009 14:43:18 -0500 Subject: [Sig-ia] Next Identity Theft SIG Call: Wednesday, March 4 9 PT/12 ET Message-ID: <49A44DD6.3060500@bobpinheiro.com> In order to promote and foster emerging identity and security technologies and standards, Liberty Alliance is in the process of transitioning to a new umbrella organization, whose official name will be announced shortly. One of the changes that will come with this new organizational structure is that Special Interest Groups will have the opportunity to become Work Groups in the new organization. Work Groups will be similar in scope to Liberty's existing Expert Groups, and will be able create formal output in the form of Specifications, and presumably other external deliverables such as Whitepapers. There has been no meeting of the Identity Theft SIG in quite some time. One reason is because, as Chair of the SIG, I had been pushing for the SIG to have some formal output in the form of one or more Whitepapers that could discuss various options or directions that Liberty Alliance might adopt to help prevent online identity theft. However, SIGs in Liberty Alliance have served primarily as discussion groups, and it was not possible to obtain the necessary resources and sponsorship to support such work. In the new organizational structure, an Identity Theft Work Group would essentially have the same standing as today's Expert Groups. While that, by itself, would not guarantee that an Identity Theft WG would be able to successfully compete for resources, it would level the playing field and put the group on equal footing with other SIGs and Expert Groups that transition to Work Groups in the new organization. We will have an Identity Theft SIG call on Wednesday, March 4 at 12 Noon ET to review these developments and try to gauge interest among possible participants in transitioning the SIG to an Identity Theft WG. Joni Brennan, Operations Manager for Liberty Alliance, will be on the call to explain this new organizational structure and answer any questions you may have. *Wednesday, March 4, 2009 9:00 AM PT / 12 Noon ET / 1700 UTC US/Canada toll-free number: 866-469-3239 US toll number: 650-429-3300 Attendee Code: 00119954 #* *International numbers can be found at wiki.projectliberty.org/index.php/IntlDialInNum * Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From Mari at MariFrank.com Tue Feb 24 12:18:17 2009 From: Mari at MariFrank.com (Mari J. Frank) Date: Tue, 24 Feb 2009 12:18:17 -0800 Subject: [Sig-ia] [SIG-IDtheft] Next Identity Theft SIG Call: Wednesday, March 4 9 PT/12 ET In-Reply-To: <49A44DD6.3060500@bobpinheiro.com> References: <49A44DD6.3060500@bobpinheiro.com> Message-ID: Bob- Thanks for the e-mail. I am very interested in helping- and have some ideas for legislation. But I will be in Mexico until March 5th and can't join in on the call .Will you be recording it? Or will you be sending out follow up notes? Sounds like you have great ideas, and I wish to prarticipate!! Thanks for keeping me informed Best, Mari Mari J. Frank, Esq.CIPP Attorney, Mediator Certified Information Privacy Professional Radio Host, Privacy Piracy 88.9 FM in Irvine, Ca. 28202 Cabot Road, Suite 300 Laguna Niguel, Ca. 92677 Phone :949-364-1511 Fax: 949-363-7561 www.identitytheft.org www.MariFrank.com www.kuci.org/privacypiracy E-mail contact at identitytheft.org Mari at MariFrank.com To order Mari's books: Call Porpoise Press 800-725-0807 This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or by phone at 949-364-1511) immediately. Thank you. From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Bob Pinheiro Sent: Tuesday, February 24, 2009 11:43 AM To: sig-idtheft at lists.projectliberty.org; iaeg; sig-ia at lists.projectliberty.org; SIG-HIM at lists.projectliberty.org Subject: [SIG-IDtheft] Next Identity Theft SIG Call: Wednesday, March 4 9 PT/12 ET In order to promote and foster emerging identity and security technologies and standards, Liberty Alliance is in the process of transitioning to a new umbrella organization, whose official name will be announced shortly. One of the changes that will come with this new organizational structure is that Special Interest Groups will have the opportunity to become Work Groups in the new organization. Work Groups will be similar in scope to Liberty's existing Expert Groups, and will be able create formal output in the form of Specifications, and presumably other external deliverables such as Whitepapers. There has been no meeting of the Identity Theft SIG in quite some time. One reason is because, as Chair of the SIG, I had been pushing for the SIG to have some formal output in the form of one or more Whitepapers that could discuss various options or directions that Liberty Alliance might adopt to help prevent online identity theft. However, SIGs in Liberty Alliance have served primarily as discussion groups, and it was not possible to obtain the necessary resources and sponsorship to support such work. In the new organizational structure, an Identity Theft Work Group would essentially have the same standing as today's Expert Groups. While that, by itself, would not guarantee that an Identity Theft WG would be able to successfully compete for resources, it would level the playing field and put the group on equal footing with other SIGs and Expert Groups that transition to Work Groups in the new organization. We will have an Identity Theft SIG call on Wednesday, March 4 at 12 Noon ET to review these developments and try to gauge interest among possible participants in transitioning the SIG to an Identity Theft WG. Joni Brennan, Operations Manager for Liberty Alliance, will be on the call to explain this new organizational structure and answer any questions you may have. Wednesday, March 4, 2009 9:00 AM PT / 12 Noon ET / 1700 UTC US/Canada toll-free number: 866-469-3239 US toll number: 650-429-3300 Attendee Code: 00119954 # International numbers can be found at wiki.projectliberty.org/index.php/IntlDialInNum Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From Mari at MariFrank.com Tue Feb 24 12:23:21 2009 From: Mari at MariFrank.com (Mari J. Frank) Date: Tue, 24 Feb 2009 12:23:21 -0800 Subject: [Sig-ia] [SIG-IDtheft] Next Identity Theft SIG Call: Wednesday, March 4 9 PT/12 ET In-Reply-To: <49A44DD6.3060500@bobpinheiro.com> References: <49A44DD6.3060500@bobpinheiro.com> Message-ID: Bob- Thanks for the e-mail. I am very interested in helping- and have some ideas for legislation. But I will be in Mexico until March 5th and can't join in on the call .Will you be recording it? Or will you be sending out follow up notes? Sounds like you have great ideas, and I wish to prarticipate!! Thanks for keeping me informed Best, Mari Mari J. Frank, Esq.CIPP Attorney, Mediator Certified Information Privacy Professional Radio Host, Privacy Piracy 88.9 FM in Irvine, Ca. 28202 Cabot Road, Suite 300 Laguna Niguel, Ca. 92677 Phone :949-364-1511 Fax: 949-363-7561 www.identitytheft.org www.MariFrank.com www.kuci.org/privacypiracy E-mail contact at identitytheft.org Mari at MariFrank.com To order Mari's books: Call Porpoise Press 800-725-0807 This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or by phone at 949-364-1511) immediately. Thank you. From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Bob Pinheiro Sent: Tuesday, February 24, 2009 11:43 AM To: sig-idtheft at lists.projectliberty.org; iaeg; sig-ia at lists.projectliberty.org; SIG-HIM at lists.projectliberty.org Subject: [SIG-IDtheft] Next Identity Theft SIG Call: Wednesday, March 4 9 PT/12 ET In order to promote and foster emerging identity and security technologies and standards, Liberty Alliance is in the process of transitioning to a new umbrella organization, whose official name will be announced shortly. One of the changes that will come with this new organizational structure is that Special Interest Groups will have the opportunity to become Work Groups in the new organization. Work Groups will be similar in scope to Liberty's existing Expert Groups, and will be able create formal output in the form of Specifications, and presumably other external deliverables such as Whitepapers. There has been no meeting of the Identity Theft SIG in quite some time. One reason is because, as Chair of the SIG, I had been pushing for the SIG to have some formal output in the form of one or more Whitepapers that could discuss various options or directions that Liberty Alliance might adopt to help prevent online identity theft. However, SIGs in Liberty Alliance have served primarily as discussion groups, and it was not possible to obtain the necessary resources and sponsorship to support such work. In the new organizational structure, an Identity Theft Work Group would essentially have the same standing as today's Expert Groups. While that, by itself, would not guarantee that an Identity Theft WG would be able to successfully compete for resources, it would level the playing field and put the group on equal footing with other SIGs and Expert Groups that transition to Work Groups in the new organization. We will have an Identity Theft SIG call on Wednesday, March 4 at 12 Noon ET to review these developments and try to gauge interest among possible participants in transitioning the SIG to an Identity Theft WG. Joni Brennan, Operations Manager for Liberty Alliance, will be on the call to explain this new organizational structure and answer any questions you may have. Wednesday, March 4, 2009 9:00 AM PT / 12 Noon ET / 1700 UTC US/Canada toll-free number: 866-469-3239 US toll number: 650-429-3300 Attendee Code: 00119954 # International numbers can be found at wiki.projectliberty.org/index.php/IntlDialInNum Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 9154 bytes Desc: not available URL: From yanross at qwest.net Tue Feb 24 16:59:10 2009 From: yanross at qwest.net (Yan Ross) Date: Tue, 24 Feb 2009 17:59:10 -0700 Subject: [Sig-ia] [Spam] [SIG-IDtheft] Next Identity Theft SIG Call: Wednesday, March 4 9 PT/12 ET In-Reply-To: <49A44DD6.3060500@bobpinheiro.com> References: <49A44DD6.3060500@bobpinheiro.com> Message-ID: <20090225005915.F3D70621D0B@mpls-qmqp-03.inet.qwest.net> Bob, I have proposed our active involvement to Paul Richard, ICFE's Executive Director, and I'm writing to confirm that will participate in the Identity Theft Work Group. I'll be on the call March 4th. Thank you for your initiative. We are looking forward to working with you and the Liberty Alliance. Best wishes, Yan Ross Director of Special Projects Institute of Consumer Financial Education At 12:43 PM 2/24/2009, Bob Pinheiro wrote: >In order to promote and foster emerging identity and security >technologies and standards, Liberty Alliance is in the process of >transitioning to a new umbrella organization, whose official name >will be announced shortly. One of the changes that will come with >this new organizational structure is that Special Interest Groups >will have the opportunity to become Work Groups in the new >organization. Work Groups will be similar in scope to Liberty's >existing Expert Groups, and will be able create formal output in the >form of Specifications, and presumably other external deliverables >such as Whitepapers. > >There has been no meeting of the Identity Theft SIG in quite some >time. One reason is because, as Chair of the SIG, I had been >pushing for the SIG to have some formal output in the form of one or >more Whitepapers that could discuss various options or directions >that Liberty Alliance might adopt to help prevent online identity >theft. However, SIGs in Liberty Alliance have served primarily as >discussion groups, and it was not possible to obtain the necessary >resources and sponsorship to support such work. In the new >organizational structure, an Identity Theft Work Group would >essentially have the same standing as today's Expert Groups. While >that, by itself, would not guarantee that an Identity Theft WG would >be able to successfully compete for resources, it would level the >playing field and put the group on equal footing with other SIGs and >Expert Groups that transition to Work Groups in the new organization. > >We will have an Identity Theft SIG call on Wednesday, March 4 at 12 >Noon ET to review these developments and try to gauge interest among >possible participants in transitioning the SIG to an Identity Theft >WG. Joni Brennan, Operations Manager for Liberty Alliance, will be >on the call to explain this new organizational structure and answer >any questions you may have. > > >Wednesday, March 4, 2009 >9:00 AM PT / 12 Noon ET / 1700 UTC >US/Canada toll-free number: 866-469-3239 >US toll number: 650-429-3300 >Attendee Code: 00119954 # > >International numbers can be found at >wiki.projectliberty.org/index.php/IntlDialInNum > > > >Bob > >------------------------------ >Robert Pinheiro Consulting LLC >908-654-1939 >bp at bobpinheiro.com >www.bobpinheiro.com > > > > >_______________________________________________ >This is a public mailing list. Content is NOT confidential. > >Sig-idtheft mailing list >Sig-idtheft at lists.projectliberty.org >http://lists.projectliberty.org/mailman/listinfo/sig-idtheft_lists.projectliberty.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From nfaut at kpmg.com Wed Feb 25 09:26:18 2009 From: nfaut at kpmg.com (Faut, Nathan E) Date: Wed, 25 Feb 2009 12:26:18 -0500 Subject: [Sig-ia] Higher Ed has a problem with the IAF ... Message-ID: <4CD1E6229688074DB7A7DD8E1B8AA6E211A513@USNSSEXC83.us.kworld.kpmg.com> All - I quote from a message on another listserv (Higher Ed IDM listserv): =-=-=-=-=-=-=-=-=- From: John Ladwig Subject: Re: IdM awareness campaign Once upon a time, when I originally ran into OMB-04-04 and NIST 800-63, my = head threatened to explode due to the conflation of credential strength = and vetting (which is an understandable shortcut, from NIST and OMB's = perspective). I've made my peace with it by tracking LoAv (processes and supporting = documents or attestations) separately from credential strength (which = really should be evaluated by the consumer at time of presentation, not = recorded and mainatained as an attribute bound to an identity record in a = directory someplace). If we ever have to demonstrate OMB-style LOA, we'll be able to calculate = it, whether transactionally, or along some other process. Now, I only shake my head at the Liberty Alliance for their spectacular = shortcut at vetting level 4 in their 1.1 Liberty Identity Assurance = Framework: 1615 AL4_ID_IPV#050 Applicant knowledge checks=20 1616 Where the applicant is unable to satisfy any of the above requirements= , that the applicant=20 1617 can provide a unique identifier, such as a Social Security Number = (SSN), that matches the=20 1618 claimed identity.=20 I haven't been able to determine yet whether this is Liberty-only = braindamage, or if it's recognized in other places. I'm resisting the = temptation to use this in local processes. -jml =-=-=-=-=-=-=-=-=- I don't recall if this issue will be addressed in IAF v.2.0. -Nathan

***********************************************************************

The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.

***********************************************************************

From brian.dilley at evalid8.com Wed Feb 25 09:41:21 2009 From: brian.dilley at evalid8.com (Brian Dilley) Date: Wed, 25 Feb 2009 12:41:21 -0500 Subject: [Sig-ia] Higher Ed has a problem with the IAF ... In-Reply-To: <4CD1E6229688074DB7A7DD8E1B8AA6E211A513@USNSSEXC83.us.kworld.kpmg.com> Message-ID: <200902251741.n1PHfLCI004044@omr1.networksolutionsemail.com> Maybe, just maybe there is an opportunity to align IAF with the new Privacy Forum and solve this issue in a harmonize fashion. Sincerely, Brian Brian D. Dilley CISA / CIPP / CGEIT GSA Advantage! - Use our GSA Schedule 70 Contract Today. Office: (866) 465-6005 Fax: (410) 465-9315 Cell: (443) 250-7681 Web: http://www.evalid8.com This electronic message contains information from eValid8R Corporation that is confidential, proprietary or otherwise protected from disclosure and is for the intended recipient. If you have received this transmission in error, please notify eValid8R at info at evalid8.com eValid8R wants you to be safe on the Internet, click on this link, http://www.evalid8.com/contactus/privacystatement.html to read our privacy statement. -----Original Message----- From: sig-ia-bounces at lists.projectliberty.org [mailto:sig-ia-bounces at lists.projectliberty.org] On Behalf Of Faut, Nathan E Sent: Wednesday, February 25, 2009 12:26 PM To: sig-ia at lists.projectliberty.org Cc: peter.alterman at gsa.gov; Nazario, Noel A Subject: [Sig-ia] Higher Ed has a problem with the IAF ... All - I quote from a message on another listserv (Higher Ed IDM listserv): =-=-=-=-=-=-=-=-=- From: John Ladwig Subject: Re: IdM awareness campaign Once upon a time, when I originally ran into OMB-04-04 and NIST 800-63, my = head threatened to explode due to the conflation of credential strength = and vetting (which is an understandable shortcut, from NIST and OMB's = perspective). I've made my peace with it by tracking LoAv (processes and supporting = documents or attestations) separately from credential strength (which = really should be evaluated by the consumer at time of presentation, not = recorded and mainatained as an attribute bound to an identity record in a = directory someplace). If we ever have to demonstrate OMB-style LOA, we'll be able to calculate = it, whether transactionally, or along some other process. Now, I only shake my head at the Liberty Alliance for their spectacular = shortcut at vetting level 4 in their 1.1 Liberty Identity Assurance = Framework: 1615 AL4_ID_IPV#050 Applicant knowledge checks=20 1616 Where the applicant is unable to satisfy any of the above requirements= , that the applicant=20 1617 can provide a unique identifier, such as a Social Security Number = (SSN), that matches the=20 1618 claimed identity.=20 I haven't been able to determine yet whether this is Liberty-only = braindamage, or if it's recognized in other places. I'm resisting the = temptation to use this in local processes. -jml =-=-=-=-=-=-=-=-=- I don't recall if this issue will be addressed in IAF v.2.0. -Nathan

***********************************************************************

The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.

*********************************************************************** _______________________________________________ Sig-ia mailing list Sig-ia at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-ia_lists.projectliberty .org