From bob at bobpinheiro.com Mon Apr 20 18:13:15 2009 From: bob at bobpinheiro.com (Bob Pinheiro) Date: Mon, 20 Apr 2009 21:13:15 -0400 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG Message-ID: <49ED1DAB.1000806@bobpinheiro.com> To: Members of the Liberty Alliance Identity Theft Prevention SIG As you may know by know, Liberty Alliance has become the Kantara Initiative . As I have previously noted, the Identity Theft SIG may (if there is sufficient interest) transition into Kantara as a new Work Group. The new WG needs a Charter, which describes the purpose of the group and what the group intends to do. I have put together a draft Charter for the group, which is attached. Please review this and provide any comments, suggestions for additions or deletions, etc. that you feel is appropriate. On a previous SIG call, it was suggested that the new WG should include some work on privacy policy. I did not specifically include anything on privacy in the draft Charter. However, the area of privacy policy is so broad that I wonder whether privacy issues should be handled in a completely separate WG dedicated to that subject. If you have any concrete thoughts on specific work related to privacy that should be included, or whether privacy should be addressed in a separate WG, please pass these along also. It has been suggested that the name Identity Theft WG is too broad, and that a new name may be needed. I have tentatively chosen the name Consumer Identity Work Group. What do you think? Thanks Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ID-Theft_WG_NewOrg_Draft_Charter_v.02.doc Type: application/msword Size: 56320 bytes Desc: not available URL: From brett at projectliberty.org Wed Apr 22 12:24:39 2009 From: brett at projectliberty.org (Brett McDowell) Date: Wed, 22 Apr 2009 12:24:39 -0700 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG In-Reply-To: <49ED1DAB.1000806@bobpinheiro.com> References: <49ED1DAB.1000806@bobpinheiro.com> Message-ID: <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> Just a slight correction. Liberty Alliance along with Data Portability Project, Information Card Foundation, XDI.org, Concordia Project, OpenLiberty, and the Internet Society have co-formed the Kantara Initiative and Liberty Alliance is actually a member of Kantara Initiative. That said, it is the desire of the MB, EG, and SIG leadership to migrate all our work into Kantara as soon as possible. If all goes well, as we expect it will, Liberty Alliance will discontinue operations at the end of 2009 leaving all the activities and assets of Liberty in Kantara (along with activities from the other co-founding organizations). I just wanted to clarify that, but it changes nothing about your proposal Bob. Nice work. Kind Regards, Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com On Apr 20, 2009, at 6:13 PM, Bob Pinheiro wrote: > To: Members of the Liberty Alliance Identity Theft Prevention SIG > > As you may know by know, Liberty Alliance has become the Kantara > Initiative. As I have previously noted, the Identity Theft SIG may > (if there is sufficient interest) transition into Kantara as a new > Work Group. The new WG needs a Charter, which describes the purpose > of the group and what the group intends to do. I have put together > a draft Charter for the group, which is attached. Please review > this and provide any comments, suggestions for additions or > deletions, etc. that you feel is appropriate. > > On a previous SIG call, it was suggested that the new WG should > include some work on privacy policy. I did not specifically include > anything on privacy in the draft Charter. However, the area of > privacy policy is so broad that I wonder whether privacy issues > should be handled in a completely separate WG dedicated to that > subject. If you have any concrete thoughts on specific work related > to privacy that should be included, or whether privacy should be > addressed in a separate WG, please pass these along also. > > It has been suggested that the name Identity Theft WG is too broad, > and that a new name may be needed. I have tentatively chosen the > name Consumer Identity Work Group. What do you think? > > Thanks > > Bob > ------------------------------ > Robert Pinheiro Consulting LLC > 908-654-1939 > bp at bobpinheiro.com > www.bobpinheiro.com > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bob at bobpinheiro.com Wed Apr 22 13:27:39 2009 From: bob at bobpinheiro.com (Bob Pinheiro) Date: Wed, 22 Apr 2009 16:27:39 -0400 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG In-Reply-To: <27D68E8D1692F34CBD0C4BC0ACD28FDD039EE973C3@man-130.SAFE-BIOPHARMA.LOCAL> References: <49ED1DAB.1000806@bobpinheiro.com> <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> <27D68E8D1692F34CBD0C4BC0ACD28FDD039EE973C3@man-130.SAFE-BIOPHARMA.LOCAL> Message-ID: <49EF7DBB.80706@bobpinheiro.com> The way I see it, the Identity Assurance and Accreditation WG will focus on maintaining and revising the IAF, SAC, and Accreditation stuff. They won't get into application areas such as consumer authentication, identity theft, authentication for access to health records, etc. However, I think it's possible there could be some overlap between the Consumer Identity WG and the Health Identity Management WG. So to avoid this overlap, the two groups will need to interact in some way on areas of mutual interest. Bob Rich Furr wrote: > > My only concern is that if approved we would have the Identity > Assurance and Accreditation (or some other more appropriate name) Work > Group, the Health Identity Management Work Group and the Consumer > Identity Work Group. Could things start to become a bit confusing to > the casual observer? > > > > Rich Furr > > Head Global Regulatory Affairs and Chief Compliance Officer > > Office: 610-252-5922 > > Cell: 201-220-0160 > > > > > > > > *From:* sig-idtheft-bounces at lists.projectliberty.org > [mailto:sig-idtheft-bounces at lists.projectliberty.org] *On Behalf Of > *Brett McDowell > *Sent:* Wednesday, April 22, 2009 3:25 PM > *To:* Bob Pinheiro > *Cc:* sig-idtheft > *Subject:* Re: [SIG-IDtheft] Draft Charter for Identity Theft WG > > > > Just a slight correction. Liberty Alliance along with Data > Portability Project, Information Card Foundation, XDI.org, Concordia > Project, OpenLiberty, and the Internet Society have co-formed the > Kantara Initiative and Liberty Alliance is actually a member of > Kantara Initiative. > > > > That said, it is the desire of the MB, EG, and SIG leadership to > migrate all our work into Kantara as soon as possible. If all goes > well, as we expect it will, Liberty Alliance will discontinue > operations at the end of 2009 leaving all the activities and assets of > Liberty in Kantara (along with activities from the other co-founding > organizations). > > > > I just wanted to clarify that, but it changes nothing about your > proposal Bob. Nice work. > > > > Kind Regards, > > > > Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com > > > > On Apr 20, 2009, at 6:13 PM, Bob Pinheiro wrote: > > > > To: Members of the Liberty Alliance Identity Theft Prevention SIG > > As you may know by know, Liberty Alliance has become the Kantara > Initiative . As I have previously > noted, the Identity Theft SIG may (if there is sufficient interest) > transition into Kantara as a new Work Group. The new WG needs a > Charter, which describes the purpose of the group and what the group > intends to do. I have put together a draft Charter for the group, > which is attached. Please review this and provide any comments, > suggestions for additions or deletions, etc. that you feel is appropriate. > > On a previous SIG call, it was suggested that the new WG should > include some work on privacy policy. I did not specifically include > anything on privacy in the draft Charter. However, the area of > privacy policy is so broad that I wonder whether privacy issues should > be handled in a completely separate WG dedicated to that subject. If > you have any concrete thoughts on specific work related to privacy > that should be included, or whether privacy should be addressed in a > separate WG, please pass these along also. > > It has been suggested that the name Identity Theft WG is too broad, > and that a new name may be needed. I have tentatively chosen the name > Consumer Identity Work Group. What do you think? > > Thanks > > Bob > > ------------------------------ > Robert Pinheiro Consulting LLC > 908-654-1939 > bp at bobpinheiro.com > www.bobpinheiro.com > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Mari at MariFrank.com Wed Apr 22 18:51:49 2009 From: Mari at MariFrank.com (Mari J. Frank) Date: Wed, 22 Apr 2009 18:51:49 -0700 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG In-Reply-To: <49EF7DBB.80706@bobpinheiro.com> References: <49ED1DAB.1000806@bobpinheiro.com> <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> <27D68E8D1692F34CBD0C4BC0ACD28FDD039EE973C3@man-130.SAFE-BIOPHARMA.LOCAL> <49EF7DBB.80706@bobpinheiro.com> Message-ID: >From my perspective- privacy should be included- Mari J. Frank, Esq.CIPP Attorney, Mediator Certified Information Privacy Professional Radio Host, Privacy Piracy 88.9 FM in Irvine, Ca. 28202 Cabot Road, Suite 300 Laguna Niguel, Ca. 92677 Phone :949-364-1511 Fax: 949-363-7561 www.identitytheft.org www.MariFrank.com www.kuci.org/privacypiracy E-mail contact at identitytheft.org Mari at MariFrank.com To order Mari's books: Call Porpoise Press 800-725-0807 This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or by phone at 949-364-1511) immediately. Thank you. From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Bob Pinheiro Sent: Wednesday, April 22, 2009 1:28 PM To: Rich Furr Cc: Brett McDowell; sig-idtheft Subject: Re: [SIG-IDtheft] Draft Charter for Identity Theft WG The way I see it, the Identity Assurance and Accreditation WG will focus on maintaining and revising the IAF, SAC, and Accreditation stuff. They won't get into application areas such as consumer authentication, identity theft, authentication for access to health records, etc. However, I think it's possible there could be some overlap between the Consumer Identity WG and the Health Identity Management WG. So to avoid this overlap, the two groups will need to interact in some way on areas of mutual interest. Bob Rich Furr wrote: My only concern is that if approved we would have the Identity Assurance and Accreditation (or some other more appropriate name) Work Group, the Health Identity Management Work Group and the Consumer Identity Work Group. Could things start to become a bit confusing to the casual observer? Rich Furr Head Global Regulatory Affairs and Chief Compliance Officer Office: 610-252-5922 Cell: 201-220-0160 From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Brett McDowell Sent: Wednesday, April 22, 2009 3:25 PM To: Bob Pinheiro Cc: sig-idtheft Subject: Re: [SIG-IDtheft] Draft Charter for Identity Theft WG Just a slight correction. Liberty Alliance along with Data Portability Project, Information Card Foundation, XDI.org, Concordia Project, OpenLiberty, and the Internet Society have co-formed the Kantara Initiative and Liberty Alliance is actually a member of Kantara Initiative. That said, it is the desire of the MB, EG, and SIG leadership to migrate all our work into Kantara as soon as possible. If all goes well, as we expect it will, Liberty Alliance will discontinue operations at the end of 2009 leaving all the activities and assets of Liberty in Kantara (along with activities from the other co-founding organizations). I just wanted to clarify that, but it changes nothing about your proposal Bob. Nice work. Kind Regards, Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com On Apr 20, 2009, at 6:13 PM, Bob Pinheiro wrote: To: Members of the Liberty Alliance Identity Theft Prevention SIG As you may know by know, Liberty Alliance has become the Kantara Initiative . As I have previously noted, the Identity Theft SIG may (if there is sufficient interest) transition into Kantara as a new Work Group. The new WG needs a Charter, which describes the purpose of the group and what the group intends to do. I have put together a draft Charter for the group, which is attached. Please review this and provide any comments, suggestions for additions or deletions, etc. that you feel is appropriate. On a previous SIG call, it was suggested that the new WG should include some work on privacy policy. I did not specifically include anything on privacy in the draft Charter. However, the area of privacy policy is so broad that I wonder whether privacy issues should be handled in a completely separate WG dedicated to that subject. If you have any concrete thoughts on specific work related to privacy that should be included, or whether privacy should be addressed in a separate WG, please pass these along also. It has been suggested that the name Identity Theft WG is too broad, and that a new name may be needed. I have tentatively chosen the name Consumer Identity Work Group. What do you think? Thanks Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From rfurr at safe-biopharma.org Wed Apr 22 12:56:29 2009 From: rfurr at safe-biopharma.org (Rich Furr) Date: Wed, 22 Apr 2009 15:56:29 -0400 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG In-Reply-To: <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> References: <49ED1DAB.1000806@bobpinheiro.com> <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> Message-ID: <27D68E8D1692F34CBD0C4BC0ACD28FDD039EE973C3@man-130.SAFE-BIOPHARMA.LOCAL> My only concern is that if approved we would have the Identity Assurance and Accreditation (or some other more appropriate name) Work Group, the Health Identity Management Work Group and the Consumer Identity Work Group. Could things start to become a bit confusing to the casual observer? Rich Furr Head Global Regulatory Affairs and Chief Compliance Officer Office: 610-252-5922 Cell: 201-220-0160 From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Brett McDowell Sent: Wednesday, April 22, 2009 3:25 PM To: Bob Pinheiro Cc: sig-idtheft Subject: Re: [SIG-IDtheft] Draft Charter for Identity Theft WG Just a slight correction. Liberty Alliance along with Data Portability Project, Information Card Foundation, XDI.org, Concordia Project, OpenLiberty, and the Internet Society have co-formed the Kantara Initiative and Liberty Alliance is actually a member of Kantara Initiative. That said, it is the desire of the MB, EG, and SIG leadership to migrate all our work into Kantara as soon as possible. If all goes well, as we expect it will, Liberty Alliance will discontinue operations at the end of 2009 leaving all the activities and assets of Liberty in Kantara (along with activities from the other co-founding organizations). I just wanted to clarify that, but it changes nothing about your proposal Bob. Nice work. Kind Regards, Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com On Apr 20, 2009, at 6:13 PM, Bob Pinheiro wrote: To: Members of the Liberty Alliance Identity Theft Prevention SIG As you may know by know, Liberty Alliance has become the Kantara Initiative. As I have previously noted, the Identity Theft SIG may (if there is sufficient interest) transition into Kantara as a new Work Group. The new WG needs a Charter, which describes the purpose of the group and what the group intends to do. I have put together a draft Charter for the group, which is attached. Please review this and provide any comments, suggestions for additions or deletions, etc. that you feel is appropriate. On a previous SIG call, it was suggested that the new WG should include some work on privacy policy. I did not specifically include anything on privacy in the draft Charter. However, the area of privacy policy is so broad that I wonder whether privacy issues should be handled in a completely separate WG dedicated to that subject. If you have any concrete thoughts on specific work related to privacy that should be included, or whether privacy should be addressed in a separate WG, please pass these along also. It has been suggested that the name Identity Theft WG is too broad, and that a new name may be needed. I have tentatively chosen the name Consumer Identity Work Group. What do you think? Thanks Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From enelson at secureprivacysolutions.com Thu Apr 23 13:17:44 2009 From: enelson at secureprivacysolutions.com (Eric Nelson) Date: Thu, 23 Apr 2009 13:17:44 -0700 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG In-Reply-To: References: <49ED1DAB.1000806@bobpinheiro.com> <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> <27D68E8D1692F34CBD0C4BC0ACD28FDD039EE973C3@man-130.SAFE-BIOPHARMA.LOCAL> <49EF7DBB.80706@bobpinheiro.com> Message-ID: <006701c9c450$907d7a60$b1786f20$@com> I agree with Mari that privacy should be included - privacy principles and regulations provide the basic framework on how data should be collected, managed, shared, secured, retained, etc., and should be considered during discussions and deliverables from the SIG. Bob, thanks to you and the rest of the group in this effort. Best regards, Eric Eric Nelson, Principal iapp | Certified Information Privacy Professional Logo176047 "Protecting your customer's personal information through people, processes and policies" www.SecurePrivacySolutions.com 949.721.5897 (office) 714.612.0367 (mobile) From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Mari J. Frank Sent: Wednesday, April 22, 2009 6:52 PM To: 'Bob Pinheiro'; 'Rich Furr' Cc: 'Brett McDowell'; 'sig-idtheft' Subject: Re: [SIG-IDtheft] Draft Charter for Identity Theft WG >From my perspective- privacy should be included- Mari J. Frank, Esq.CIPP Attorney, Mediator Certified Information Privacy Professional Radio Host, Privacy Piracy 88.9 FM in Irvine, Ca. 28202 Cabot Road, Suite 300 Laguna Niguel, Ca. 92677 Phone :949-364-1511 Fax: 949-363-7561 www.identitytheft.org www.MariFrank.com www.kuci.org/privacypiracy E-mail contact at identitytheft.org Mari at MariFrank.com To order Mari's books: Call Porpoise Press 800-725-0807 This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or by phone at 949-364-1511) immediately. Thank you. From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Bob Pinheiro Sent: Wednesday, April 22, 2009 1:28 PM To: Rich Furr Cc: Brett McDowell; sig-idtheft Subject: Re: [SIG-IDtheft] Draft Charter for Identity Theft WG The way I see it, the Identity Assurance and Accreditation WG will focus on maintaining and revising the IAF, SAC, and Accreditation stuff. They won't get into application areas such as consumer authentication, identity theft, authentication for access to health records, etc. However, I think it's possible there could be some overlap between the Consumer Identity WG and the Health Identity Management WG. So to avoid this overlap, the two groups will need to interact in some way on areas of mutual interest. Bob Rich Furr wrote: My only concern is that if approved we would have the Identity Assurance and Accreditation (or some other more appropriate name) Work Group, the Health Identity Management Work Group and the Consumer Identity Work Group. Could things start to become a bit confusing to the casual observer? Rich Furr Head Global Regulatory Affairs and Chief Compliance Officer Office: 610-252-5922 Cell: 201-220-0160 From: sig-idtheft-bounces at lists.projectliberty.org [mailto:sig-idtheft-bounces at lists.projectliberty.org] On Behalf Of Brett McDowell Sent: Wednesday, April 22, 2009 3:25 PM To: Bob Pinheiro Cc: sig-idtheft Subject: Re: [SIG-IDtheft] Draft Charter for Identity Theft WG Just a slight correction. Liberty Alliance along with Data Portability Project, Information Card Foundation, XDI.org, Concordia Project, OpenLiberty, and the Internet Society have co-formed the Kantara Initiative and Liberty Alliance is actually a member of Kantara Initiative. That said, it is the desire of the MB, EG, and SIG leadership to migrate all our work into Kantara as soon as possible. If all goes well, as we expect it will, Liberty Alliance will discontinue operations at the end of 2009 leaving all the activities and assets of Liberty in Kantara (along with activities from the other co-founding organizations). I just wanted to clarify that, but it changes nothing about your proposal Bob. Nice work. Kind Regards, Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com On Apr 20, 2009, at 6:13 PM, Bob Pinheiro wrote: To: Members of the Liberty Alliance Identity Theft Prevention SIG As you may know by know, Liberty Alliance has become the Kantara Initiative . As I have previously noted, the Identity Theft SIG may (if there is sufficient interest) transition into Kantara as a new Work Group. The new WG needs a Charter, which describes the purpose of the group and what the group intends to do. I have put together a draft Charter for the group, which is attached. Please review this and provide any comments, suggestions for additions or deletions, etc. that you feel is appropriate. On a previous SIG call, it was suggested that the new WG should include some work on privacy policy. I did not specifically include anything on privacy in the draft Charter. However, the area of privacy policy is so broad that I wonder whether privacy issues should be handled in a completely separate WG dedicated to that subject. If you have any concrete thoughts on specific work related to privacy that should be included, or whether privacy should be addressed in a separate WG, please pass these along also. It has been suggested that the name Identity Theft WG is too broad, and that a new name may be needed. I have tentatively chosen the name Consumer Identity Work Group. What do you think? Thanks Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2177 bytes Desc: not available URL: From bob at bobpinheiro.com Sun Apr 26 21:08:11 2009 From: bob at bobpinheiro.com (Bob Pinheiro) Date: Mon, 27 Apr 2009 00:08:11 -0400 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG In-Reply-To: <006701c9c450$907d7a60$b1786f20$@com> References: <49ED1DAB.1000806@bobpinheiro.com> <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> <27D68E8D1692F34CBD0C4BC0ACD28FDD039EE973C3@man-130.SAFE-BIOPHARMA.LOCAL> <49EF7DBB.80706@bobpinheiro.com> <006701c9c450$907d7a60$b1786f20$@com> Message-ID: <49F52FAB.30004@bobpinheiro.com> With additional input from Jeff Stollman, I've updated the draft Consumer Identity WG charter (v0.3, attached). This update does address more directly the issue of privacy of personally identifiable information within the context of consumer identity, but without providing specifics. In terms of identity theft and online consumer identity, I think the challenge is to understand how privacy considerations should play a role in designing high assurance identity solutions that can establish a consumer's identity on the Internet with high confidence. One privacy concern that I would have is how to ensure that high assurance identity credentials for consumers are used only in high-value transactions, where identity considerations are especially important. Such credentials should not be necessary for lower-value transactions. I think that the general topic of privacy of personal information - including the things that Eric mentions - is broad enough that a separate WG would be worthwhile just to address privacy of personal information on the Internet. I would encourage anyone who might be interested in working these large-scale privacy issues to consider proposing a new WG specifically focused on privacy. While a WG on Consumer Identity is more specifically focused on identity theft and fraud, I think privacy issues extend beyond this, so a Privacy WG seems justifiable to me. Again, if anyone has specific comments or suggestions on how to better address privacy considerations as they relate to high assurance identity services for consumers, or any other comments, please pass them along. Also, there is a section (12) in the draft charter that lists "Proposers"....that is, the people who are proposing that this WG be formed and that the work described in the charter be done. Please let me know if you'd like to be listed as a Proposer. Thanks Bob ------------------------------ Robert Pinheiro Consulting LLC 908-654-1939 bp at bobpinheiro.com www.bobpinheiro.com Eric Nelson wrote: > > I agree with Mari that privacy should be included -- privacy > principles and regulations provide the basic framework on how data > should be collected, managed, shared, secured, retained, etc., and > should be considered during discussions and deliverables from the SIG. > > > > Bob, thanks to you and the rest of the group in this effort. > > > > Best regards, Eric > > > > Eric Nelson, Principal > > *iapp* | Certified Information Privacy Professional > > > > Logo176047 > > /"Protecting your customer's personal information through people, > processes and policies"// / > > www.SecurePrivacySolutions.com > > 949.721.5897 (office) > > 714.612.0367 (mobile) > > > > > > *From:* sig-idtheft-bounces at lists.projectliberty.org > [mailto:sig-idtheft-bounces at lists.projectliberty.org] *On Behalf Of > *Mari J. Frank > *Sent:* Wednesday, April 22, 2009 6:52 PM > *To:* 'Bob Pinheiro'; 'Rich Furr' > *Cc:* 'Brett McDowell'; 'sig-idtheft' > *Subject:* Re: [SIG-IDtheft] Draft Charter for Identity Theft WG > > > > */From my perspective- privacy should be included-/* > > */ /* > > > *Mari J. Frank, Esq.CIPP* > > *Attorney, Mediator* > > *Certified Information Privacy Professional* > > * Radio Host, Privacy Piracy 88.9 FM in Irvine, Ca. > 28202 Cabot Road, Suite 300 > Laguna Niguel, Ca. 92677 > Phone :949-364-1511 > Fax: 949-363-7561 > www.identitytheft.org > www.MariFrank.com > www.kuci.org/privacypiracy > E-mail contact at identitytheft.org > Mari at MariFrank.com > * > *To order Mari's books: > Call Porpoise Press 800-725-0807 > *This e-mail may be privileged and/or confidential, and the sender > does not waive any related rights and obligations. Any distribution, > use or copying of this e-mail or the information it contains by other > than an intended recipient is unauthorized. If you received this > e-mail in error, please advise me (by return e-mail or by phone at > 949-364-1511) immediately. Thank you. > > > > > > */ /* > > *From:* sig-idtheft-bounces at lists.projectliberty.org > [mailto:sig-idtheft-bounces at lists.projectliberty.org] *On Behalf Of > *Bob Pinheiro > *Sent:* Wednesday, April 22, 2009 1:28 PM > *To:* Rich Furr > *Cc:* Brett McDowell; sig-idtheft > *Subject:* Re: [SIG-IDtheft] Draft Charter for Identity Theft WG > > > > The way I see it, the Identity Assurance and Accreditation WG will > focus on maintaining and revising the IAF, SAC, and Accreditation > stuff. They won't get into application areas such as consumer > authentication, identity theft, authentication for access to health > records, etc. However, I think it's possible there could be some > overlap between the Consumer Identity WG and the Health Identity > Management WG. So to avoid this overlap, the two groups will need to > interact in some way on areas of mutual interest. > > Bob > > Rich Furr wrote: > > My only concern is that if approved we would have the Identity > Assurance and Accreditation (or some other more appropriate name) Work > Group, the Health Identity Management Work Group and the Consumer > Identity Work Group. Could things start to become a bit confusing to > the casual observer? > > > > Rich Furr > > Head Global Regulatory Affairs and Chief Compliance Officer > > Office: 610-252-5922 > > Cell: 201-220-0160 > > > > > > > > *From:* sig-idtheft-bounces at lists.projectliberty.org > > [mailto:sig-idtheft-bounces at lists.projectliberty.org] *On Behalf Of > *Brett McDowell > *Sent:* Wednesday, April 22, 2009 3:25 PM > *To:* Bob Pinheiro > *Cc:* sig-idtheft > *Subject:* Re: [SIG-IDtheft] Draft Charter for Identity Theft WG > > > > Just a slight correction. Liberty Alliance along with Data > Portability Project, Information Card Foundation, XDI.org, Concordia > Project, OpenLiberty, and the Internet Society have co-formed the > Kantara Initiative and Liberty Alliance is actually a member of > Kantara Initiative. > > > > That said, it is the desire of the MB, EG, and SIG leadership to > migrate all our work into Kantara as soon as possible. If all goes > well, as we expect it will, Liberty Alliance will discontinue > operations at the end of 2009 leaving all the activities and assets of > Liberty in Kantara (along with activities from the other co-founding > organizations). > > > > I just wanted to clarify that, but it changes nothing about your > proposal Bob. Nice work. > > > > Kind Regards, > > > > Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com > > > > On Apr 20, 2009, at 6:13 PM, Bob Pinheiro wrote: > > > > To: Members of the Liberty Alliance Identity Theft Prevention SIG > > As you may know by know, Liberty Alliance has become the Kantara > Initiative . As I have previously > noted, the Identity Theft SIG may (if there is sufficient interest) > transition into Kantara as a new Work Group. The new WG needs a > Charter, which describes the purpose of the group and what the group > intends to do. I have put together a draft Charter for the group, > which is attached. Please review this and provide any comments, > suggestions for additions or deletions, etc. that you feel is appropriate. > > On a previous SIG call, it was suggested that the new WG should > include some work on privacy policy. I did not specifically include > anything on privacy in the draft Charter. However, the area of > privacy policy is so broad that I wonder whether privacy issues should > be handled in a completely separate WG dedicated to that subject. If > you have any concrete thoughts on specific work related to privacy > that should be included, or whether privacy should be addressed in a > separate WG, please pass these along also. > > It has been suggested that the name Identity Theft WG is too broad, > and that a new name may be needed. I have tentatively chosen the name > Consumer Identity Work Group. What do you think? > > Thanks > > Bob > > ------------------------------ > Robert Pinheiro Consulting LLC > 908-654-1939 > bp at bobpinheiro.com > www.bobpinheiro.com > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2177 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ConsumerIdentityWG_Kantara_Draft_Charter_v0.3.doc Type: application/msword Size: 55296 bytes Desc: not available URL: From stollman.j at gmail.com Mon Apr 27 10:03:28 2009 From: stollman.j at gmail.com (j stollman) Date: Mon, 27 Apr 2009 13:03:28 -0400 Subject: [SIG-IDtheft] Draft Charter for Identity Theft WG In-Reply-To: <49F52FAB.30004@bobpinheiro.com> References: <49ED1DAB.1000806@bobpinheiro.com> <6F5CF4FA-7651-4EFC-9EC0-099FFC215A65@projectliberty.org> <27D68E8D1692F34CBD0C4BC0ACD28FDD039EE973C3@man-130.SAFE-BIOPHARMA.LOCAL> <49EF7DBB.80706@bobpinheiro.com> <006701c9c450$907d7a60$b1786f20$@com> <49F52FAB.30004@bobpinheiro.com> Message-ID: Bob, My vote on the IPR issue is to support the Liberty IPR policy. Jeff On Mon, Apr 27, 2009 at 12:08 AM, Bob Pinheiro wrote: > With additional input from Jeff Stollman, I've updated the draft Consumer > Identity WG charter (v0.3, attached). This update does address more > directly the issue of privacy of personally identifiable information within > the context of consumer identity, but without providing specifics. > > In terms of identity theft and online consumer identity, I think the > challenge is to understand how privacy considerations should play a role in > designing high assurance identity solutions that can establish a consumer's > identity on the Internet with high confidence. One privacy concern that I > would have is how to ensure that high assurance identity credentials for > consumers are used only in high-value transactions, where identity > considerations are especially important. Such credentials should not be > necessary for lower-value transactions. > > I think that the general topic of privacy of personal information - > including the things that Eric mentions - is broad enough that a separate WG > would be worthwhile just to address privacy of personal information on the > Internet. I would encourage anyone who might be interested in working these > large-scale privacy issues to consider proposing a new WG specifically > focused on privacy. While a WG on Consumer Identity is more specifically > focused on identity theft and fraud, I think privacy issues extend beyond > this, so a Privacy WG seems justifiable to me. > > Again, if anyone has specific comments or suggestions on how to better > address privacy considerations as they relate to high assurance identity > services for consumers, or any other comments, please pass them along. > Also, there is a section (12) in the draft charter that lists > "Proposers"....that is, the people who are proposing that this WG be formed > and that the work described in the charter be done. Please let me know if > you'd like to be listed as a Proposer. > > Thanks > > Bob > > ------------------------------ > Robert Pinheiro Consulting LLC > 908-654-1939bp at bobpinheiro.comwww.bobpinheiro.com > > > > Eric Nelson wrote: > > I agree with Mari that privacy should be included ? privacy principles > and regulations provide the basic framework on how data should be collected, > managed, shared, secured, retained, etc., and should be considered during > discussions and deliverables from the SIG. > > > > Bob, thanks to you and the rest of the group in this effort. > > > > Best regards, Eric > > > > Eric Nelson, Principal > > *iapp* | Certified Information Privacy Professional > > > > [image: Logo176047] > > *?Protecting your customer's personal information through people, > processes and policies?** * > > www.SecurePrivacySolutions.com > > 949.721.5897 (office) > > 714.612.0367 (mobile) > > > > > > *From:* sig-idtheft-bounces at lists.projectliberty.org [ > mailto:sig-idtheft-bounces at lists.projectliberty.org] > *On Behalf Of *Mari J. Frank > *Sent:* Wednesday, April 22, 2009 6:52 PM > *To:* 'Bob Pinheiro'; 'Rich Furr' > *Cc:* 'Brett McDowell'; 'sig-idtheft' > *Subject:* Re: [SIG-IDtheft] Draft Charter for Identity Theft WG > > > > *From my perspective- privacy should be included-* > > * * > > > *Mari J. Frank, Esq.CIPP* > > *Attorney, Mediator* > > *Certified Information Privacy Professional* > > * Radio Host, Privacy Piracy 88.9 FM in Irvine, Ca. > 28202 Cabot Road, Suite 300 > Laguna Niguel, Ca. 92677 > Phone :949-364-1511 > Fax: 949-363-7561 > www.identitytheft.org > www.MariFrank.com > www.kuci.org/privacypiracy > E-mail contact at identitytheft.org > Mari at MariFrank.com > * > *To order Mari's books: > Call Porpoise Press 800-725-0807 > *This e-mail may be privileged and/or confidential, and the sender does > not waive any related rights and obligations. Any distribution, use or > copying of this e-mail or the information it contains by other than an > intended recipient is unauthorized. If you received this e-mail in error, > please advise me (by return e-mail or by phone at 949-364-1511) immediately. > Thank you. > > > > > > * * > > *From:* sig-idtheft-bounces at lists.projectliberty.org [ > mailto:sig-idtheft-bounces at lists.projectliberty.org] > *On Behalf Of *Bob Pinheiro > *Sent:* Wednesday, April 22, 2009 1:28 PM > *To:* Rich Furr > *Cc:* Brett McDowell; sig-idtheft > *Subject:* Re: [SIG-IDtheft] Draft Charter for Identity Theft WG > > > > The way I see it, the Identity Assurance and Accreditation WG will focus on > maintaining and revising the IAF, SAC, and Accreditation stuff. They won't > get into application areas such as consumer authentication, identity theft, > authentication for access to health records, etc. However, I think it's > possible there could be some overlap between the Consumer Identity WG and > the Health Identity Management WG. So to avoid this overlap, the two groups > will need to interact in some way on areas of mutual interest. > > Bob > > Rich Furr wrote: > > My only concern is that if approved we would have the Identity Assurance > and Accreditation (or some other more appropriate name) Work Group, the > Health Identity Management Work Group and the Consumer Identity Work Group. > Could things start to become a bit confusing to the casual observer? > > > > Rich Furr > > Head Global Regulatory Affairs and Chief Compliance Officer > > Office: 610-252-5922 > > Cell: 201-220-0160 > > > > > > > > *From:* sig-idtheft-bounces at lists.projectliberty.org [ > mailto:sig-idtheft-bounces at lists.projectliberty.org] > *On Behalf Of *Brett McDowell > *Sent:* Wednesday, April 22, 2009 3:25 PM > *To:* Bob Pinheiro > *Cc:* sig-idtheft > *Subject:* Re: [SIG-IDtheft] Draft Charter for Identity Theft WG > > > > Just a slight correction. Liberty Alliance along with Data Portability > Project, Information Card Foundation, XDI.org, Concordia Project, > OpenLiberty, and the Internet Society have co-formed the Kantara Initiative > and Liberty Alliance is actually a member of Kantara Initiative. > > > > That said, it is the desire of the MB, EG, and SIG leadership to migrate > all our work into Kantara as soon as possible. If all goes well, as we > expect it will, Liberty Alliance will discontinue operations at the end of > 2009 leaving all the activities and assets of Liberty in Kantara (along with > activities from the other co-founding organizations). > > > > I just wanted to clarify that, but it changes nothing about your proposal > Bob. Nice work. > > > > Kind Regards, > > > > Brett McDowell | +1.413.652.1248 | http://info.brettmcdowell.com > > > > On Apr 20, 2009, at 6:13 PM, Bob Pinheiro wrote: > > > > To: Members of the Liberty Alliance Identity Theft Prevention SIG > > As you may know by know, Liberty Alliance has become the Kantara > Initiative . As I have previously noted, > the Identity Theft SIG may (if there is sufficient interest) transition into > Kantara as a new Work Group. The new WG needs a Charter, which describes > the purpose of the group and what the group intends to do. I have put > together a draft Charter for the group, which is attached. Please review > this and provide any comments, suggestions for additions or deletions, etc. > that you feel is appropriate. > > On a previous SIG call, it was suggested that the new WG should include > some work on privacy policy. I did not specifically include anything on > privacy in the draft Charter. However, the area of privacy policy is so > broad that I wonder whether privacy issues should be handled in a completely > separate WG dedicated to that subject. If you have any concrete thoughts on > specific work related to privacy that should be included, or whether privacy > should be addressed in a separate WG, please pass these along also. > > It has been suggested that the name Identity Theft WG is too broad, and > that a new name may be needed. I have tentatively chosen the name Consumer > Identity Work Group. What do you think? > > Thanks > > Bob > > ------------------------------ > > Robert Pinheiro Consulting LLC > > 908-654-1939 > > bp at bobpinheiro.com > > www.bobpinheiro.com > > > > > > > > > > > > > -- Jeff Stollman stollman.j at gmail.com 1 202.683.8699 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 2177 bytes Desc: not available URL: