Hi all:
Re: the issue around privacy policy object representation and standards raised at the May 12th telecon, my further idea is that we may have an opportunity to extend or complement XACML 2.0 with the richer FIPPs issues raised in the PMRM services for use case designs requiring privacy. XACML 2.0, an approved OASIS standard includes several profiles, including a Privacy policy profile. XACML addresses conflicting or overlapping privacy policies which is useful to us as we go horizontally across the different privacy policies under which several different actors (e.g. in HITSP) are operating.
Re: the question on moving to a standard , it may be useful to have a set of guiding principles (that includes but goes beyond our immediate task of demonstrating how pmrm fits into designing privacy into use cases and hence organizations' IT-enabled business processes) for this TC's privacy standard goal . Note that XACML can also be demonstrated, in a similar way, to aid privacy design within use cases. Too, guiding principles will help us early on to clearly map the differentiation and the interoperability of important standards impacting privacy design w.r.t. organizations' processes.
Best,
Dawn.