My slides from the OASIS workshop on privacy at the European Identity Conference 2014

[David Brossard <david.brossard@axiomatics.com>]

Dear all,

As previously mentioned on the list, OASIS organized a workshop on privacy at EIC 2014. It took place last Tuesday. Dee Schur was there representing OASIS.

John Sabo and Gershon Janssen of the OASIS PMRM, Michelle Chibba of the Office of the Information and Privacy Commissioner of Ontario, Dawn Jutla of the OASIS Privacy by Design for Software Engineers Technical Committee and I (representing the XACML TC) all took part in a panel that covered privacy, privacy management, privacy by design, and applying XACML to privacy scenarios.

Ann Cavoukian, the privacy commissioner for Ontario produced an introductory video which you can watch on the OASIS YouTube channel: https://www.youtube.com/watch?v=Rmvvc649mp4.

I uploaded my slides on SlideShare: http://www.slideshare.net/DavidBrossard/eic-2014-oasis-workshop-privacy-by-design-and-xacml-take-ii

The main take-away is that there are at least 2 TCs we could possibly engage with more. These are:

• the PMRM TC which Gershon and John lead.
• The PbD-SE TC (Dawn and Michelle)

Both TCs are about producing guidelines, processes, and templates on how to identity privacy challenges and a process to correctly implement privacy checks w/in companies.

XACML could come in to implement privacy from a technical perspective. It strikes me that neither TC were aware of the work we do, ABAC, and XACML. It would be worthwhile for one of us to attend one of their regular TC calls to introduce XACML, policy- and attribute-based access control and how it can be used for privacy.

Thoughts?

Kind regards,

David.