[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: PROPOSED AGENDA - PbD-SE TC - 17 April 2013
DRAFT MINUTES Privacy by Design Documentation for Software Engineers (PbD-SE) TC Meeting 20 March 2013, 1:30-3:00 PM EST / 18.30-20.00 CET Scribe: Gershon Janssen 0. Roll call Meeting Attendees: Members: Ann Cavoukian Gershon Janssen Dawn Jutla Sander Fieten Harry Rhodes John Sabo Peter Brown Stuart Shapiro Kevin MacDonald Fred Carter Michelle Chibba Observers: Colin Wallis This meeting quorates. 1. New Business / Agenda review The agenda was adopted. 2. Approval of Previous Meeting URL: https://www.oasis-open.org/committees/document.php?document_id=48462&wg_abbrev=pbd-se John moved to approve the minutes of the 20 February 2013 meeting. Seconded by Ann. The motion was approved by unanimous consent. 3. Review of privacy engineering guidance and information resources/tools * Purpose Specification (Privacy by Default) resources Fred explains Purpose Specification from the document ?PBD Privacy as Default - Purpose Specificity Best Practices?, URL: https://www.oasis-open.org/committees/document.php?document_id=48619&wg_abbrev=pbd-se The document provides an overview and summary of current best practices in Privacy by Default (data minimization) principle. The following points were made during the discussion: - In the Global Privacy Standard (GPS) from 2006 data minimization was introduced. The TC might consider using that as a ?ideal? standard / gold standard as a Privacy Policy. The TC likes the idea as the document was created with global agreement. Action Item: Upload Global Privacy Standard (GPS) from 2006 in the TC document repository. - It was noted that there are layers of applicability to the GPS; it?s a good template to use, but will not cover all situations. Layering of applicability is related to stake holders; reason is that specifying the purpose to collect starts as a business policy. Use retention and disclose limitation relate to this as well. - This notion was echoed by TC members, though, businesses can relate more easily to PbD principles which set the framework at a high level, as you can promise privacy assurance. It?s basically an easier sell when using PbD; the purpose specification principle is very needed. Also engineering people who translate to code need to understand the principle as well. - A case was brought forward were people had trouble with architecting a default setting when a user has several choices -- basically let the user make the choice. There is a distinction between default upfront and just accepting it versus no default setting presented at all. Literature shows the user will not choose; they will go with the default ? the user will not turn their minds to it, even if stated really explicit. The explicit aspect is important overall; being able to comprehend and understand is really important as these policies are normally difficult. The TC hopes to go through all the PbD principles during the various TC meetings. * Ad hoc working group on use case template (update) See: PbD-SE Privacy Use Case Template, URL: https://www.oasis-open.org/committees/document.php?document_id=48568&wg_abbrev=pbd-se The ad hoc working group has been working on a use case template in the few weeks. The current result is 2 draft documents: the template document and an example of using the template. The draft template document is basically a rationale for how a template supports the charter of the TC. Use cases are important so they can be organized in appropriate categories. The template builds on the model from the OASIS PMRM specification. John talks the TC through the template. The following points were made during the discussion: - It might be useful to add the PMRM privacy processes and services / privacy control points to the template, making it easier for going to UML models. - Is there a way to streamline the implementation of the template through automation? E.g. a tool with stored definitions / taxonomies that allows one to select items such as data flows, regulations, etc. from drop down menus. The TC likes the template and agreed to use it. * Illustrative software engineering practices See: Mapping of PbD Principles to UML Analysis Model, URL: https://www.oasis-open.org/committees/document.php?document_id=48560&wg_abbrev=pbd-se Dawn talks the TC through the UML Analysis Model. Although none of the members in the TC have a strong preference for UML, the basic argument for using it is that lots of software engineers use it. The following points were made during the discussion: - The document presents a modular approach for identification of data flows and implementation against those data flows. The TC likes the document very much and will further study on and validation of the document is required. 4. Assignment of Roles/Activities The TC agrees to the following follow-up activities / action items. All TC members are invited to work on these and participate. For some items members already volunteered to work on them. * Modify and enhance the draft use case template with the services / privacy control points and circulate a next revision to the TC. --> John and Dawn agreed to work on a next revision. * Iterate through the draft use case template to refine it * Test the use case template to see how it works --> Colin Wallis might have a test case. * Validation and feedback on the UML Analysis Model --> Dawn and Peter to speak about this. 5. Adjourn * European Identity Conference 2013 OASIS has been on the program of the popular and successful European Identity Conferences in Munich in the last couple of year. This year the conference will take place from May 14 till May 17 2013 in Munich/Germany. OASIS CEO Laurent Lisca is planned to keynote at the plenary meeting and will most likely reference to the PbD-SE work. John, Dawn, Stuart and Gershon are working on a pre-conference workshop. This workshop will take place on 14 May 2013. The idea is to use the PbD-SE Privacy Use Case Template during the workshop. Meeting adjourned at 3.00 PM EST.
Attachment:
DRAFT AGENDA - OASIS PBD SE TC Apr 17.doc
Description: MS-Word document
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]