[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: A deliverable mapping security services more explicitly to the Privacy Services in the TC's draft charter
I believe that an additional (and
manageable) deliverable for the TC and draft charter would be to address more security
as an integral part of the reference model and begin work to define the relationship
more explicitly between privacy services (such as Control, Usage, etc.) and particular
security services, such as encryption, identity management/ authentication/access
control, data integrity controls, etc. In the current ISTPA version
of the reference model, while there are explicit requirements for security at
both the privacy service and infrastructure levels, more detailed security
mapping work was out of scope of the current model. I think such mapping –
at least at an abstract level – would be well within the scope of the new
TC in OASIS, would add value to the work of the TC and generate more interest
from many TC members. This could be done as a third major deliverable,
handled as an appendix/annex or profile: - An annex (or profile?) which
maps security services (confidentiality, integrity, availability, expressed at
the mechanism level – for example, encryption, identity management/authentication/access
control, digital signature) to the PMRM services This would require deleting or
modifying the current “out of scope statement” in the draft
charter: Specification of any particular security service, mechanism
or standard for the security of Personal Information is out of
scope for this TC. List members should read the
ISTPA PMRM v2.0 at http://www.istpa.org/pdfs/ISTPAPrivacyManagementReferenceModelV2%200.pdf
to understand the careful treatment of security in the current draft. John __________________________________ John T. Sabo, CISSP CA, Inc. Suite 1220 1401 I Street NW Washington DC 20005 Tel: +1 202-513-6304 Mobile: +1 443-629-6198 From: Michael Willett
[mailto:mwillett@nc.rr.com] Hi – Thank you for registering for
the Discussion List. We now have a sizable number of registrants,
across a variety of academic, governmental, and business segments. First, I am repeating (in part)
my introductory message from an earlier e-mail below. Mainly, that posting contained
your first homework assignment! I am also attaching two items to
this e-mail: -
a storyboard
“cartoon” featuring Mr. Private “I” (get it?), who provides
a quick introduction to the 10 Privacy Services of the PMRM. Run
the slides in SLIDE SHOW mode; tedious, but cumulative. In
actuality, the Services were conceived through a more methodical process,
during which the definitions were refined and tested against various
sets of privacy requirements. -
the draft Charter
for the proposed PMRM Technical Committee. We
can certainly add your (institutional or individual) name to the list of
“proposers”. Just
send me an affirmative note. We welcome your
edits/comments/observations on the Charter. Also, feel free to post
commentary or questions on the topic of “Operational Aspects of
Privacy Management” to the reflector. We look forward to further
dialog.
************
repeated from first posting ********************* My name is Michael Willett and I, along with John Sabo from
CA, will be your Discussion List moderators. As the introductory e-mail from Mary indicated, this List is
focused on the creation of a Privacy Management Reference Model
(PMRM) Technical Committee. The (initial) Reference Model will be based on the PMRM
V2.0, donated by the ISTPA (www.istpa.org)
freely to OASIS. As background for our discussions (and as your first
homework assignment!), I suggest you review the following materials: -
The PMRM V2.0, published on the ISTPA web site above -
(optional) The document “Analysis of Privacy
Principles: Making Privacy Operational”, also on the ISTPA web site -
Recent webinar offered by OASIS and the ISTPA entitled:
“Making Privacy Operational”: The
recorded version is now available at:
Slide set from
webinar: http://xml.coverpages.org/PMRM-Overview-OASIS-Webinar-20100223.pdf Feel free to
distribute these links to others who are interested in the operational aspects
of privacy management. ************ (end
of) repeated from first posting ********************* Michael Willett |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]