MINUTES
OASIS Privacy Management Reference Model (PMRM) TC Meeting
13 January 2011
REGULAR MEETING
AGENDA:
- Call to Order and Welcome
Michael Willett (convener) called the meeting to order at 11 AM Eastern and welcomed all the participants.
2. Roll Call
Meeting StatisticsQuorum rule / 51% of voting members
Achieved quorum / false
Counts toward voter eligibility / true
Individual Attendance / Members: 15 of 42 (35%)
Voting Members: 6 of 13 (46%) (used for quorum calculation)
Company Attendance / Companies: 11 of 30 (36%)
Voting Companies: 5 of 10 (50%)
Meeting Attendees
Name / Company / Status
John Sabo / CA Technologies / Group Member
Kel Callahan / HIPAAT International, Inc. / Group Member
Peter Brown / Individual / Group Member
Michele Drgon / Individual / Group Member
Gershon Janssen / Individual / Group Member
Susan Landau / Individual / Group Member
Michael Willett / Individual / Group Member
Stuart Shapiro / Mitre Corporation* / Group Member
Diana Graski / National Center for State Courts* / Group Member
Erika McCallister / NIST* / Group Member
Walter Tamminen / Nokia Corporation* / Group Member
Thinh Nguyenphu / Nokia Siemens Networks GmbH & Co. KG / Group Member
Dawn Jutla / Saint Mary's University / Group Member
Suzanne Gonzales-Webb, CPhT / Veterans Health Administration / Group Member
Bill Tabor / WidePoint Corporation / Group Member
3. Approval of Minutes from formal PMRM TC meeting: 9 Dec 2010
Approval of the Minutes was deferred until the next meeting on 10 Feb.
4. Expressing Use Cases: review John S draft proposal (see John’s e-mail)
5. Review Action Items (see previous Minutes)
6. Timeline and Work Plan
7. Reports from any liaison members
8. Other Business
9. Adjourn
DISCUSSION:
- Michele: Has not had a chance to meet with Gail M yet; will connect re: Smart Grid Use Cases and the use of John’s “recursive analysis methodology”.
- Michele: Working on the “current PIA landscape” item; tough to do. ACTION: Any/everyone should send Michele any existing PIAs to:
- John S: PMRM Recursive Analysis Methodology for Use Cases (see Draft):
- Needed: reference model for actually building a system; issues:
- How to identify a structure for requirements geared toward architects?
- How to marry policy to operational controls? Eg, lots of PIA. How to address the conversion?
- Mapping policy to life cycle approach? Ex: Interoperability between jurisdictions (for example: social networks).
- Use Case analysis: could benefit from a graphical structure (UML or simple graphics)
- John then went though the several stages of the Methodology.
- Stuart: PIA under Step 1?
- John S: PIA stop at analysis boundary; not all of Step 2.
- Stuart: Maybe not have PIA in Step 1, but rather Accountability Review; ie, system requirements.
- PIA in Step 2 is just a particular format for a risk analysis.
- John S: We need to begin to collect selected definitions; eg, touch point.
- Controls (definition?), step 3: Follows from Step 2: Requirements.
- Stuart: Steps 1-3 = good privacy systems engineering; now made systematic with the PMRM. Step 4 is the novelty.
- Suzanne: Domain analysis model (HL7), uses UML. May not be/contain a PIA? Yes: risk analysis at the end. Some HL7 work is still on-going.
- John S: Is the HL7 work public? Yes; can be shown in a limited fashion.
- Peter Brown: How much detail in the Methodology? Reference model = high level, but Use Case can get low level. Look at other models for display; eg, diagrams, not just UML.
- Michele: Example – smart grid Use Case, cloud side. Suzanne/Gail?
- John S (to Peter): Abstraction Model use case level.
- John S: ID Trust meeting: Face to Face in London, 10-12 Oct. Theme: Cloud computing and Trust. Could meet the PMRM TC (informally) on Wednesday, 12 Oct, in person?
- John S: Toronto meeting: may not happen; move to the London meeting.
- Stuart: Use Cases – tackling “Do Not Track = technology that enables users to opt out of third-party web tracking, including behavioral advertising”. High-potential commercial value.
- John S: Need a champion for each Use Case. Which Use Case has higher visibility? eg, Do Not Track: Govt push, but impacts the commercial sector.
- Discussion of the Action Items re: champion(s) of the Use Cases. See revised Action Items doc, to be distributed.
- Willett will check on use of the OASIS wiki.
Adjourned: 12:10 PM Eastern
Next Meeting 10 February 2011
As the PMRM TC meetings are the 2nd Thursday of each month at 11:00 EST, the next meeting will be:
10 February 2011 at 11:00 EST
Toll Free Dial-in (US & Canada): (866) 376-6162
International Dial-in Number: +1 (660) 422-5140
Conference Code: 017 643 4820
Chat: