Search results
Jump to navigation
Jump to search
Page title matches
- ''<< Back to [[Privacy_Req_2|Privacy Requirement 2]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-2.2 KB (257 words) - 04:03, 28 June 2018
- == PRIVACY-3. ATTRIBUTE MINIMIZATION == ...eleased as claims as well as detailed attributes; see also [[Privacy Req 1|PRIVACY-13 KB (438 words) - 04:03, 28 June 2018
- ''<< Back to [[Privacy_Req_3|Privacy Requirement 3]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-3.1 KB (143 words) - 04:03, 28 June 2018
- == PRIVACY-4. CREDENTIAL LIMITATION == ...ements [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] and [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]] on the application of limitations to, and scope of3 KB (356 words) - 04:03, 28 June 2018
- ''<< Back to [[Privacy_Req_4|Privacy Requirement 4]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-4.789 bytes (93 words) - 04:03, 28 June 2018
- == PRIVACY-5. DATA AGGREGATION RISK == Entities MUST assess the privacy risk of aggregating [[IDEF Glossary PERSONAL INFORMATION|personal informati4 KB (480 words) - 04:03, 28 June 2018
- ''<< Back to [[Privacy_Req_5|Privacy Requirement 5]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-5.1 KB (147 words) - 04:03, 28 June 2018
- == PRIVACY-6. USAGE NOTICE == ...rmation", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].3 KB (368 words) - 04:03, 28 June 2018
- == PRIVACY-7. USER DATA CONTROL == ...rmation", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] and3 KB (374 words) - 04:03, 28 June 2018
- == PRIVACY-8. THIRD-PARTY LIMITATIONS == ...rmation", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].3 KB (370 words) - 04:03, 28 June 2018
- == PRIVACY-9. USER NOTICE OF CHANGES == ...se USERS, and provide them with compensating controls designed to mitigate privacy risks that may arise from those changes, which may include seeking express3 KB (457 words) - 04:03, 28 June 2018
- The Privacy Requirements Work Group is drafting privacy requirements to support the development of the [[Identity Ecosystem Framewo ...ns understand the guidance for Version 1 of the IDEF can be found in the [[Privacy References and Guides]] page.9 KB (1,100 words) - 04:03, 28 June 2018
- == PRIVACY-2. PURPOSE LIMITATION == See also Requirement [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] on the application of limitations to, and5 KB (583 words) - 04:03, 28 June 2018
- A profile of a possible Privacy configuration as communicated from a [[Relying Party]] to a [[User]]. ...idelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm OECD privacy guidelines] have some good defintions and principles.7 KB (1,037 words) - 04:58, 22 April 2020
- Privacy enhancing technology generic use case. In some ways this is similar to the Privacy, Trust/Assurance, Interoperability14 KB (2,167 words) - 01:45, 15 May 2021
- '''Privacy''': ...ation, risk monitoring and risk review. ISO/IEC 29134 provides guidance on privacy impact assessment.4 KB (531 words) - 04:00, 28 June 2018
- ...le''': ISO/IEC 29100:2011 Information technology -- Security techniques -- Privacy framework ...and places organizational, technical, and procedural aspects in an overall privacy framework.1,022 bytes (130 words) - 04:00, 28 June 2018
- ...cosystem Framework must offer individuals better means of protecting their privacy by establishing clear rules and guidelines based upon the FIPPs.] [[Category:Privacy Use Cases]]1 KB (158 words) - 04:00, 28 June 2018
- Privacy Criteria '''Privacy''':848 bytes (97 words) - 00:51, 31 May 2020
- '''Title''': Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0 '''Description''': Provides security and privacy considerations for users of SAML 2.0, including some specific implementatio1 KB (171 words) - 04:02, 28 June 2018
- == OTHER PRIVACY RESOURCES == ...s informative, but not normative, guidance on the matters discussed in the Privacy Requirements.572 bytes (71 words) - 04:02, 28 June 2018
- '''Title''': Privacy-Preserving Accessibility Support ...preferences and to control the release of subsets of that information in a privacy-preserving way to enable online services to tailor their presentation and u3 KB (367 words) - 04:02, 28 June 2018
- == PRIVACY-BP-A. RECOMMENDED QUALITY CONTROLS == ...). Some of those choices may be less invasive, or create less risk of USER privacy loss, than3 KB (340 words) - 04:02, 28 June 2018
- == PRIVACY-BP-B. RECOMMENDED TECHNOLOGY ENFORCEMENT == ...licies SHOULD be implemented through technical mechanisms. Those technical privacy controls SHOULD be situated as low in the technology stack as possible.2 KB (191 words) - 04:02, 28 June 2018
- == PRIVACY-BP-C. RECOMMENDED CONSEQUENCES OF DECLINING == ...ndation builds on and improves the mandate in Requirement [[Privacy Req 11|PRIVACY-11 (OPTIONAL2 KB (304 words) - 04:02, 28 June 2018
- Privacy enhancing technology provided by an agent under the user's control. Privacy, Trust/Assurance, Interoperability12 KB (2,056 words) - 20:35, 27 November 2019
- '''Title''': Federal Identity, Credentialing, and Access Management Privacy Guidance for Trust Framework Assessors participants are complying with FICAM privacy requirements.1 KB (123 words) - 00:49, 31 May 2020
- ...ted in accordance with the [https://www.idecosystem.org/filedepot?fid=1090 Privacy Evaluation Methodology]. | OpenID Connect || [[Standards]] || 8 October 2015 || Privacy issues; no objection || 5 January 20164 KB (409 words) - 04:02, 28 June 2018
- ...organizations understand how to evaluate their system for alignment to the privacy requirements. References should be considered informative guides only.''' New documents can be suggested for inclusion by emailing the Privacy Committee listserv.5 KB (571 words) - 00:54, 31 May 2020
- == PRIVACY-1. DATA MINIMIZATION == ...tity (for example from signin to signout of the user.) See [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]].3 KB (425 words) - 04:02, 28 June 2018
- == PRIVACY-10. USER OPTION TO DECLINE == ...rmation", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].2 KB (253 words) - 04:02, 28 June 2018
- == PRIVACY-11. OPTIONAL INFORMATION == ...rmation", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].3 KB (383 words) - 04:02, 28 June 2018
- == PRIVACY-12. ANONYMITY == ...e [[Privacy Req 4|PRIVACY-4 (CREDENTIAL LIMITATION)]] and [[Privacy Req 15|PRIVACY-15 (ATTRIBUTE SEGREGATION)]].3 KB (409 words) - 04:02, 28 June 2018
- == PRIVACY-13. CONTROLS PROPORTIONATE TO RISK == ...gement functions]], to establish what risks those functions pose to users' privacy.2 KB (284 words) - 04:02, 28 June 2018
- == PRIVACY-14. DATA RETENTION AND DISPOSAL== ...rmation", see [[APPENDIX_A-Defined_Terms|Appendix A]], and [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]].2 KB (282 words) - 04:02, 28 June 2018
- == PRIVACY-15. ATTRIBUTE SEGREGATION == ...ved at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx2 KB (283 words) - 04:02, 28 June 2018
- == PRIVACY-15. ATTRIBUTE SEGREGATION == ...ved at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx2 KB (290 words) - 04:02, 28 June 2018
- ''<< Back to [[Privacy_Req_1|Privacy Requirement 1]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-1.1 KB (131 words) - 04:02, 28 June 2018
Page text matches
- ...ough self-assessment with a set of common standards for reliable security, privacy, ease of use, cost savings, and user choice and declare their commitment to3 KB (506 words) - 00:00, 24 January 2020
- '''Privacy''':433 bytes (45 words) - 19:46, 21 October 2019
- ...re Identity Providers (IdPs). The example does not consider the case where privacy enhancing technology is used to prevent linkage between different instances ...nd intent. For example in the need to capture the user's acceptance of the privacy policy and the terms of use, a design pattern could just let the user read24 KB (3,980 words) - 19:57, 13 November 2020
- ...that information. In the simplest case, the [[Digital Entity]] will have a privacy policy that specifies what information is collected and for what reason. So3 KB (502 words) - 19:57, 13 November 2020
- ...ees to the sharing of personal information. Its purpose is to capture the privacy policy and its purpose for sharing personal information so it can be easily '''Privacy''': The primary purpose of the consent receipt is compliance with the [[Gen3 KB (380 words) - 17:28, 25 July 2020
- [[Category:Privacy]]3 KB (416 words) - 00:25, 15 February 2020
- Integrity, Privacy, Compliance, Interoperability ...y provides the foundation for strong authentication and protection of user privacy.12 KB (1,835 words) - 20:44, 5 November 2020
- '''Privacy''': The FPKI management authority is required to conduct a Privacy Impact Assessment. PII shall be protected ...k]], [[PKI Sponsor]], [[Policy Management Authority]], [[Principal CA]], [[Privacy]], [[Private Key]], [[Public Key]], [[Public Key Infrastructure]], [[Regist4 KB (377 words) - 22:59, 18 February 2021
- '''Privacy''': None.2 KB (230 words) - 23:00, 18 February 2021
- '''Title''': Federal Identity, Credentialing, and Access Management Privacy Guidance for Trust Framework Assessors participants are complying with FICAM privacy requirements.1 KB (123 words) - 00:49, 31 May 2020
- ...the TFPs privacy policy and requirements. Those are evaluated against the privacy criteria in Section 3.3. The criteria are (1) opt-in for positive confirmat3 KB (373 words) - 23:01, 18 February 2021
- '''Privacy''':345 bytes (34 words) - 03:58, 28 June 2018
- '''Privacy''':374 bytes (34 words) - 20:10, 15 October 2019
- '''Privacy''': No stipulations.3 KB (379 words) - 03:58, 28 June 2018
- '''Privacy''':440 bytes (44 words) - 03:58, 28 June 2018
- '''Privacy''':1 KB (173 words) - 03:58, 28 June 2018
- '''Privacy''': Protection of personal privacy is an explicit objective of the PIV system, directly from HSPD-12. Agencies ...ments issuing PIV cards are required to assign a privacy official, conduct Privacy Impact3 KB (374 words) - 00:25, 24 August 2020
- *Next Tuesday after we review comments, we'll send this along to the Privacy and Security committees for their comments.1 KB (228 words) - 03:58, 28 June 2018
- ...lth care. Bev Corwin is the contact for International. Jim Zok contact for Privacy. Suzanne Lightman is the contact for the Security Committee. Mary is cont3 KB (532 words) - 03:58, 28 June 2018
- ...sary. She’ll send it to the UXC and then Mary will forward along to TFTM, Privacy and Management Council stating it is a draft.4 KB (682 words) - 03:58, 28 June 2018
- **Ellen Nadeau commented that in column H what the user experience is - a privacy report that a few people authored at NIST included a potential problem for ...e came up and Tom Jones will contact him to see if he has any input from a privacy committee perspective. Tom will take a look at the links Ellen sent and wil1 KB (169 words) - 03:58, 28 June 2018
- ...s. And Under Error Conditions, she adjusted USABLE-3 and added some of the privacy requirements. ...ea. By end of week they will send it out to those who they want to review (Privacy, TFTM and to the Board). The Management Council is no more and the governin5 KB (835 words) - 03:58, 28 June 2018
- ...a requirement for transparency about what the SP’s are doing? Yes, in the Privacy requirements and UXC requirements it was believed. ...nsparency and this is out of scope, but would like to see it covered under Privacy or UXC.3 KB (392 words) - 03:58, 28 June 2018
- #**Ann - policy is an important element on privacy perspective5 KB (753 words) - 03:58, 28 June 2018
- ...hat was discussed last week. NIST Internal Report 8062 An Introduction to Privacy Engineering and Risk Management in Federal Systems issued in January 2017.3 KB (447 words) - 03:58, 28 June 2018
- | 8 || Privacy Enhanced by User Agent || TBD3 KB (408 words) - 03:58, 28 June 2018
- Mary added three requirements from the Privacy Committee into the UXC requirements spreadsheet. These are the three requi ...s definition? What if we created a graph and called out UXC issues around privacy and security around organizations vs individuals.7 KB (1,070 words) - 03:58, 28 June 2018
- ...items, Tom Jones created a list on the wiki for users to show the level of privacy they were working at. He shared the information during the meeting and a di2 KB (320 words) - 03:58, 28 June 2018
- ...pattern would be following the requirements of the IDEF, in particular the Privacy and Security requirements.”5 KB (760 words) - 03:58, 28 June 2018
- * [http://www.tscp.org/privacy-employer-ids/ Privacy using Employer issued Identifiers] from http://tscp.org3 KB (429 words) - 23:13, 20 May 2020
- ===Privacy Considerations===7 KB (1,007 words) - 03:58, 28 June 2018
- *Legal and regulatory (HIPPA) privacy requirements for the users of the healthcare system.8 KB (1,315 words) - 19:29, 30 July 2020
- <center>'''Smedinghoff: Federated Identity Management: Balancing Privacy Rights, Liability Risks and the Duty to Authenticate'''</center> <center>'''Liberty Alliance Privacy and Security Best Practices'''</center>845 KB (86,833 words) - 04:00, 28 June 2018
- <center>'''Smedinghoff: Federated Identity Management: Balancing Privacy Rights, Liability Risks and the Duty to Authenticate'''</center> <center>'''Liberty Alliance Privacy and Security Best Practices'''</center>135 KB (15,051 words) - 04:00, 28 June 2018
- Open Privacy.Org: Definitions Open Privacy Initiative13 KB (1,562 words) - 04:00, 28 June 2018
- ...pseudonymous identity, match names between systems, verify attributes with privacy protection] [[Category:Privacy Use Cases]]925 bytes (109 words) - 04:00, 28 June 2018
- With links to all of the parts: https://www.privacy-regulation.eu/en/ [[Category:Privacy]]977 bytes (137 words) - 04:00, 28 June 2018
- Trust, Assurance, Authentication, Interoperability, Privacy ...(RP) role. This case is specifically designed to include general security, privacy and user experience criteria that will apply by default to all other user c5 KB (810 words) - 04:00, 28 June 2018
- ...a human being who wants to access services on a web site and still retain privacy by requesting that the site not link the user's attributes to any other sit ...ser experience and obtains responses from the user in order to satisfy the privacy concerns of the user and the need for identity and attribute claims by the10 KB (1,596 words) - 20:11, 15 October 2019
- ...rs using multiple personas within the system and/or verify attributes with privacy protection. (RLS has also been used to indicate a record locator service on :: * Provider name (may be encoded to protect Provider's privacy)8 KB (1,018 words) - 23:54, 23 March 2020
- '''Privacy''':470 bytes (43 words) - 04:00, 28 June 2018
- '''Privacy''':471 bytes (43 words) - 04:00, 28 June 2018
- ...ers are referred to FICAM TFPAP Section 3.3 and advised that many of those privacy principles2 KB (214 words) - 04:00, 28 June 2018
- ==== PRIVACY CONTROL ==== ...ntity to ensure compliance with applicable privacy requirements and manage privacy risks.11 KB (1,496 words) - 23:48, 5 September 2020
- <p>Privacy Coordination</p>23 KB (3,525 words) - 04:00, 28 June 2018
- ...iples is prohibited. Members should also show proper consideration for the privacy of others and for topics that may be considered inflammatory.6 KB (946 words) - 04:00, 28 June 2018
- === Privacy Coordination Committee === Maintenance of IDEF Reqts - Privacy5 KB (599 words) - 04:00, 28 June 2018
- '''Privacy''':417 bytes (41 words) - 04:00, 28 June 2018
- '''Privacy''':452 bytes (42 words) - 04:00, 28 June 2018
- '''Privacy''':502 bytes (53 words) - 04:00, 28 June 2018
- '''Privacy''':407 bytes (40 words) - 04:00, 28 June 2018
- '''Privacy''':458 bytes (48 words) - 04:00, 28 June 2018
- '''Privacy''': The framework specifies where issuers document their privacy policy, what information is considered private2 KB (297 words) - 04:00, 28 June 2018
- '''Privacy''':424 bytes (44 words) - 04:00, 28 June 2018
- '''Privacy''':481 bytes (49 words) - 04:00, 28 June 2018
- '''Privacy''':1 KB (172 words) - 04:00, 28 June 2018
- '''Privacy''':804 bytes (99 words) - 04:00, 28 June 2018
- '''Privacy''':2 KB (216 words) - 04:00, 28 June 2018
- '''Privacy''':2 KB (217 words) - 04:00, 28 June 2018
- '''Privacy''': ...ation, risk monitoring and risk review. ISO/IEC 29134 provides guidance on privacy impact assessment.4 KB (531 words) - 04:00, 28 June 2018
- ...le''': ISO/IEC 29100:2011 Information technology -- Security techniques -- Privacy framework ...and places organizational, technical, and procedural aspects in an overall privacy framework.1,022 bytes (130 words) - 04:00, 28 June 2018
- '''Privacy''': If ISO 27001 is used to implement the ISMS, the ISMS would satisfy the2 KB (270 words) - 04:00, 28 June 2018
- ...mplemented, protect the confidentiality of data. While not specifically a “privacy” standard, the controls address access and encryption of sensitive inform2 KB (199 words) - 04:00, 28 June 2018
- '''Privacy''':968 bytes (122 words) - 04:00, 28 June 2018
- '''Privacy''':617 bytes (71 words) - 04:00, 28 June 2018
- The term identity is used in many contexts with many meanings, and the privacy implications of an attribute being part of an identity should be unders2 KB (255 words) - 04:00, 28 June 2018
- ...ser until that user voluntarily allows the site to identify that user. The privacy implications of any general web sites knowing so much about a user's compet ...can be collected including consideration of the community of users, their privacy and safety.12 KB (1,958 words) - 17:45, 25 May 2019
- ...l not mandate, stronger identification and authentication while protecting privacy by limiting the amount of information that individuals must disclose. [[NS1 KB (171 words) - 04:00, 28 June 2018
- ...cosystem Framework must offer individuals better means of protecting their privacy by establishing clear rules and guidelines based upon the FIPPs.] [[Category:Privacy Use Cases]]1 KB (158 words) - 04:00, 28 June 2018
- [[Category:Privacy Use Cases]]2 KB (253 words) - 04:00, 28 June 2018
- ...the US contracts can be used to force employees and others to "opt-out" of privacy regulation. With the GDPR no "opt-out" is permitted. ...definition, public. The PKI continues to provide good functionality where privacy is not permitted by law or necessity.56 KB (9,154 words) - 00:16, 30 October 2020
- *Creating a [[Community and Privacy Pattern Language]] has been a challenge ever since communities grew beyond ...e following are some of the concerns that are not addressed in the BFR. ([[Privacy Req 15]]).5 KB (842 words) - 04:01, 28 June 2018
- ...After all the greatest hassle for users is created when their security or privacy are breached. While interoperability is seldom raised as a user expectation Given all of the challenges of security and privacy what can the IDESG do to help create a good user experience on authenticati8 KB (1,351 words) - 21:37, 27 March 2020
- ===Privacy Considerations===3 KB (328 words) - 21:41, 10 January 2020
- '''Privacy''': ...ipant]], [[Participant Agreement]], [[Participant Operating Practices]], [[Privacy Policy]], [[Profile]], [[Public Key Cryptography]], [[Public Key Infrastruc2 KB (205 words) - 04:01, 28 June 2018
- '''Privacy''': Some discussion of the subject trusting the IDP to protect privacy, and real-time versus pre-approved2 KB (203 words) - 21:48, 10 January 2020
- '''Privacy''': No stipulations. For Silver profiles, there are requirements to store P1 KB (156 words) - 04:01, 28 June 2018
- [[Category:Privacy Use Cases]]676 bytes (77 words) - 04:01, 28 June 2018
- ...solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.'' *#"Consider the following list: PAPA (privacy, accuracy, intellectual property and access); ‘the triple A’ (availabil13 KB (1,906 words) - 19:16, 2 July 2021
- ...ween different entities/roles (IdP, RP, User, etc.) that require different privacy, security, UX and other considerations. ...r deriving requirements – like security requirements, UX requirements, and privacy requirements, so on.6 KB (888 words) - 04:01, 28 June 2018
- ...Y-PROVIDERS SHOULD provide USERS with a mechanism for portability of their privacy and other USER preferences.2 KB (283 words) - 22:49, 12 October 2018
- * Children's Online Privacy Protection Act (COPPA) for entities whose transactions are governed by its2 KB (291 words) - 04:01, 28 June 2018
- * HIPAA Security and Privacy Regulations regarding development and maintenance of policies and procedure3 KB (313 words) - 04:01, 28 June 2018
- ...comments about "data storage companies" in the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the HITECH Act ...th various requirements: see "Business Associate" regulations in the HIPAA Privacy Regulations: 45 CFR Parts 160 and 164, §§ 160.103, 164.502(a)(3), (a)(3 KB (451 words) - 04:01, 28 June 2018
- Reference for “accountability” requirements: ISO/IEC 29100 (2011) Privacy Framework, Section 5.10 Accountability, http://standards.iso.org/ittf/Publi2 KB (190 words) - 04:01, 28 June 2018
- ...gain education and have a health record. How do these populations get some privacy and control?5 KB (748 words) - 04:01, 28 June 2018
- *FTC had a privacy conference recently. Google in now on 97 percent of the top 1,000 sites an *Jim Zok also offered to take this to the Privacy Committee for their review.4 KB (702 words) - 04:01, 28 June 2018
- *Design Pattern work – discussed sending to TFTM, Privacy and Management Council for review.3 KB (460 words) - 04:01, 28 June 2018
- ...involvement was with the Privacy Committee. He is the fourth Chair of the Privacy Committee since it was originally formed. His background is in sales and m3 KB (428 words) - 04:01, 28 June 2018
- **Tom Jones asked to include a discussion about how to explain to a user what privacy state they are in. * How do we tell the user what their privacy state is? Mary noted that this is a critical piece for a RP – and it is7 KB (1,229 words) - 04:01, 28 June 2018
- *2) Tom and Jeff Brennan have devoted time to reviewing Noreen’s finding for Privacy and will be providing their recommendations – what is not reviewed during ** Tom reviewed the text for Privacy Requirements modified from IDEF version 1. This document was attached to t2 KB (355 words) - 04:01, 28 June 2018
- **Tom discussed the User Identity Privacy Risk Levels he put together. They are Anonyous, Pseudonymous, Weakly Authe **For an indication to the user of the current privacy status3 KB (474 words) - 04:01, 28 June 2018
- ...mmittee should come up with a Security Evaluation Methology similar to the Privacy Evaluation mythology as a new work item? Steve recommended we add the next5 KB (845 words) - 04:02, 28 June 2018
- ...rin about inclusion of privacy concerns in the model. Ryan suggested that privacy should be dealt with as part of the requirements.3 KB (448 words) - 04:02, 28 June 2018
- *Are we ready to send Ellen’s document to TFTM, Privacy or IDESG as a whole? Tom will reach out to a few contacts for feedback. *The Trustmark evolving pattern will be sent to TFTM for their feedback. Privacy Committee did not have any comments.3 KB (487 words) - 04:02, 28 June 2018
- ...2016. She is almost done. It was suggested that she send the document to Privacy, FMO, TFTM and the Chairs for an informal review now before officially sen * Send to TFTM, Privacy and Chairs with little feedback. Next?3 KB (378 words) - 04:02, 28 June 2018
- #** To that end, Adam reached out to the Privacy Committee who’s approval is a necessary prerequisite for submission of th4 KB (608 words) - 04:02, 28 June 2018
- **Privacy Committee – the two design pattern documents sent to Privacy have not had any feedback.5 KB (790 words) - 04:02, 28 June 2018
- *HIMSS recommendation discussed at Chairs meeting; policy has been sent to Privacy, Security and Standards Committees chairs. Chat from Paul Knight: “The3 KB (479 words) - 04:02, 28 June 2018
- *Liaison reports from Jim Zok on Privacy, Standards, Noreen on International.2 KB (333 words) - 04:02, 28 June 2018
- ...m created this design pattern. He asked the team to look especially at the privacy concerns and the specific use case at the bottom of the page. *https://wiki2 KB (318 words) - 04:02, 28 June 2018
- ...has sent various documents for people to comment on. Tom went to a recent Privacy Committee meeting to provide details on this work. They talked about takin ...the user attributes that are selected on first signin. Also the terms and privacy statement are dense legalese which are written to protect the site owner. T5 KB (876 words) - 04:02, 28 June 2018
- Privacy Criteria '''Privacy''':848 bytes (97 words) - 00:51, 31 May 2020
- '''Privacy''':1 KB (128 words) - 04:02, 28 June 2018
- '''Privacy''': No stipulation.2 KB (217 words) - 04:02, 28 June 2018
- '''Privacy''': No stipulation.785 bytes (85 words) - 04:02, 28 June 2018
- '''Privacy''':1 KB (119 words) - 04:02, 28 June 2018
- '''Privacy''':653 bytes (65 words) - 04:02, 28 June 2018
- '''Privacy''':681 bytes (65 words) - 04:02, 28 June 2018
- '''Privacy''':871 bytes (95 words) - 04:02, 28 June 2018
- *Privacy group is still working on usability. They will look at UXC disclaimer lang3 KB (548 words) - 04:02, 28 June 2018
- ...ling against the DoD for releasing information that is protected under the privacy act to companies like ID.me. The lawsuit is supposed to be filed within the6 KB (1,061 words) - 04:02, 28 June 2018
- ...40500:2012. The other standards that UXC submitted are in review with the Privacy Committee. **Privacy Committee has been discussing what to do with the reference material on the3 KB (514 words) - 04:02, 28 June 2018
- ...dispose of comments and append additional comments to Use Case containing privacy considerations1 KB (162 words) - 04:02, 28 June 2018
- ...ommittee could be doing related to overall requirements. For example, the Privacy Committee independently did a review of security and interoperability requi5 KB (880 words) - 04:02, 28 June 2018
- **Privacy Coordination Committee is working on supplemental guidance and a new refere3 KB (522 words) - 04:02, 28 June 2018
- ...pseudonymous identity, match names between systems, verify attributes with privacy protection]881 bytes (102 words) - 04:02, 28 June 2018
- ...ctors section, Design Patterns Common to any Internet Identity Ecosystem – Privacy Considerations. https://wiki.idesg.org/wiki/index.php?title=Design_Pattern% ...ade to send out the Design Pattern pages to other committees for feedback (Privacy, Board of Directors, Chairs Committee and TFTM).4 KB (658 words) - 04:02, 28 June 2018
- ...The section titled “What is the baseline?” says: “Improving the security, privacy, usability, and interoperability of everyday online transactions” and tha **Privacy Evaluation Subcommittee meeting for today is cancelled.6 KB (932 words) - 04:02, 28 June 2018
- ...rting). Adam proposed we request a joint committee meeting with Use Case, Privacy and Trust Framework around functional model - committee has no objections.4 KB (620 words) - 04:02, 28 June 2018
- ...GRITY was changed to a simpler definition. There are no concerns from the Privacy Evaluation Committee as their recommended changes were approved. Completio **Privacy Committee meets today. They just completed their elections and Jeff Brenna3 KB (523 words) - 04:02, 28 June 2018
- ...g so we can gather input from them. Tom Jones will present same at June 6 Privacy Coordination Committee meeting.843 bytes (130 words) - 04:02, 28 June 2018
- ...and next steps. To document uses cases and them to see where (governance, privacy, security, etc.) fit in.1 KB (196 words) - 04:02, 28 June 2018
- ...ed UX members to review and provide feedback before it is presented to the Privacy Committee on June 4.764 bytes (116 words) - 04:02, 28 June 2018
- '''Meeting Notes from the [[Privacy Requirements]] Working Group Meeting on 4/28/14.'''1 KB (148 words) - 04:02, 28 June 2018
- '''7/287/14 [[Privacy Requirements]] Working Group Meeting Notes''' ...tions shall maximize use of architectural and technical point controls for privacy.2 KB (215 words) - 04:02, 28 June 2018
- '''7/7/14 [[Privacy Requirements]] Working Group Meeting Notes'''3 KB (469 words) - 04:02, 28 June 2018
- '''[[Privacy Requirements]] Working Group Meeting notes from June 16, 2014''' * Privacy-enhancing technology is how, not what. too much influence on implementation1 KB (205 words) - 04:02, 28 June 2018
- '''Notes from June 2, 2014 [[Privacy Requirements]] Working Group Meeting''' * Privacy, Security, Standards, User Experience, met to discuss requirements coordina1 KB (190 words) - 04:02, 28 June 2018
- '''6/23/14 [[Privacy Requirements]] Working Group Meeting Notes'''2 KB (218 words) - 04:02, 28 June 2018
- '''6/30/14 [[Privacy Requirements]] Working Group Meeting Notes''' * Proactive Privacy Subcommittee work provided language to clarify: "When terminating business3 KB (380 words) - 04:02, 28 June 2018
- '''Notes from June 9, 2014 [[Privacy Requirements]] Working Group Meeting''' * Notice: Creating privacy policies is very difficult to do appropriately without turning into legales1 KB (187 words) - 04:02, 28 June 2018
- Notes from May 12, 2014 [[Privacy Requirements]] Working Group Meeting ** "construct trees" in order to view privacy chains of action/events1 KB (178 words) - 04:02, 28 June 2018
- '''11/10/14 [[Privacy Requirements]] Working Group Meeting Notes''' ...n: Organizations must provide a technical mechanism to bundle individuals' privacy choices along with attributes, and have mechanisms to ensure other parties4 KB (568 words) - 04:02, 28 June 2018
- '''11/24/14 [[Privacy Requirements]] Working Group Meeting Notes''' ** You mitigate privacy risks if you keep info that could be used to identify someone separate from6 KB (796 words) - 04:02, 28 June 2018
- '''11/3/14 [[Privacy Requirements]] Working Group Meeting Notes''' ** Ann suggested editing to say “maintaining the security and privacy…”3 KB (377 words) - 04:02, 28 June 2018
- '''10/20/14 [[Privacy Requirements]] Working Group Meeting Notes''' ...aining the security and privacy…” Ann will write up why we want to include privacy here, and discussion will continue via email.2 KB (240 words) - 04:02, 28 June 2018
- '''10/27/14 [[Privacy Requirements]] Working Group Meeting Notes'''2 KB (305 words) - 04:02, 28 June 2018
- '''10/6/14 [[Privacy Requirements]] Working Group Meeting Notes''' ** Risk to privacy factor in determining an organization’s practices when assessing how comp2 KB (278 words) - 04:02, 28 June 2018
- '''9/22/14 [[Privacy Requirements]] Working Group Meeting Notes'''2 KB (279 words) - 04:02, 28 June 2018
- '''9/8/14 [[Privacy Requirements]] Working Group Meeting Notes''' ** Do people have a better understanding of, or control over, their privacy with an opt-in option?2 KB (341 words) - 04:02, 28 June 2018
- '''Privacy''': There may be PII among the attributes that make up a person's identity.2 KB (204 words) - 04:02, 28 June 2018
- '''Privacy''': No privacy stipulations.810 bytes (97 words) - 04:02, 28 June 2018
- '''Privacy''': Contains functional requirements related to privacy, requiring the CKMS design to specify the support for the ...ment]], [[Mode Of Operation]], [[Parameters]], [[Pre-activation State]], [[Privacy]], [[Profile]], [[Qubit]], [[Recover (key/metadata)]], [[Registration]], [[3 KB (390 words) - 04:02, 28 June 2018
- '''Privacy''': Lists anonymity and protection of personal privacy as stretch goals for section 4.4 Accountability. It also1 KB (170 words) - 04:02, 28 June 2018
- '''Privacy''':2 KB (208 words) - 04:02, 28 June 2018
- '''Title''': Security and Privacy Controls for Federal Information Systems and Organizations '''Description''': NIST SP 800-543 Rev 4 provides a catalog of security and privacy controls for federal information systems and organizations and a process fo2 KB (249 words) - 04:02, 28 June 2018
- ...rivacy''': Advises agencies to reference OMB Guidance for Implementing the Privacy Provisions of the E-Government .... Subscribers are assumed to trust relying parties to follow "all relevant privacy4 KB (459 words) - 23:02, 18 February 2021
- '''Privacy''':1,002 bytes (102 words) - 04:02, 28 June 2018
- '''Privacy''':1 KB (120 words) - 04:02, 28 June 2018
- '''Privacy''':1 KB (109 words) - 04:02, 28 June 2018
- '''Privacy''':864 bytes (94 words) - 04:02, 28 June 2018
- '''Privacy''':774 bytes (87 words) - 04:02, 28 June 2018
- ...agement and data protection accreditation topic includes confirmation that privacy requirements from FIPS 201 are satisfied. This document does not add privacy requirements but provides2 KB (198 words) - 04:02, 28 June 2018
- '''Privacy''':566 bytes (67 words) - 04:02, 28 June 2018
- '''Privacy''':765 bytes (94 words) - 04:02, 28 June 2018
- Efficiency, Security, and Privacy ...v/blog/2011/04/26/national-strategy-trusted-identities-cyberspace-and-your-privacy2 KB (148 words) - 04:02, 28 June 2018
- ...iple of the envisioned Identity Ecosystem. The Identity Ecosystem will use privacy-enhancing technology and policies to inhibit the ability of service provide [[Category:Privacy Use Cases]]954 bytes (117 words) - 04:02, 28 June 2018
- '''Privacy''':1 KB (112 words) - 04:02, 28 June 2018
- '''Privacy''': No specific privacy relevance.933 bytes (104 words) - 04:02, 28 June 2018
- ...asis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf Security and Privacy Considerations]2 KB (258 words) - 04:02, 28 June 2018
- '''Privacy''':489 bytes (48 words) - 20:12, 15 October 2019
- '''Privacy''':493 bytes (49 words) - 04:02, 28 June 2018
- '''Privacy''':654 bytes (69 words) - 16:30, 27 May 2020
- ...vacy''': Defines both transient and persistent pseudonym as mechanisms for privacy-preserving name identifiers.2 KB (226 words) - 04:02, 28 June 2018
- '''Privacy''':721 bytes (81 words) - 04:02, 28 June 2018
- '''Privacy''':691 bytes (77 words) - 04:02, 28 June 2018
- '''Privacy''':670 bytes (72 words) - 04:02, 28 June 2018
- '''Title''': Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0 '''Description''': Provides security and privacy considerations for users of SAML 2.0, including some specific implementatio1 KB (171 words) - 04:02, 28 June 2018
- '''Privacy''':478 bytes (45 words) - 04:02, 28 June 2018
- ...(3) enabling consistent and detailed compliance with policies on access to privacy-sensitive data of relying parties.2 KB (256 words) - 04:02, 28 June 2018
- '''Privacy''':2 KB (241 words) - 04:02, 28 June 2018
- '''Privacy''': Privacy is explicitly out of scope of the specification (q.v. section 4.4).1 KB (142 words) - 04:02, 28 June 2018
- '''Privacy''':869 bytes (102 words) - 04:02, 28 June 2018
- '''Privacy''':2 KB (193 words) - 21:30, 24 July 2020
- '''Privacy''':576 bytes (63 words) - 04:02, 28 June 2018
- ...ortant that there is a clear set of operational checks, includes Security, Privacy, Standards and User Experience. What has been a baseline against what we m7 KB (1,031 words) - 04:02, 28 June 2018
- Example is the Common Design pattern Privacy Section: https://wiki.idesg.org/wiki/index.php?title=Design_Pattern%3A_Comm ...ocation in the document is under NSTIC Guiding Principles Considerations – Privacy Considerations.6 KB (955 words) - 04:02, 28 June 2018
- ...Zok brought up an issue we had discussed in a smaller group last week: the privacy committee thought it best to adjust the title of the Usable-7 requirement t3 KB (404 words) - 04:02, 28 June 2018
- ...rategy AND THE idesg PRINCIPLES. Besides those items related to security, privacy ad interoperability, these UX items are included:3 KB (454 words) - 04:02, 28 June 2018
- #* Andrew introduced the collect, use, disclose nomenclature used in privacy circles1 KB (154 words) - 04:02, 28 June 2018
- ...ategy]] and the IDESG principles. Besides those items related to security, privacy and interoperability, these UX items are included:4 KB (639 words) - 04:02, 28 June 2018
- *Please note that the IDESG Privacy Requirements apply to these interactions and the data they generate. ...Track: https://www.ftc.gov/news-events/media-resources/protectingconsumer-privacy/do-not-track Do Not Track standard work at the W3C: http://www.w3.org/2011/5 KB (745 words) - 04:02, 28 June 2018
- [[Category:Privacy Use Cases]]2 KB (258 words) - 04:02, 28 June 2018
- '''Privacy''':458 bytes (41 words) - 04:02, 28 June 2018
- '''Privacy''':434 bytes (37 words) - 04:02, 28 June 2018
- '''Privacy''':809 bytes (83 words) - 04:02, 28 June 2018
- '''Privacy''':701 bytes (75 words) - 21:32, 24 July 2020
- '''Privacy''':447 bytes (40 words) - 04:02, 28 June 2018
- '''Privacy''':450 bytes (40 words) - 04:02, 28 June 2018
- '''Privacy''':461 bytes (40 words) - 04:02, 28 June 2018
- '''Privacy''':453 bytes (40 words) - 04:02, 28 June 2018
- '''Privacy''':438 bytes (38 words) - 04:02, 28 June 2018
- '''Privacy''':757 bytes (88 words) - 04:02, 28 June 2018
- '''Privacy''':471 bytes (42 words) - 04:02, 28 June 2018
- '''Privacy''':493 bytes (41 words) - 04:02, 28 June 2018
- '''Privacy''':464 bytes (39 words) - 04:02, 28 June 2018
- ...pseudonymous identity, match names between systems, verify attributes with privacy protection] [[Category:Privacy Use Cases]]868 bytes (101 words) - 04:02, 28 June 2018
- == OTHER PRIVACY RESOURCES == ...s informative, but not normative, guidance on the matters discussed in the Privacy Requirements.572 bytes (71 words) - 04:02, 28 June 2018
- '''Privacy''': Agencies are recommended not to use Social Security Number as the Perso1,008 bytes (125 words) - 04:02, 28 June 2018
- '''Privacy''':709 bytes (80 words) - 21:24, 25 March 2021
- '''Use Case Category''': Trust/Assurance, Authentication, Interoperability, Privacy '''Category:''' Trust/Assurance, Authentication, Interoperability, Privacy9 KB (1,241 words) - 04:02, 28 June 2018
- '''Use Case Category''': Trust/Assurance, Authentication, Interoperability, Privacy ...cant wishes to apply for and obtain an electronic credential that provides privacy, strong authentication and is trusted for high assurance transactions/inter6 KB (830 words) - 04:02, 28 June 2018
- '''Privacy''': No stipulations.1,023 bytes (117 words) - 23:30, 12 January 2021
- ...pseudonymous identity, match names between systems, verify attributes with privacy protection] ...data is made available and follow certain interoperability, security, and privacy (HIPAAHIPPA) standards Both the patient EHR and data holder application wi6 KB (949 words) - 18:39, 27 April 2019
- ...ssary to establish a trusted persona should need to be disclosed. This is privacy-enhancing, and minimizes opportunity for aggregation of information of iden4 KB (531 words) - 04:02, 28 June 2018
- * Privacy [[file:Privacy_Requirements_Update.docx]] ...d that helps to describe how a site with no user connectivity can meet any privacy or security guideline.2 KB (284 words) - 18:45, 7 January 2019
- ...pseudonymous identity, match names between systems, verify attributes with privacy protection] [[Category:Privacy Use Cases]]1 KB (127 words) - 05:22, 31 March 2021
- ...ciple is persisted in a [[Digital Entity]], then that data is subject to [[Privacy]] and [[Security]] requirements of the IDESG. ...tes. (Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym “data subject” can also be used instead of the4 KB (560 words) - 04:02, 28 June 2018
- '''Title''': Privacy-Preserving Accessibility Support ...preferences and to control the release of subsets of that information in a privacy-preserving way to enable online services to tailor their presentation and u3 KB (367 words) - 04:02, 28 June 2018
- Privacy enhancing technology provided by an agent under the user's control. Privacy, Trust/Assurance, Interoperability12 KB (2,056 words) - 20:35, 27 November 2019
- Privacy enhancing technology generic use case. In some ways this is similar to the Privacy, Trust/Assurance, Interoperability14 KB (2,167 words) - 01:45, 15 May 2021
- ...ted in accordance with the [https://www.idecosystem.org/filedepot?fid=1090 Privacy Evaluation Methodology]. | OpenID Connect || [[Standards]] || 8 October 2015 || Privacy issues; no objection || 5 January 20164 KB (409 words) - 04:02, 28 June 2018
- ...organizations understand how to evaluate their system for alignment to the privacy requirements. References should be considered informative guides only.''' New documents can be suggested for inclusion by emailing the Privacy Committee listserv.5 KB (571 words) - 00:54, 31 May 2020
- == PRIVACY-1. DATA MINIMIZATION == ...tity (for example from signin to signout of the user.) See [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]].3 KB (425 words) - 04:02, 28 June 2018
- == PRIVACY-15. ATTRIBUTE SEGREGATION == ...ved at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx2 KB (283 words) - 04:02, 28 June 2018
- ''<< Back to [[Privacy_Req_1|Privacy Requirement 1]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-1.1 KB (131 words) - 04:02, 28 June 2018
- == PRIVACY-2. PURPOSE LIMITATION == See also Requirement [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] on the application of limitations to, and5 KB (583 words) - 04:03, 28 June 2018
- ''<< Back to [[Privacy_Req_2|Privacy Requirement 2]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-2.2 KB (257 words) - 04:03, 28 June 2018
- == PRIVACY-3. ATTRIBUTE MINIMIZATION == ...eleased as claims as well as detailed attributes; see also [[Privacy Req 1|PRIVACY-13 KB (438 words) - 04:03, 28 June 2018
- ''<< Back to [[Privacy_Req_3|Privacy Requirement 3]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-3.1 KB (143 words) - 04:03, 28 June 2018
- == PRIVACY-4. CREDENTIAL LIMITATION == ...ements [[Privacy Req 1|PRIVACY-1 (DATA MINIMIZATION)]] and [[Privacy Req 2|PRIVACY-2 (PURPOSE LIMITATION)]] on the application of limitations to, and scope of3 KB (356 words) - 04:03, 28 June 2018
- ''<< Back to [[Privacy_Req_4|Privacy Requirement 4]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-4.789 bytes (93 words) - 04:03, 28 June 2018
- ''<< Back to [[Privacy_Req_5|Privacy Requirement 5]]'' ...ntity stakeholders) when applying and evaluating IDEF Baseline Requirement PRIVACY-5.1 KB (147 words) - 04:03, 28 June 2018
- The Privacy Requirements Work Group is drafting privacy requirements to support the development of the [[Identity Ecosystem Framewo ...ns understand the guidance for Version 1 of the IDEF can be found in the [[Privacy References and Guides]] page.9 KB (1,100 words) - 04:03, 28 June 2018
- ...int. Also any site that provides access to resources that are protected by privacy, health, age-restrictions or other regulations. ...multiple functions, or as one that is not otherwise covered, for example a Privacy Enhancing Technology Provider, Trusted Third Party or a federation server.21 KB (3,285 words) - 23:37, 15 January 2020
- ...issues that may arise in the areas of interoperability, cross-recognition, privacy, audit, and enforceability. As called out by the National Strategy for Trus | 2014-05-14 || GTRI: GTRI discussion on FICAM and Fair Information Privacy Practices integration into GTRI model5 KB (731 words) - 18:01, 21 May 2019
- ...s the data are bound by legal statutes or agreements to protect the user's privacy to a high level of assurance. *Real-world users wish to maintain their privacy and still have access to protected data on the internet.4 KB (626 words) - 21:21, 14 May 2020
- ...ser experience and obtains responses from the user in order to satisfy the privacy concerns of the user and the need for identity and attribute claims by the # This request for information is intercepted by the user agent, or any privacy-enhancing technology intermediary—complex step where user drop-out is lik24 KB (3,856 words) - 16:05, 16 December 2021
- ...ice providers, and they often must calculate the tradeoffs among security, privacy, and gaining access to a service they desire." Page 12 ...ric nature of the Identity Ecosystem, which provides greater transparency, privacy protection, flexibility,and choice to the individual." Page 218 KB (1,190 words) - 16:21, 27 May 2020
- * review by Privacy committee2 KB (219 words) - 20:43, 8 December 2014
- | Privacy Committee || Jim Zok || ...533 bytes (59 words) - 16:14, 25 February 2016
- * [http://www.nyu.edu/projects/nissenbaum/main_bio.html Helen Nissenbaum's Privacy By Design work] === Usability Studies in Privacy, Security, Identity, etc. ===7 KB (944 words) - 20:05, 11 April 2018
- ##Design Pattern and Anti-Pattern work (First two to be submitted to TFTM, Privacy and MC for information review, February 2016) # Ken Klingenstein pilot review of Privacy Lens <br>3 KB (417 words) - 23:15, 13 April 2016
- ...nhancing technology" is widely in use in industry, research suggests that "privacy protection" is more readily understood and used by real users.... ...d be presented with pathways to the identity service they desire, such as: privacy options, identity caching, etc. <br>16 KB (2,145 words) - 16:18, 27 May 2020
- ...d to encourage comments from the community regarding technical, standards, privacy, and usability issues that appear to be relevant.</small> ...o participate in the secure and resilient, cost effective and easy to use, privacy enhancing and voluntary interoperable online Identity Ecosystem envisioned13 KB (1,990 words) - 21:48, 5 December 2020
- ...nhancing technology" is widely in use in industry, research suggests that "privacy protection" is more readily understood and used by real users.3 KB (411 words) - 22:50, 12 October 2018
- ...be presented with pathways to the identity services they desire, such as: privacy options,3 KB (500 words) - 22:51, 12 October 2018
- Please note that the [[Baseline_Functional_Requirements_v1.0#Privacy|IDESG Privacy Requirements]] apply to these interactions and the data they ...ck]]'': https://www.ftc.gov/news-events/media-resources/protectingconsumer-privacy/do-not-track3 KB (401 words) - 22:53, 12 October 2018