From IPEN Wiki
Jump to navigation Jump to search



The objective of this page is to provide a high-level view of activities related to privacy standards in OASIS

Some conventions on OASIS standards

Technical Committees

PMRM (Privacy Management Reference Model)

Chair John Sabo

Privacy Management Reference Model and Methodology (PMRM) Version 1.0 was approved as an Committee Specification Draft on 26 March 2012

The OASIS PMRM TC works to provide a standards-based framework that will help business process engineers, IT analysts, architects, and developers implement privacy and security policies in their operations. PMRM picks up where broad privacy policies leave off. Most policies describe fair information practices and principles but offer little insight into actual implementation. PMRM provides a guideline or template for developing operational solutions to privacy issues. It also serves as an analytical tool for assessing the completeness of proposed solutions and as the basis for establishing categories and groupings of privacy management controls.

Web pages

[Antonio Kung]

  • use case based process
  • integrates concept of touch points (supporting systems developed by several organisations)

PbD-SE (Privacy-by-Design Documentation for Software Engineers)

Chair Dawn Jutla, Ann Cavoukian

The OASIS PbD-SE TC provides privacy governance and documentation standards for software engineers. It enables software organizations to embed privacy into the design and architecture of IT systems, without diminishing system functionality.

The PbD-SE TC work follows the Seven Foundational Principles of Privacy by Design:

  1. Proactive not Reactive; Preventative Not Remedial
  2. Privacy as the Default Setting
  3. Privacy Embedded into Design
  4. Full Functionality - Positive-Sum, Not Zero-Sum
  5. End-to-End Security - Full Lifecycle Protection
  6. Visibility and Transparency - Keep It Open
  7. Respect for User Privacy - Keep It User-Centric

PbD-SE offers a privacy extension/complement to OMG’s Unified Modeling Language (UML) and serves as a complement to OASIS’ eXtensible Access Control Mark-up Language (XACML) and Privacy Management Reference Model (PMRM).

Web pages