Whatever can be done to make the process of applying or using the Model simpler is most helpful.
Sent from my mobile device. My cell phone # is 240-507-7107.
From : Sabo, John T <
John.T.Sabo@ca.com>
To :
pmrm@lists.oasis-open.org <
pmrm@lists.oasis-open.org>
Sent : Fri Aug 19 08:22:16 2011 Subject : RE: [pmrm] PMRM TC: possible simplifications in the original PMRM Services
Michael and I are now revising the draft specification outline we discussed at the last meeting, and beginning to draft initial spec language. So please consider the suggestions below ?? we can discuss more deeply at the next meetings. Thanks, John John Sabo CA Technologies Director, Global Government Relations Tel: +1 202-513-6304 Mobile: +1 443-629-6198
john.t.sabo@ca.com From: Michael Willett [mailto:
mwillett@nc.rr.com] Sent: Thursday, August 18, 2011 6:40 PM To:
pmrm@lists.oasis-open.org Subject: [pmrm] PMRM TC: possible simplifications in the original PMRM Services John S and I have assembled a number of comments from PMRM TC members over time and have discussed at length possible simplifications in the PMRM Services that may address some of your concerns (and confusion). The objective is to make the Methodology/PMRM as simple as possible, but not any simpler (to quote Einstein). In the original work that led to the current 10 Services, the Agent, Usage, and Access services were ??different ?? in their nature, being services that largely invoked other services. Consideration: - Agent: Acts as the ??persona ?? for the underlying Actor/system. Consider expanding the Interaction service to include the Agent capability. - Usage: handles ??subsequent ?? handling of PI. Consider absorbing that capability into the Control service. - Control: Manages agreements/permissions re: PI. But, the term ??control ?? is already over-loaded; eg, we talk about privacy ??controls ??, which are at a different logical level in the architecture. Consider changing the name of Control to something else: one possibility is Usage, expanded meaning (above). Anyone have a better name suggestion? ??Manage ? is way too broad. - Access: Grant subject access to PI held by other Actors. One consideration is to collapse Access into Interaction. But, Access is a fundamental function. Let ??s keep it distinct for the moment. - Security: Elevate Security to Service status. - Audit: Manages the ??log ??. Absorb Audit into Enforcement. Net: New Services ?? Core Policy Services . 19 Agreement 19 20 Usage (new = Control + Usage) Security Privacy Assurance Services 21 Validation . 21 Certification . 22 .............................................................................................................................. Enforcement 25 (absorb Audit) Presentation and Life Cycle Services . 26 Interaction . 26 (including Agent) Access Now, consider the 7 function-category set under each Service: 1. DEFINE [SVC] operational requirements 2. SELECT [SVC] (input, process, and output) information and parameters 3. INPUT [SVC] information and parameter values in accordance with Select 4. PROCESS [SVC] information and parameter values within Functions 5. OUTPUT [SVC] information, parameter values, and actions 6. LINK [SVC] to other (named) Services 7. SECURE [SVC] with the appropriate security functions Define and Select are all part of setting up the invocation of the Service, whose calculation is included in the (multiple) Process calls/invocations. Think like programmers: Services are ??called ? by other Services (like programming ??procedures ?? in my day). So, Link is part of what the privacy management system does among Services. And, given that Security is a Service, any Service can ??link ?? to Security. That is, Security need not be called out explicitly. Net: The fundamental Function categories under each Service are (just like for procedures) : - Setup - Input - Process - Output Do you have a better word for Setup? Maybe, Configure? We solicit your opinions on any/all of the suggestions above? Yea? Nay? Better ideas? While I have your attention: We use the terms Actor, Touch Point, and System. Can someone suggest a precise definition for each that shows their mutual relationships? The challenge: make them distinct. Thanks ?¦ Michael