CFP: PKI research workshop

Wed Jan 2 11:56:09 EST 2002

aka ... lots of people seem to equate privacy with personal privacy (as
well as legislative specification) ... while confidentiality has more of a
non-personal connotation

there seems to be 3-4 postings from yesterday that are still lost in the
ether ... they are recorded at

http://www.garlic.com/~lynn/aadsm9.htm
&
http://www.garlic.com/~lynn/aadsm10.htm

from
http://www.garlc.com/~lynn/secure.htm

confidentiality
(1) The assurance that information is not disclosed to inappropriate
entities or processes. (2) The property that information is not made
available or disclosed to unauthorized entities. (3) The prevention of the
unauthorized disclosure of information. (4) The concept of holding
sensitive data in confidence, limited to an appropriate set of individuals
or organizations. [AJP] Assurance that information is not disclosed to
inappropriate entities or processes. [FCv1] The concept of holding
sensitive data in confidence, limited to an appropriate set of individuals
or organizations. [NCSC/TG004] The prevention of the unauthorized
disclosure of information. [ITSEC][NIAP] The principle that keeps
information from being disclosed to anyone not authorized to access it.
Synonymous with secrecy. [AFSEC] The property that information is not made
available or disclosed to unauthorized entities. [JTC1/SC27/N734] The
property that information is not made available or disclosed to
unauthorized individuals, entities, or processes. [TNI] The property that
sensitive information is not disclosed to unauthorized individuals,
entities or processes. [FIPS140] (see also assurance, data confidentiality,
data confidentiality service, privacy, privacy programs, security)

privacy
(1) The ability of an individual or organization to control the collection,
storage, sharing, and dissemination of personal and organizational
information. (2) The right to insist on adequate security of, and to define
authorized users of, information or systems. Note: The concept of privacy
cannot be very precise, and its use should be avoided in specifications
except as a means to require security, because privacy relates to 'rights'
that depend on legislation. [AJP] (1) the ability of an individual or
organization to control the collection, storage, sharing, and dissemination
of personal and organizational information. (2) The right to insist on
adequate security of, and to define authorized users of, information or
systems. Note: The concept of privacy cannot be very precise and its use
should be avoided in specifications except as a means to require security,
because privacy relates to 'rights' that depend on legislation. [TNI] (I)
The right of an entity (normally a person), acting in its own behalf, to
determine the degree to which it will interact with its environment,
including the degree to which the entity is willing to share information
about itself with others. (O) 'The right of individuals to control or
influence what information related to them may be collected and stored and
by whom and to whom that information may be disclosed.' (D) ISDs SHOULD NOT
use this term as a synonym for 'data confidentiality' or 'data
confidentiality service', which are different concepts. Privacy is a reason
for security rather than a kind of security. For example, a system that
stores personal data needs to protect the data to prevent harm,
embarrassment, inconvenience, or unfairness to any person about whom data
is maintained, and to protect the person's privacy. For that reason, the
system may need to provide data confidentiality service. [RFC2828] (see
also confidentiality, private communication technology, private key,
security, quality of protection) (includes Privacy Enhanced Mail, data
privacy, pretty good privacy, privacy programs, privacy, authentication,
identification, integrity, non-repudiation, privacy, authentication,
identification, non-repudiation, virtual private network)

lynn.wheeler at firstdata.com on 1/2/2002 9:18 am wrote:

well PAIN is out of some standards organization (as is 3-factor
authentication) .... i agree that privacy and confidentiality is sometimes
thot of as different .... but others argue that it reduces to the
effectively the same requirements ... even tho different people have
different connotations with the two terms.

i had fumble fingered 3-4 URLs yesterday .... and the posting to correct
them seems to have gotten suspended for some time in the ether .... note
however the url for the security taxonomy and glossary had been typed
correctly in a posting made earlier in the day ... i.e.
http://www.garlic.com/~lynn/secure.htm

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com