[Owasp-leaders] OWASP Access Management Policy

Elizabeth Belousov elizabeth.belousov at owasp.org
Thu Nov 10 15:16:34 UTC 2016


It was a long overdue on my part. Last night at NY chapter meeting the
topic was brought up to the discussion, which spurred me to think of OWASP
Top 10 Compliance.

Below:

-- The background of the proposal

-- OWASP Access Management Policy
<https://drive.google.com/a/owasp.org/file/d/0B2w4JBsaD0LFTDYzSlk2WFNnelk/view?usp=sharing>
(also linked via Google drive)

*****************************

Dear OWASP leaders:



I’m writing you to solicit your feedback about the OWASP Access Management
Policy that I recommend for adoption.



Background. Earlier this year, there were several graphic violence/hatred
content incidents on NY/NJ Meetup page. In order to monitor OWASP social
media pages for inappropriate profile images, I proposed adopting the OWASP
access management policy that would allow profile reconciliation based on
the truthful information provided by OWASP followers and members.



The access management policy would allow to:



- Minimize or eliminate the presence of synthetic or anonymous OWASP
followers;

- Facilitate to physical access according to security standards of the
hosting sites;

- Drive meeting attendance by collaborating with real people.



Looking forward to your feedback!


*****************************
Regards,

*Liz Belousov*
NYC chapter Volunteer* | *OWASP Foundation



*OWASP Access Management Policy*



The OWASP members or non-members that would like to participate in the
OWASP chapter activities (events, webinars, onsite and online forums [e.g.
by posting comments]) must use their real identities: first name, last
name, and an image that corresponds to that identity [a headshot image].



For the on-site events attendance, OWASP members and non-members may be
asked to present their state issued photo identification card (passport,
driver license, e.g.).



The OWASP local chapters reserve a right to exclude from event registration
and consequently the onsite or online participation those individuals who
do not comply with the OWASP Access Management requirement.



The OWASP maintains privacy of chapter members and meeting attendees
according to the Mandatory Chapter Rules (cited below).



[“The privacy of chapter members and meeting attendees should be protected
at all times. You should not disclose names, email addresses, or other
identifying information about OWASP members or meeting attendees. Only
aggregate statistics can be referenced. Sponsors should not have access to
member lists; however, they may ask attendees to share contact information
voluntarily, for example via submitting business cards voluntarily for a
raffle.”]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161110/4ffd7c85/attachment.html>


More information about the OWASP-Leaders mailing list