[Owasp-leaders] OWASP Access Management Policy

Larry Conklin larry.conklin at owasp.org
Thu Nov 10 23:42:59 UTC 2016


Elizabeth, I hope others pick up on this thread. I really think you are
going way outside of the boundaries of open organization.

I worked in Seattle for 10 months and attended .Net User group at their
Redmond campus. I did not have to provide any identification at all to
attend. There was no pre screening at all.

As a past president of Tulsa .Net Users group we have held meetings in
several buildings. Never once did we prescreen or require identification.

I just recently attended a Google Tech Fest in DC hosted by Capital One in
Capitals One's new office complex. I was never asked for any identification.

Larry

On Thu, Nov 10, 2016 at 3:12 PM, Elizabeth Belousov <
elizabeth.belousov at owasp.org> wrote:

> Larry,
>
> Thanks for your comments.
>
> "Open" does not mean "anonymous".
>
> It is very common that a hosting organization has a security  department
> that prescreens all visitors.
>
> Let's say you are hosting OWASP chapter meeting at Microsoft, you are
> REQUIRED to provide security with the list of attendees: first and last
> name.
>
> Personally, I was asked for a photo ID at Goldman, BofA, MongoDB for
> attending OWASP meetings. Did not violate my privacy and freedoms.
>
>
> ----------
> Regards,
>
> *Liz Belousov*
> Volunteer* | *OWASP Foundation
> NYC chapter
>
>
> On Nov 10, 2016, at 14:54, Larry Conklin <larry.conklin at owasp.org> wrote:
>
> I should have wrote "Doesn't sound like an open organization to me"
>
> On Thu, Nov 10, 2016 at 2:52 PM, Larry Conklin <larry.conklin at owasp.org>
> wrote:
>
>> Elizabeth
>> Who came up with this rule?....and why is it necessary?...Does sound like
>> an open organization to me. Is this a world-wide rule?
>> *For the on-site events attendance, OWASP members and non-members may be
>> asked to present their state issued photo identification card (passport,
>> driver license, e.g.).*
>>
>> Larry
>>
>> On Thu, Nov 10, 2016 at 10:16 AM, Elizabeth Belousov <
>> elizabeth.belousov at owasp.org> wrote:
>>
>>> It was a long overdue on my part. Last night at NY chapter meeting the
>>> topic was brought up to the discussion, which spurred me to think of OWASP
>>> Top 10 Compliance.
>>>
>>> Below:
>>>
>>> -- The background of the proposal
>>>
>>> -- OWASP Access Management Policy
>>> <https://drive.google.com/a/owasp.org/file/d/0B2w4JBsaD0LFTDYzSlk2WFNnelk/view?usp=sharing>
>>> (also linked via Google drive)
>>>
>>> *****************************
>>>
>>> Dear OWASP leaders:
>>>
>>>
>>>
>>> I’m writing you to solicit your feedback about the OWASP Access
>>> Management Policy that I recommend for adoption.
>>>
>>>
>>>
>>> Background. Earlier this year, there were several graphic
>>> violence/hatred content incidents on NY/NJ Meetup page. In order to monitor
>>> OWASP social media pages for inappropriate profile images, I proposed
>>> adopting the OWASP access management policy that would allow profile
>>> reconciliation based on the truthful information provided by OWASP
>>> followers and members.
>>>
>>>
>>>
>>> The access management policy would allow to:
>>>
>>>
>>>
>>> - Minimize or eliminate the presence of synthetic or anonymous OWASP
>>> followers;
>>>
>>> - Facilitate to physical access according to security standards of the
>>> hosting sites;
>>>
>>> - Drive meeting attendance by collaborating with real people.
>>>
>>>
>>>
>>> Looking forward to your feedback!
>>>
>>>
>>> *****************************
>>> Regards,
>>>
>>> *Liz Belousov*
>>> NYC chapter Volunteer* | *OWASP Foundation
>>>
>>>
>>>
>>> *OWASP Access Management Policy*
>>>
>>>
>>>
>>> The OWASP members or non-members that would like to participate in the
>>> OWASP chapter activities (events, webinars, onsite and online forums [e.g.
>>> by posting comments]) must use their real identities: first name, last
>>> name, and an image that corresponds to that identity [a headshot image].
>>>
>>>
>>>
>>> For the on-site events attendance, OWASP members and non-members may be
>>> asked to present their state issued photo identification card (passport,
>>> driver license, e.g.).
>>>
>>>
>>>
>>> The OWASP local chapters reserve a right to exclude from event
>>> registration and consequently the onsite or online participation those
>>> individuals who do not comply with the OWASP Access Management requirement.
>>>
>>>
>>>
>>> The OWASP maintains privacy of chapter members and meeting attendees
>>> according to the Mandatory Chapter Rules (cited below).
>>>
>>>
>>>
>>> [“The privacy of chapter members and meeting attendees should be
>>> protected at all times. You should not disclose names, email addresses, or
>>> other identifying information about OWASP members or meeting attendees.
>>> Only aggregate statistics can be referenced. Sponsors should not have
>>> access to member lists; however, they may ask attendees to share contact
>>> information voluntarily, for example via submitting business cards
>>> voluntarily for a raffle.”]
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161110/3158f128/attachment-0001.html>


More information about the OWASP-Leaders mailing list