LC telecon 2013-03-27

Date and Time

• Date: Wednesday, 27 March 2013
• Time: 13:00 PT | 16:00 ET | 20:00 UTC (time chart)
• Dial-in:  Skype:+99051000000481
  
  • US Dial-In: +1-805-309-2350 | Room Code: 402-2737
  • For more dial-in information, see: http://kantarainitiative.org/confluence/display/GI/Telco+Bridge+Info

Agenda

1. Roll Call
2. Approve Minutes: LC telecon Minutes 2013-01-09
3. Administration:
   
   1. Action Item Review
   2. Quarterly Reports
4. WG Updates - 2013 plans
5. BoT Liaison Representative Update
6. AOB
7. Adjourn

Attendees

• Myisha Frazier-McElveen
• Nate Klingenstein
• Colin Wallis
• Pete Palmer
• Eve Maler

Quorum is 6 5 of 10 9 as of 06 June 201213 March 2013.

Staff:

• Heather Flanagan (scribe)
• Andrew Hughes

Apologies:

• John Bradley
• Allan Foster

Minutes & Notes

Action Item Review

Discussion of Action Items

Quarterly Reports

See Quarterly Reports

• Several groups are fairly behind in reports

WG Updates - 2013 Plans

HIAWG (Pete Palmer)

• the Kantara Initiative and DirectTrust.org signed a MOU that programs would be coordinated to recognize each others audits
• there has been a tiger team to work with DirectTrust and that effort is going to be rolled back in to the active WG
• the goal is to enable ID proofing as few times as possible, with Direct Trust and Kantara CSPs being recognized
• Pete Palmer wrote a high level article for the IEEE about this effort (link?)
• a great deal of money is at stake to get this space sorted out - see e-prescription effort
• yesterday, Health and Human Services announced a contract to DirectTrust for their new accreditation program, and Kantara is called out heavily in the criteria for that; there will be a press conference on this next Wednesday
• (Colin) seen a shift in the last 6 months that nearly all the WG are discussing aspects of the same thing; there is so much crossover right now is huge, is there a way we can help the collaboration further?
• (Myisha) any implications as it relates to profiling of the IAF? we will need a profile for protected health information exchanges (probably not for all of health care) and associated special concerns; for instance Medicare has a program around electronic signing of information and for that use case the physicians need to come in an L3
  
  • (Colin) how would a profile be funded? there are different opportunities to solicit funds here; (Pete) Question is, how do we get the programs to be working together so the same person that does the audit for ENAC does it for Kantara and DirectTrust? the collaboration of these groups will come up with the money to do this; the Office of the National Coordinator will look at the need for this and can be approached for a grant

...

• Joe and Ian are doing good work there, calls are small but regular; Aleska (UX developer/specialist) has joined the group to help build out the standard labels for info sharing (the group is trying to standardize the labeling of personal information so a user can see the same words from different identity providers and have them mean the same thing) - see www.standardlabel.org
  
  • Eve: group might also want to look at Dazza Greenwood's work on Terms of Authorization
• Colin: group is doing a bit of rediscovery to make sure the group is on the right track, so Eve's suggestion a good one.
• (Pete) can any of the consent work be leveraged for the Healthcare work? there is a lot of discussion on how to roll out a consent server in the health care industry so a relying party can query something regarding consent
  • (Eve) consent management and consent server is fine, but consent is a very weak form of authorization; UMA authorization provides more functionality than that and can be considered to cover consent
  • (Colin) since that space is so driven by regulation, it does tend to limit people's thinking; should broaden the thinking to consider broader authorization along with consent. Eve: UMA consideration of whether consent can be the same as an authorization grant in OAuth)
  • Pete explains eHealth ruser equirements a bit more. (Eve): mixing authZ (policy) and identity data shouldn't always have to happen; should be able to have an authZ system based on claims, which preserves the right to have the place of federations of last resort in your head; one time use identifiers is a good technology to use in various places, but probably wouldn't hang hat on an architecture that depends on it

BoT Liason Report

• last board meeting was at RSA and was in part driven by events of the moment, including in the international coordination wg of the IDESG, they wanted to create an inventory of NSTIC IDESG-like initiatives, and given Kantara had already done that in the Business Case for Trusted Federations, Kantara forwarded a copy of that with our IPR statement, and IDESG (inadvertently it seems) stripped off the IPR and added something of their own and presented the work as its own; Kantara was expecting their work would go in as it was as a complete work, so this was not acceptable; out of untangling that to mutual satisfaction (in progress) came an effort to create a proper liaison with IDESG; since IDESG didn't have a template for liaisons. the BoT has drafted a statement and in doing so creates a template for the IDESG to consider what kind of liaisons they might have.

AOB

• Upcoming events: April 25 there will be an Industry Day sponsored by Experian in Washington, mostly about F6 (invitation only); EIC is in mid-May with a panel in the planning stages; there is the Cloud ID summit in July and the EIC panel work will be repurposed for this
• Pete looking for feedback on an IEEE article; will send to the LC

New Action Items

Next meeting

• Date: Wednesday, 10 April 2013
• Time: 13:00 PT | 16:00 ET | 20:00 UTC (time chart)
• Dial-in:  Skype:+99051000000481
  
  • US Dial-In: +1-805-309-2350 | Room Code: 402-2737
  • For more dial-in information, see: http://kantarainitiative.org/confluence/display/GI/Telco+Bridge+Info