Versions Compared

Old Version 2

changes.mady.by.user Colin Wallis

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added first draft of december meeting minutes

Kantara eGov Working Group Teleconference

Administrative section

Date and Time

  • Date: 3. Dec 2012
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 07:00 NZ(+1)

Roll Call

Find Minute taker

minutes approval

Agenda

...

Present

  1. Rainer Hörbe, Kismed
  2. Ken Dagg, Fed Canada
  3. Colin Wallis, DIA NZ Govt, NZ
  4. Keith Uber, Ubisecure
  5. Allan Foster, ForgeRock
  6. Andrew Hughes (Vice chair of identity assurance - non voting)
  7. Bob Sunday, ex-Fed Canada

Note to all: Calendar feed from the Kantara site includes room codes

1.Minutes

Non-quorate call, no review of November call minutes.

Minutes taker: Keith Uber

2. Action Item review

Colin: update of the charter and submission for LC. Complete (Waiting on editing rights to charter page)
-- Keith to contact oliver oliver@kantarainitiative.org

Colin: manage response to eHerkenning consultation. Now closed, we did not get much feedback since October

3. Report from Face to Face meeting, Washington DC

Report from Colin

2. Privacy Enhanced WebSSO

Report from Rainer

3. Reach out letter update

A.O.B.

 Initial report from Colin: Terrific workshop, probably the best of that style Colin has ever attended. "Stunning".

Ken: Good event, excellent discussion - interesting to see how many people were

20-25 participants
Approved identity providers: experion, symantec
Some prospective: lexis/nexis, dayon, equifax
"2.5" assessors in the room.
GSA
Ken and Tim from Canada
Colin from NZ
CA present, ISOC, Ingo from DT
Interesting mix of people
Non-government relying parties were missing
Focus group discussions with the RPs would be good. The identity proofers, who already have all the customers, are the ideal parties to invite their customers to come and join the discussion.
The first day was dedicated to trying to find equivalency between the almost identitical 863-1 and ISO 29115 X1254. Gap analysis and discussion.

863 is a set of US gov specs, instead of a set of requirements that need to be met.
Missing comparability to requirements.
863-* needs to look at the requirements of these documents, not the specifications which are outlined in this document.

Lexis/Nexis working on timelines for standards on how to identify. Guides customers how to identify, how to get increased assurance.

Anna is welcoming a closer engagement with Kantara, which is positive.

Canada is publishing a comparison document (through OASIS SSTC)
Ficam is working on a similar comparison document on how assess and approve the components rather than running the identity assurance framework as a single piece.

There was almost unanimous agreement on the need for a discussion form for the possibility of standardizing the interface between IDP and credential provider. So that when an IDP and credential provider want to cooperate, they don't have to come up with their own solutions every time. Ideally the interfaces can the assessed independently.

Reduce ardous integration projects. This may not necessarily be a technical API, but some kind of standardization is an absolute requirement.

The identity proofers don't want to give away any secrets on how proofing is performed.
Identity proofers (Experion) may not able to participate in a standardization call in order to protect trade secrets.

The last day began with a presentation from Canada on pseudonymous design. Comparison of approaches between Canada, NZ and USA and how they separate different pieces of the transaction, so that no one party has all of the identification keys.

Canadian gov (Andrew Hughes(sp?), Colin Suite(sp?), David Wosley) developed over the summer what they are calling the "decoupled binding approach"

  • How to separate the credential activities from the identity activities
  • doing credential activities first and then bind identity or vice versa
  • More detail in the meeting notes, with a slide deck.
  • Were able to generate a generalized model showing the relationships between the individual, RP, IDP and credential provider.

Model is consistent with Ficam thinking (Neil)

Trust framework/trust federation world is a new to concept to recent Kantara joiners.

Andrew sees next pieces of work:

  • extending the model and see how other trust frameworks map onto it
  • finding commonality between the frameworks

Andrew will summarise his presented work and distribute to the group or through the event report being coordinated by Joni.

In summary: Good presentation, well received, more details to follow.

Neal (sp?) from GSA has already asking about a date in February to meet again between governments and got through it.

Colin mentioned: FCIX Federal Cloud Identity Exchange
http://fcix.us/aboutus.html

The afternoon discussion also looked at individual deployments. Ficam was very interested in learning more and leveraging these experiences.

Meeting report is yet to be published but will appear.

4. Privacy Enhanced WebSSO

Report from Rainer

Work continues on non-traceability requirement / do not track provisions for WebSSO.

Rainer proposed the work item to collect requirements, existing or planned solutions.

So far Colin has uploaded some documents.

UK & NL contacted but pending responses.

Working title: "Privacy Enhanced WebSSO". Open to better title suggestions

Gap analysis of what is standardized and what isn't.

Rainer is interested in consumer approach (EUStic).

Is interested to hear how does NZ/Canada justify their tight controls.

Andrew: Move the linking records to an outide party, such as a broker, which offers persistant anonymous ids to all parties. the sp doesn't know the actual credential.

Andrew: Under 863 this model is not possible, because the credential provider must know the identity

Rainer to contact NL again.

Colin: Will we see the UK SAML profile for their identity hub? The one John Bradley was working on.

Rainer: Steven Dunn shared it with us in October at the RSA conference. You couldn't implement the architecture with pure SAML.

Colin to contact UK for the latest documents of the UK SAML profile for their identity hub.

5. Reach out letter update

At the last meeting we put a call out for additional people to go on the list.

If anybody has ideas of new prospective members for the WG, please send them to Rainer/Keith/Colin.

Once the new charter is published, Joni will email the prospective contacts. We have 25 or so. Target is 40 or more.

6. A.O.B.

Q: Proposed meeting in Feb to discuss US/Canada/NZ approaches
Not a Kantara event, no date has yet been set. RSA is last week of February
NSTIC IDisg has been confirmed for 5,6,7th Feb in Phoenix, AZ.
European ID Workshop (IIW) will be in Vienna 5,6th Feb 2013 or a week after. Will be announced in the next couple of days.

7. Next Call

Next call Monday 7th Jan 2013.