...
...
Date and Time
Date: 3 7. August December 2015
Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)
Roll Call
...
- Rainer Hörbe
- Keith Uber (Note taker)
- Thomas GrundelGundel
- Judy CarterKeatorAngela
- Rey
ApologiesKen DaggKen Dagg - Colin Wallis
1. Administration
Quorum of 3 achieved. June 2015 minutes moved by Rainer, seconded by Thomas.
Rainer has other obligations in Sept, Oct and Nov and cannot make the calls. Colin and Keith to open and run the calls.
2. Code of Conduct for Relying Parties
By request by the IAWG, we have been looking at the identity assurance, which has until now been focused on the IDP, to incorporate also the SP requirements.
Colin is the intial editor and welcomes contributions and help.
Colin has been busy compiling information from GEANT2 FOPS Federation Operation and Procedures, REFEDS and NZ Service Integration Guide, etc.
New additions are the Treasury Board Secretariat of the Government of Canada's two documents contributed:
1) CATS Cyber Auth Technical Specification (Available on outside contributions on wiki)
2) Adding and removing credential service providers under the Credential Broker Service
The Canadian Integration Guide may contain important references and each should be examined if a copy can be sighted
David Simonson at WAYF has provided the template contract for SPs. Some new aspects have come in from this.
Mikael Linden sent link to the GEANT data protection code of conduct background report. We had already located the template document.
The background is that the “Article 29 working party “ (a working group from the European data protection agencies working together) gave their blessing to the document .
But the “Article 29 working party“ would like more specific guidance and practical value for RPs.
Thomas added documents from the Danish federation, which contains specific technical requirements.
The common argument for the lack of rules, is that this aspect has been covered by the data protection legislation in the applicable jurisdiction.
AP: Request the response by the Article 29 working party to the GEANT Data protection code of conduct.
Progress is being made. Please follow and contribute to discussion on mailing list and updates on wiki.
3. Proposals for speaking places at RSA 2016 Spring Conference
Keith proposed: A set of state of the art on the eGov around the globe based on "Life Events"
Colin: We might need bigger players (Canada, UK, EU)
Finland: Process for permission to marry - completely online process from spouse to spouse to check for right to marry through population registry. Possible to do by federated login via bank, ID card or mobile PKI from home.
NZ "having a baby" process - citizen "touches" the government/non-gov agencies up to 28 times in order to have a baby. Of the 28 processes, 20 have some form of repetition, some material that has already been given to another party in the flow. There is a project underway called BABII, that aims to replace that process with a combination of APIs at the front end and department cooperation at the backend.
Aim for three events - before, late stage, and after birth.
Denmark's Portal:
If you want, as a foreigner, move to Denmark and start working, there is a common portal to coordinate various agencies to make the move step-by-step.
Goal: breaking down government silos and take a citizen oriented view.
AP: Keith - to write this up and send to Joni.
4. Conference Reports:
June, Cloud Security Alliance APAC Conference in Bangkok.
Highlights: CSA moving from standards, guidance and certification to additionally investing in product development. CSA is developing these products with the goal to have a revenue stream.Examples are:
MAST - Mobile Assurance Security and Testing - testing the security features of a handset (Taiwan)
STRATUS - provides users the ability to see who has accessed their material between different cloud providers and within an application. A powerful audit trail. (New Zealand)
Rainer: TERENA conference in Porto in mid June.
EWTI - is coming up in December
Other
Block chain discussion.
Rainer is developing an open source rights management system for entity operators to send their metadata to federation operators. Anonymity is not required, only verifiability.
PEER Working group meeting last week, updates are coming every week.
PEER will be usable, PEER is for any kind of entity
Rainer volunteers to do UI design.
Rainer has been working with Roland Hedberg (GEANT FedLab). Funding require 3 man years. Looking for funding.
InCommon is interested to cooperate. Joint effort between REFEDS, GEANT2, Internet2.
Instead of doing SAML2.1, better to do better conformance profile. A new conformance document will be created, something like “scalable interoperability profile”
After which a formal test description.
Quorote call. No meeting minutes ready for review. Two previous calls non-quorate.
Planned Agenda for the call
1. Roll call, approve previous meeting minutes
2. Update: Code of Conduct for RPs/APs
3. Update: Combined InCommon/REFEDS/SAML2 Int/eGov profile for SAML 2.0
4. Country and recent conference reports - EWTI
5. 'I don't Agree' campaign and Project MAPPING
6. Election of officers for 2016
7. Upcoming events
2. Update: Code of Conduct for RPs/APs
Colin: Some progress, waiting on Canada: DIACC (Digitial Identifcation and Authentication Council of Canada) is creating a trust framework model. The focus of DIACC on Identifcation rather than Identity as SPs/RPs need to identify a subject.
Hoping to include relevant parts of this in the code of conduct.
Still looking for other repositories and sources of information (in addition to existing RealMe, WAYF, Incommon, Treasury Board of Canada, REFEDS etc)
Proposing to start to draw the work to a close and hope to get input.
3. SAML2 Federation Profile for Interoperability
Rainer: An effort to make an updated interoperability profile and conformance profile for SAML.
The primary motivation for is to get this out to reduce interoperability problems in large deployments.
The plan is to hand this over to Kantara FIWG and be published as a generic interoperability profile.
It has been carefully built to make non-specific, no references to EDU, generic etc
The plan is to request Microsoft to update ADFS to make it compatible. Cross vendor support for this profile is an important aim.
Especially metadata interoperability has been a focus.
Can be seen as a successor to the Kantara interoperability profile for eGov. A lot of our Kantara eGov requirements found their way in to the eIDAS specification.
Rainer will produce a diff of the Kantara eGov compared this new one.
Rainer requests implementer engineers to join the FIWG and/or review the document.
Not to have separate R&D and eGov profiles, but to have one common.
For testing against this profile, there is a parallel project, Roland Hedberg and Rainer Hörbe have been contracted to work on automated test harnesses, integrating SAML2 and OIDC tests.
Will include a test workspace specifically for this profile.
The idea is to move the SAML specification from the PDF document to code.
Not normative but the defacto compliance.
REFEDS is sponsoring the operation of the test suite and basic level support.
Test scenarios will be a workflow.
Federation operator can ask an SP during the on-boarding process to first run the test and submit successful results to federation operator before joining.
Concerns were raised concerning how the new SAML2 Federation Profile for Interoperability will affect existing systems such as the Canadian Concierge and the US Connect.gov and if it was significantly different how it might affect adoption. Judy Keator volunteered to get some of the SecureKey people to look at it (SecureKey is the implementor of the US and Canadian solutions).
For example, it definitely requires trust management for metadata. PKI as a trust management scheme is not supported.
It was note that thus is not a deployment profile. It is interoperability profile.
An implementation profile does not inhibit you have extensions etc
The timeline for completion is the end of April 2016.
4. EWTI Conference
Great success, 95 registrations for the unconference.
Slightly changed format, with dedicated note takers taking 120-130 pages of notes. Which will be on the EWTI t few weeks.
Interesting topics for eGov: eIDAS overview of legal aspects, privacy by design, pseudonymity, anonymity
AP: Rainer to send short overview to the mailing list
Next year: Community building effort to work on next year. Welcome!
REFEDS 50-65 people attended REFEDS/eduGain meetings colocated with EWTI
No Kantara meeting there this year, hopefully next year.
5a. I Don't Agree
"I don't agree" is to provide a way to register and receive information about personal data rights under existing
For citizens to exercise their rights
Providing a way for people to ask if they have any data about themselves
Providing a way for people to ask about a data usage report themselves.
5b. Project MAPPING
Patrick Curry could be invited to give a short talk on this / Human rights and privacy
- AP: Colin to invite Patrick to the next call
6. Officer Elections
Nominations for Chair, Co-chair and Secretary are invited for the year ahead. The election and ballot will proceed as per the standard Kantara process.
Rainer is prepared to continue as Chair and Keith as secretary if elected. Invitations for nominations for the position of co-chair or vice chair are invited.
7. Leadership Council Matters
LC approved the following funding requests to go to the Board of Trustees.
- CIS - I don't agree / Privacy Day 2016 Jan 28th
- IAWG - Make normative the descriptions of the service assessment criteria
- Health Information Workgroup - Co-sponser a breakfast at the annual conference (May?)
Two more funding requests (to be handled on the next LC call)
- UMA
- UMA-Dev
Please read the press release on CCICADA https://kantarainitiative.org/kantara-ccicada/
8. Upcoming Events
Jan 28 2016 Privacy Day
Date and Time
Date: 7 4. September 2015January 2016
Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)
...