Versions Compared

Old Version 1

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

Voting:

  • Jeff Stollman
  • Mark Lizar
  • Anna SColin WallisSlomovic
  • Trent Adams
  •  

Non-Voting:

  • Rainer Hoerbe
  • John BradlyBradley
  • Colin Wallis

Apologies:

  • GershwinGershon Janssen
  • Susan Landau
  •  

Staff:

  • Joni Brennan
  • Anna Ticktin

Meeting Notes:

1. Administrative:

Roll Call, No Q

2. Presentation on Risk Management in Trust Federations - Rainer

Presentation LINK - Byebye -Venn.pdf

3, Discuss TFMM (Trust framework Meta-Model) started in a San Francisco meeting a month ago

3 obejctivesobjectives of the TFMM from these meetings.

  • 1. Terminology
  • 2. Structure - Categorization - Ontology
  • 3. Mapping Tool with the meta model

4. Update from Joni - Creating an Ad-Hoc Sub-Committee - for WG Chairs to communication and put input into the TF components.

- Looking at developing a cross-organisational organizational group with members from ABA, OIX, etc..

- Contributing With an aim at contributing the meta model to ITU-T - Focus

5. ITAC Presentation Session

- Briefing - ITAC - Kantara is membershipmember so as a result was invited to provide a state of play

- ICAM as a use case - their is a international component to ICAM

- Anna S described a reticence for the ICAM use case to take a prominent role in a privacy presentation as ICAM is a unique type of RP that calls all the shots and doesnt really negotiate in a strucutred way.

Joni - Wanted to develop a status on the PF as a next component for Trust Frameworks - Then to get a longer presentation for the EIC and Catalyst conference.

Mark (recapping the points to be put into the presentation)

- P3 as an independant work group

- does a lot of privacy and public policy work Liasing inside and outside of Kantara - show examples

- as a part of this work we have spawned a sub group - Privacy Framework to Independantly provide privacy guidelines as input into guiding

- Criteria Privacy Certification in Trust Framework

  •  A discussion emerged on the scope of the PF - John bradley

John Flags: At some point the decision has to be made as to where the protections that Kantara cert will provide RP are exclusive only to the attributes provided to an identity provider or attribute provider or all of the attibutes that are stored at that relying party.  - An important scope description

Mark Clarifies - does this mean that RP are aggregating attributes beyond the federation scope and that this needs to be addressed?  (good point for a follow up conversation)

  • Discussion of the Scope of the PF - Is it just for Federated Identity ?  Does it set the stage for the use of profiles beyond Federated use of Identity? 

Does a PF include the Identifier, Attributes, and any other information credentials outside of a federation?

Joni: We need to create a Kantara Trust Framework that's global in scale.
Anna: We need to make sure we're not trying to define everything privacy for everyone.
John: Entities will use what Kantara creates, or not.  It's really just guidance, but we need to get it moving to see how it works. Canada has requirements right now.

Anna: - Asking Joni for clarification where the Scope line is?

Joni: There is a line there but how narrow the focus is needs to be decided by the PF-Group.  There is the intention to look at how profiles from a federated system can extend beyond the federation

John: The IAF has a very narrow scope of what federated is.  - Only privacy for an Identifier?  Identifier and the attributes?

Joni: suggest that we start with the lowest privacy baseline and then take a phased approach to increasing the baseline into something useful.

Anna - The PF needs to be a component of trust frameworks.

idea of privacy by design - tabled as these are specific terms

Action: Mark will do notes, point form the 5 slides and Joni will give the presentation slide deck another shot

Mark; Recap in terms of presentation?

  • - Working towards  Kantara Trust Framework
  • - Kantara has experience developing components of a trust framework 
    • IAF - FICAM Trust Framework Components
    • Kantara has identified more components that are missing and is moving to develop a framework and certification for this.
  •  Kantara is developing more trust framework components towards offering a full offering
    • Federated identity is in phase 1
    • ICAM at this moment has a very low privacy baseline that we are working to address first with the PF
  • Interoperability is something we would look at through profiles in phase 2
  • At this time there is a clear opportunity to lead privacy framework for IdM Trust Frameworks.