Versions Compared

Old Version 2

changes.mady.by.user Colin Wallis

Saved on

compared with

New Version Current

changes.mady.by.user Colin Wallis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

*Non quorate? check new joining member status's*

Kantara eGov Working Group Teleconference

Date and Time

  • Date: 11 July 2011
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ (12th July)

Attendees

Voting:

Scott Cantor, Internet2

Colin Wallis, NZ Govt

Thomas Grundel, IT Crew, Denmark

John Bradley

Rainer Hoerbe, Kismed Health GmbH

LaChelle LeVan, Probaris Inc

Non-Voting:

Daniel Bennett, SAFE Bio-Pharma

Mickey Tevelow, N8 Security

Staff: 

Anna Ticktin

Apologies

Bob Sunday, Gov of Canada

Meeting

...

Notes

1) Roll call for Quorum determination

...

Not quorate by one

2) eGov Membership Status. New member intros (CW)

Aiden Naughton (VOSA), Neil McEvoy (Cloud Best Practices Network), Jacek Malyzka (Poznan University of Economics)

...

United ID,  SAFE-Biopharma, Comfact AB (soon)

3) Review and

...

approve

...

June meeting draft minutes

...

(attendees)

http://kantarainitiative.org/confluence/display/eGov/eGov+Meeting+Draft+Minutes+2011-

...

06-

...

06|confluence/display/eGov/eGov+Meeting+Draft+Minutes+2011-

...

06-

...

06|

...

\

Moved: John, Seconded Bob.

4) Review of issues raised in recent minutes and the Berlin F2F:

Berlin F2F slides including eGov here: http://kantarainitiative.org/confluence/download/attachments/3408008/20110518+KI+F2F+closing+combination+slides.pdf|confluence/download/attachments/3408008/20110518+KI+F2F+closing+combination+slides.pdf||\

European eID submission (Rainer & Patrick) - Rainer confirmed the final submission had been sent off in the name of the KI eGov WG,

SAML 2.0 test round results (and implications for eGov profile v2.0),  KI SAML 2.0 conformance gap analysis against Fed Canada's IdP test case and deployment profile (Bob) - discussed in (5) below

5) Work Item 1: Agree next steps: Input into the Conformance test plan (Bob/Keith/Mikael others) AND potential input into a range of deployment/service test plans

Fed Canada's Deployment Profile and IdP Test Cases were reviewed.  See them here:

http://kantarainitiative.org/confluence/download/attachments/45059378/IDP+Test+Cases.pdf

http://kantarainitiative.org/confluence/download/attachments/45059378/CA+-+CATS+IAS+V2.0_Deployment+Profile_Final+r7.2_en.pdf

Bob briefly repeated the context: that the conformance testing, while a step in the right direction, did not adequately test specifics of the deployment such that the online service owner can attest it can meet the criteria laid out in the profile. While some were CA-specific, the majority of test cases were common. John said FICAM was similar in approach.  Fed CA felt the need for a s/w lab to pre-configure IdP and RP environments. Rainer said AT needed this also. Keith said FI uses Test Shibb for this.  John said the IRB is considering both the business model (who pays) its test options. Action 2011-06-06-01: John to maintain liaison with the IRB re this.

...

Quorum not met. June draft Minutes will be circulated to the list for electronic vote.

4) Work Item 1: Update regarding Conformance test plan planning options (IRB..JB?)

IRB continuing to evaluates complementary options from Fraunhofer and Fedlab.

5) Work Item 2: Discuss next steps. Start SLO use case/requirements for input into eGov Deployment model and cookbook (Fulup and Rainer)

...

No recent work done post Berlin, but considered to be closed, based on Berlin meeting notes. Action 2011-

...

07-

...

11-

...

01:

...

Colin to check with TelcoID WG.

6)Work Item 3: Collection of requirements for Attributes WG (was Start up the Attribute Development Sub Committee of the eGov WG

...

)

Colin had begun an email thread that Bob had expended. There was  a request to re-circulate this thread to ensure sufficient input beore forwarding to the Attributes WG (when it's chartered). Action 2011-

...

07-

...

11-

...

02: Colin to

...

re-cirulate the Attributes thread.  

7) Work Item 4: The Open Source Support Initiative WG. 

...

This was briefly introduced and how it differs from OSIS clarified.

...

Rainer has produced an interesting summary of SAML products on Wikipedia (and now on the KI website as well). This has been sent to the OSS WG. Thanks Rainer!

8) LC and BoT updates (Incl. Assurance Review Board, Interop Review Board, IOP WG) (CW/JB)

No significant matters to report.

...

JB briefly updated eGov on LC activities, mostly centred around re-allocating unspent budget to WGs that are short of funds to deliver urgent work.

9) Liaisons: OASIS eGov Member Section, KI's ISO and ITU-T's Liaisons

No significant matters to report (though there is a separate email thread calling for presentations on work that could be shown to OASIS in their October event for future standardisation.

11) Events:

Not discussed.

12) AOB: Dates for next Call/meeting: the first Mondays in July, Aug, Sept are all Holidays either in US or CA. Bob proposed to move them. Rainer offered the BC TF call time as calls have been suspended over the summer break. Action 2011--06-06-04: Colin to confirm revised dates.    

...

CW reminded the group to sign up to the BoT Liaison SC to view and comment on the ISO SC27 drafts to be discussed at the next SC27 meeting in Nairobi in October. comments close early Sept in most cases.

10) Events: A reminder given of Dervla's emails on KI's potential involvement in SCA, KI F2F at Mountain View etc.

11) AOB: Recent threads etc - 

Newer Crypto algorithms deployment advice thread:

DK's OIO SAML Profile recommends the following regarding the minimum required algorithms which must be supported by all Identity and Service Providers:

  • Encryption algorithm must be AES with at least 128 bit keys.
  • Signature algorithm must be SHA1withRSA or SHA256withRSA with minimum 1024 bit modulus.

Thus, it is allowed to use AES or RSA with longer keys than specified above. All DES-variants and MD5 hashing are forbidden. When using 1024 bit RSA modulus, federation participants should prepare to upgrade a longer modulus within 6-24 months.

The EU's EPSOS also recommends SHA 256. Some software implementations e.g. Open SSL actually disable ECC and default to RSA and DH. ECDH is known to be particularly hard to deploy. The US Gov Federal PKI site is a sueful starting point for updated info: http://www.idmanagement.gov/fpkipa/

Some of the vendors that were behind the original RFC for ECC are known to have patented their implementatons, making it risky for others to deploy likewise.

Some discussion of SHA-2 for a root CA and a PKIX chain.... 

Next Monthly Meeting: NOTE DATE CHANGE!

  • Date: Monday,

...

  • August 8th, 2011
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ (

...

  • 9th)
  • Dial-In: US: +1 201 793 9022, Skype: + 9900827044630912
  • Code:

NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.