AIMWG CHARTER REVIEW SUGGESTIONS
- Review AMDG recommendations and determine if work plan for each is needed OR if they have been overcome by events.
- Include WG 'accepted' items not captured in to AIMWG charter.
- Update charter to add language indicating that new work items may be proposed as research develops.
...
| AMDG Recommendation | Addressed in AIMWG Charter | Action (if any) | Team Lead | Status | |
|---|---|---|---|---|---|
| 1 | Create a Kantara Discussion Group (or subgroup of a Working Group) to describe what contexts of information use might be and how they might be used, characterizing them and registering/exposing them. | Yes, WG created | Determine set of sub-team interested parties and champion | NEEDED | |
| 1.1 | VALUE: Identify stakeholders that would find value in this item >> | ||||
| 2 | Creation of a Kantara Attribute Management Working Group or continuation of the existing Discussion Group (but rechartered) to work across industry organizations and sectors. Work to establish a means of expressing relying party needs with respect to a level of confidence in an identity attribute, or a set of identity attributes. |
Unsure |
Is this part of attribute handling or broker listed target deliverables? ^^KD: I believe that this is closely related to the IAWG activity with respect to RPs. This being said, I would suggest that the scope of the WG be amended to include something along the lines of, "the core attributes needed to establish uniqueness." I believe that NZ and the UK have done this.^^ < <CW: NZ bases uniqueness off the Passport attributes of Name, DoB, PoB, Gender. But I don't that's what's meant here. The LoC in an identity attribute comes back to its source, or a mix of sources..is it authoritative, derived from authoritative, self asserted, 'discovered' in a social sesne... all these terms need to be agreed before we can discuss much further>> <<CW: I took this to mean an LoC for attributes equivalent to LoC for identity and LoA for authentication (not common community agreeement about this approach BTW: Ask Peter Alterman!). But using NZ EOI 5 objectives applied to the 4 confidence levels for identity establishment it would be easy enough to stand up a straw man.>> |
NEEDED | |
| 2.1 | VALUE: Identify stakeholders that would find value in this item >> ^^KD: While RPs are accountable for defining the attributes they require to establish uniqueness amongst their client base, this list would provide RPs with guidance concerning the attributes they could use to establish uniqueness amongst a population.^^ | ||||
| 3 | Creation of a Kantara Attribute Management Working Group or continuation of the existing Discussion Group (but rechartered) to conduct an environmental survey of groups and activities in the attribute management space (there are dozens at least) and create a cohesive index and description of where they fit in the attribute management space, where they are orthogonal or overlapping (this should be a prerequisite to the attribute LoA/LoC work mentioned below under 'Trust Frameworks') | Partial | Group created but no evidence of survey planning. ^^KD: I would suggest that at a minimum this should be a standing agenda item for each meeting and that the WG page contain a sub-page that contains links to the work being done by other groups.^^ <<CW: Agree>>. | NEEDED | |
| 3.1 | VALUE: Identify stakeholders that would find value in this item >> | ||||
| 4 | Establish formal liaison with the OIX Attribute Exchange Working Group and the OASIS Trust elevation Technical Committee so that the various efforts are harmonised, synergistic and do not overlap. | Yes but needs follow up | Identify AIMWG member to champion message to reach to OIX and OASIS. Ideally cross org person. Note the Board of Trustees is seeking a similar effort. <<CW: also a standing agenda item please>>. | NEEDED | |
| 4.1 | VALUE: Identify stakeholders that would find value in this item >> | ||||
| 5 | Create a Kantara Working Group or co-create/collaborate in the creation of a group elsewhere (IDCommons, ISOC, OIX - wherever most support can be garnered) to define the components that constitute a 'LoC' for attributes and to confirm the need to differentiate this context from the context of identity proofing and credential strength that is applied to 'LoA' of identity. The output of this work should be submitted to an SDO for onward standardization, to avoid any future confusion or misunderstanding. | Partial | There are AIMWG members from various peer organizations however do not believe clear outcome goals have been identified for collaborative or coordinated efforts. Suggest develop shared goals document or something similar. | NEEDED | |
| 5.1 | VALUE: Identify stakeholders that would find value in this item >> | ||||
| 6 | Monitor developments in ISOC's 'Internet Attribute Infrastructure' initiative, the Business Cases for Trusted Federations (BCTF) DG, and look for opportunities to develop specific work streams within Kantara. (One potential area is to create a Kantara Working Group to establish an LoC/LoA program and associated criteria for attributes. Kantara has experience in providing and vetting an LoA framework for identity with the Identity assurance Working Group and the Assurance Review Board; can that be expanded in to providing LoC/LoA for attributes?) | Unsure | Is this being covered via the work group attendees? Is a new work group for LoA needed or might Trust Framework Meta-Model (TFMM) WG have some alignment here if they re-chartered slightly? <<CW: We have Leif Johannson's IETF RFC for the attributes registry as a reference now>>. | NEEDED | |
| 6.1 | VALUE: Identify stakeholders that would find value in this item >> | ||||
| 7 | Kantara establish multiple liaisons with the ISOC 'Internet Attribute Infrastructure' initiative back to the AM DG (or a sub group of the proposed AM WG Group) and the BCTF DG, and monitor progress for specific work streams to be developed within Kantara. | Unsure | is this redundant to previous recommendations? Identify if this is redundant or unique and reach to desired liaising group to develop shared goals and desired outcomes. <<CW: More an extension of the above. If the IETF work goes ahead, establish a liaison with it>.. | NEEDED | |
| 7.1 | VALUE: Identify stakeholders that would find value in this item >> | ||||
| 8 | Creation of a Kantara Attribute Management Working Group or continuation of the existing Discussion Group (but rechartered) to make recommendations concerning catalogs of vertical specific attribute sets (i.e. extensions), lists of authoritative sources for attribute sets, protection and sharing of attributes (including privacy), and the metadata used to describe attributes. | Yes | Covered in Charter however it needs action toward the defined deliverables again. | NEEDED | |
| 8.1 | VALUE: Identify stakeholders that would find value in this item >> | ||||
DELIVERABLES CAPTURED IN AIMWG CHARTER
Proposed document title | Proposed Completion Date | Description |
Attribute Handling Best Practices | Heather Flanagan (wearing a purely volunteer hat) | ^^KD: This document describes the best practices to be followed by either Attribute providers, Attribute Verifiers, or Relying Parties with respect to the creation, collection, retention, accuracy, use, disclosure or disposition of attributes or assertions about attributes. It includes best practices associated with areas such as the following: information security, privacy (including privacy breaches), technical infrastructure, personnel, operational procedures, and information systems management. It also includes best practices concerning the core attributes needed to establish uniqueness.^^ <<CW: Agree>>. |
Determining and Using Contexts - Recommendation | TBD pending resource commitment | |
Attribute Broker Best Practices | TBD pending resource commitment |
...