1. Administrative section
Date and Time
Date: 3. June 2013
Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 08:00 NZ(+1)
Role Call
Andrew Hughes
Colin Wallis
Keith Uber
Ken Dagg
Alan Foster
Sal D'agostino
2. Agenda
2.1. Request for volunteers to draft a clause on the SC27 WG5 Identity Federation clause in 24760-3
As posted to the list, we received a reach out from the editor of the paper for a clause on Identity Federation
6 or 7 confirmed volunteers for the work (FIWG and eGOV and AIM workgroups (aatributes in motion)
Work to start soon
No volunteers from this call
Colin to report back. Expects to have a draft in a month´s time - at least for the call next month there will be something to look at. Copyright and intellectual concerns may be an issue.
2.2. EIC report
Andrew and Colin were there.
Comments/Colin:
Kantara workshops were on the Monday, alongside OpenID foundation telling about OpenID connect and OASIS privacy session
Kantara had somewhere between 30-40 in the room at any one time. About 50 participants in total.
Main theme of federation and standardization.
Keynotes on tueday afternoon
Excellent keynote on security and privacy aspects of mobile apps - how to manage privacy. Lots of Kantara folk present.
FedICT - Belgium - Seperate logon service (psydomonus) and myEgov personal dashboard of relationship with governments
Quite advanced, based on PKI ecards for high levels of assurance - thought provoking
Colin to forward notes to the list (done).
Denmark presented - Thomas Gundell with 3 colleagues. Denmark is refreshing services as well.
German, Lithuainen and other EU governments well represented
Comments/Andrew:
Interesting presentation by (Privacy commissioner) Director General in the Polish Government
EU signature directive is being pushed fast to become a regulation
- requires that each member state accepts the digitally signed authentication from other states and must also
- must supply at least one provider of that from other states to the others
- To be used for all government/citizen transactions, and banking
- "not risk based" - everything in banking and government is to be classed as high-risk and require signature
- This breaks many rules around proportionality.
- The use of such a strong credential for "everyday use" creates an exposure
Should we present a "Considered comment" from Kantara?
The IAF Identity assurance framework of Kantara would not work in Europe as it stands.
The EU requirement presumably satisfied by a member state having a STORK IDP
Was raised at IIW by Leif Johansson, chair of Assurance Review Board
General discussion of changes in the EU directive
Draft regulation in the EU
Right to be forgotten
Implementation within a year
2.3. Terena.org TNC 2013 Maastricht
Discussed Terena conference underway. Keith listed relevant topics. Videos, slide decks and papers are now available:
https://tnc2013.terena.org/web/media/archive
2.4. Government of Canada’s Guideline on Identity Assurance
Ken Dagg presented Government of Canada paper , which he had earlier shared on the list. Sent 13.5.2013 title "Guideline on Identity AssuranceConsultation Draft Apr 25 2013.pdf"
Draft release of credential and identity assurance and standard supporting it
Guidance to departments how to set the four levels of assurance and achieve them Relying parties
9-12 months under work, mostly relying parties
Practical guide Draft for comment
Other Kantara Groups (FIWG has agreed to comment) are welcome to comment (38 pages)
--> Colin has read it - very good, useful. Valuable charts. Extending the principles into guidance.
Ken welcomes input and comments from other working group members.
Next Meeting
Date and Time
Date: 1. July 2013
Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 08:00 NZ(+1)
-------------------------------------------------------
To join the teleconference
-------------------------------------------------------
DIAL IN INFORMATION:
Skype: +99 051 000 000 481
Conference Id: 613-2898
US Dial-In: +1-805-309-2350
http://kantarainitiative.org/confluence/display/GI/Telco+Bridge+Info