Draft 2014-10-06 eGov Meeting Minutes

1. Administration

5 participants - quorate

August minutes - Denny moved, Colin seconded

2. Event Report: ISOC Interfederation and Attributes Harmonization Workshop, Utrecht, The Netherlands

Report by Colin

Kantara joint IDoT, UMA, Consent and Information Sharing Workshop, Utrecht.

https://tid.isoc.org/confluence/display/interfedgen/
10th Plenary US IDESG.

Meeting was run by Internet Society.
Split into 3 parts - interfederation, attributes
Kantara workshop - bringing together IoT, UMA, Consent and Information Sharing Groups, all which use attributes heavily
Each group presented to try to find a common ground.
Colin has a trip report, which he is happy to share with the list. See that for summary of discussion and relevant links.

Waiting on Joni to give a report on the workshop itself.
A wiki has been set up by ISOC, with extensive series of notes. See link above

Workshop was invitation only - government and academia. About 50 people took part.

Common question: Why is it that governments ignore academic federations, don’t connect with them, don’t promote them?

The basic conclusions because government was doing more transactions, they need/want higher level of assurances than what the academic federations can offer.

Colin: Why is this?
Denny: Universities refuse to use standard LoAs, instead use “Gold, Silver and Bronze authentication packages”

Issue of standard mismatch - Silver equates to about 2.5, and Bronze to 1.5
Not following the standard NIST 863 levels.

Theme: “Victims of trust”

LoAs and the different way of interpreting.
Colin will try and find the open mailing list and circulate the discussion on “Victims of trust” (author Justin)

Ken: IAWG has been discussing cross certification of various federations.
Following the discussions and will report.

Attributes:
Number of different presentations
Ken Klingenstein summarized the landscape well.
Attributes in Motion WG material has been used in OIX attribute exchange working group
One NSTIC pilot was on attribute exchange.
Discussed semantics, formats of attributes, Consent/Information sharing
It was left open as to what was best approach
From previous meetings, Leif Johansson had created a global IANA attribute registry for recording URNs for LOAs

UMA:
Several presentations
4 UMA use case examples shown
These included CloudIdentity (UK), Health related patient record use case and Dutch company that had used UMA for access to student work

IoTs:

DT did a presentation
Mark Lazar from InfoSharing WG

Kantara is now trying to get the group streamlined and arranged to help. Kantara mgmt saw that by having three groups together

3. Your eGov identity topics are welcome

Denmark:

Thomas is assisting Danish Government with the eIDAS regulation - now that the laws have been passed.
Acts on LoAs are being
Attribute sets for Natural persons and Legals persons
Act for interoperability
Early stages now

Colin: Operationalizing the eIDAS - Hans Graux presented earlier to the group.

NZ:

Looking for best practice exemplars for public service employee federated IAM, leveraging existing agency IAM infrastructure 

NZ has examined the Dutch implementation.

Discussion on government budgets and implemention costs, ROI calculations and project justification.

NZ has 23000 verified identities done to date (verified identity and verified address).

NZ Banks are lining up to connect to the Identity Verification services.

NZ is doing more development on access control and delegation.
Looking for best practice, exemplars, delegation
For a company that has been created, in the company register - director defined.
NZ has a system for doing that.

Ken: Industry Canada - Register of Incorporated Businesses

Thomas: Same concepts available in Denmark

Keith: Finnish KATSO system is equivalent, cross organizational delegation. Well documented, presented at EIC.

EU might be looking at eIDAS for cross border use cases.

4. Kantara: Reorganization or affiliations between Kantara work groups

Comments welcome on: specific groups to converge, groups to "affiliate" under themes, both convergence and themes "affiliation"

Two affiliations have been identified:
1) Connected Life
2) Trusted services

Strawman available for comment. 
- https://kantarainitiative.org/confluence/x/RQAxB The page is very much a DRAFT.  

eGov would be closer to Identity Assurance WG / Health Identity Assurance
Risk of a group doing tasks which take away from what another group is doing.

There is now time to think about the proposal.

Going forward, the eGov group would be taksed with giving a global view on the Service Assessment criteria.

Cross fertilization of ideas, to make sure all of the groups are contributing to the same goals.

Eg. eGov could be an agenda item on IAWG calls (e.g. every second week)

Board of Trustees is also looking at possible changes to By Laws and operating procedures.
You can lead a group, but not be a member of Kantara.
It is possible to be on the LC but not be a member.