AIMWG telecon Notes 2012-12-11

Date and Time

Date: Tuesday, 11 December, 2012
Time: 13:00 PT | 16:00 ET | 21:00 UTC
Dial-in: United States Toll +1 (805) 309-2350
- Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference code: 613-2898

Agenda

Administration:
1. Roll Call
2. Agenda Confirmation
3. Call times - results of doodle poll: 7:30 PT / 10:30 ET / 15:30 UTC every second Wednesday starting 9 January 2013
4. Call for nominations
  1. Chair - 1 nomination = Allan Foster
  2. Vice-Chair - 1 nomination = Sal D'Agostino
Discussion / Action Item Review
1. Attribute ecosystem - see Reference Docs on the bottom of the Scalable Privacy wiki page @ Internet2
AOB
Adjourn

Attendees

Steve Olshansky
Allan Foster

Quorum is 6 of 11 as of 20 November 2012

Non-Voting

Ken Dagg
Ken Klingenstein
Sal D'Agostino
Keith Hazelton

Staff

Heather Flanagan (scribe)

Apologies

Minutes

Previous call not at quorum; no minutes to approve

Administration

Call times
- Calls will be bi-weekly; may change as further input is received from the group and a doodle poll created; for immediate purposes, we will have our next call in 2 weeks at this time
Nominations
- will send out an e-vote immediately after this call

Action Items

Action	Assigned To	Status	Description	Comments
20121127-01	Heather Flanagan	Complete	Send out a call for nominations to mailing list
20121127-02	Heather Flanagan	Complete	Doodle poll for call times
20121127-03	Heather Flanagan	In Progress	Get the starter documents from Andre Boysen	following up with Kirk Fergusson
20121127-04	Ken Klingenstein		Put together initial draft diagram(s) for attribute lifecycle to discuss with this group to determine viability (or not)
20121127-05	Ken Klingenstein/Heather Flanagan (I2 hat)		Put together a rough definition of terms in the attribute ecosystem big picture diagram
20121127-06	Allan Foster		Review AMDG Recommendations and verify if/how they tie in to the AIMWG work

New Action Items

Action	Assigned To	Status	Description	Comments
20121211-01	Group		Review Attribute Design draft	Determine on next call if this is something group wants to discuss further

Discussion

Attribute ecosystem - see Reference Docs on the bottom of the Scalable Privacy wiki page @ Internet2

Beginning with the attribute ecosystem slides, and from there we can go a bit in to the discussion topics.

will be able to easily show 2 kinds of flow (and eventually more) : flows of attributes as distinct from flows in trust about the attributes; the slide deck will continue to evolve as we explore different aspects of the environment

pay particular attention to slides 2 & 3 (high level elements and first stab at definitions) - is anything missing from this list of elements, and can we wordsmith the individual framing of terms?
- KD: would like to introduce a difference between User (individual asserting attrib about a Subject) and a Subject (to whom attributes relate); in situations of powers of attorney where people are acting on behalf of others, it becomes very confusing to try and determine who we are talking about if we just have "User"
- KK: not every user will need a Subject defined, so would need to go to the attribute ecosystem and have a bunch of users in the overall big picture, and then a few users with a subject associated with them; does Guardian also capture this idea?
  - KD: only case where that might not be true is in Law Enforcement, where a Law Enforcement official may be dealing with a Subject who is not a Guardian
  - SteveO: is the concern that if we use a term like "Agent" that would devolve in to too many rat holes?
next thing to happen in this space will be for Ken K. to create flows in this ecosystem; we know that attributes are flowing in this ecosystem, and so is trust; there are also consent flows which may (or may not) be the same as trust; in both cases (trust and consent), data and metadata are both flowing along similar paths
- note the last slide, "Decomposing Google" as a way to describe how one player may have so many roles
- we should train ourselves not to just say "Google" when we're talking about this stuff, but talk about the specific role that Google would otherwise be playing in the discussion
- where a company's business model depends on them filling multiple roles, it could show some interesting ways a business is encouraged to encroach on boundaries they otherwise shouldn't
Discussion Topics
- there is an attribute design doc for how you would create attributes for a multi-vertical federation and which will likely be published through the Independent Submissions stream of the RFC Series
- are there two rough categories, creation and revocation? then there is the transport of an attribute from where it is minted to elsewhere; primary motivator for Ken K is the minting of anonymous credentials a la ABC4Trust model; mechanisms are needed to move attributes around - there are some protocols (SAML, JSON) which starts this work, but more is needed
- Is this the direction the group wants to move their discussion? yes, definitely
- Note that the perspective seems to be that of an IdP; would like to also look at this from the client/end-user perspective; in some cases, attributes are asserted by clients, and then the service provider has to verify those attributes against an authoritative source; then there is the question of how they can store it for reuse later; the whole idea of looking at it from a client-centric point of view
  - good idea to come up with 3-4 different ways to partition this space from different perspectives; what kind of categorization would make sense?
  - All the same elements will be there, it's just how one looks at them
  - what do we say about downstream/secondary use of attributes? in classic IdP space, we stop at release of info to initial RP and rely on a Code of Conduct to prevent anything further, but we don't do anything that looks like DRM of attributes; in the attribute ecosystem diagram, how do we want to deal with downstream use?
    - this is where the UMA mindset and their concepts come in
    - when we are talking about intermediaries caching attributes, don't we run in to issues akin to a revocation list? if you are relying on a cached attribute, how do you know it is still valid?
    - this is a big topic, from an attribute broker perspective too; the consumer can trust the data but doesn't necessarily know (or want to know) where it came from - there are some things here that start coming in esp. when start talking federal government and one department not wanting to know what another department is doing
- if we were to say "LoA of attributes" what are the many things that would depend on? it's not just the assignment of value, it's other actions that could/would happen in the chain of custody for that attribute (i.e. how faithful was the transport mechanism, if this went through an account-linking service, for instance?)
- what would Kim's Law of Identity look like if applied to Kim's Law of Attributes? minimal disclosure for constrained use could be an interesting double-bind
  - UMA world: their "binding obligations" work might be applicable in this space

We will have this WG focus on a number of issues today, particularly any overlap or gaps, which hopefully will be a short term activity that will then define longer term activities which may or may not happen in this group (i.e. if they are standards-forming)
- this will also likely feed the IAWG and how they should incorporate attribute considerations in to the IAF

Any Other Business... Adjourn

14:03 PT

Next Meeting

Date: Wednesday, 9 January 2013
Time: 07:30 PT | 10:30 ET | 15:30 UTC (Time Chart)
Dial-in: United States Toll +1 (805) 309-2350
- Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference code: 613-2898