IAWG Bi-Weekly Meeting Minutes - 2010-01-20
Kantara Initiative Identity Assurance WG Teleconference
Notes ratified to Minutes on March 31, 2010 teleconference.
Attendees:
- Colin Wallis
- Shin Adachi
- Pete Palmer
- Ben Wilson
- Patrick Curry
- Bob Pinheiro
- Frank Villavicencio
- David Wasley
- Helen Hill
- Lena Kannappan
- Richard Trevorah
- Brett McDowell
- John Bradley
- Rich Furr
- Joni Brennan
Draft Agenda:
- Roll call
- Review of action items/follow ups from our last call - (all past minutes can be found here http://kantara.atlassian.net/wiki/display/idassurance/Meetings+and+Minutes)
- Review the input given on our published document from the document comment submission form and via list. David Wasley was kind enough to summarize them in the attached
- Discussion on graphical explanation of IAF accreditation and certification process (attached image courtesy of Paul Madsen) – should we formalize a diagram like this as part of our documentation?
- Wrap-up discussion on Legal Agreements for identity federation – Ben Wilson
- FORG status and next steps – Rich Furr
- Any other business
Agenda Modification:
As the call started the chair decided that the draft agenda had been over come by events and that time could be better spent to address ICAM feedback and Privacy Profile discussion that's growing over the list.
ICAM / TFET Discussion Feedback
-
- We will not be able to get the ICAM panel members to participate on this call. However we may be able to speak to various members of the TFET. TFET is making every effort to help us get closer to adoption. The TFET meeting today is a milestone in our progress.
- Discussion continued around the differences between: Informed consent vs opt in. In EU definition, according to Article 29 'Informed Consent' is defined and carries more weight than 'opt-in'.
- Agency Application is going to have to ask the user what service they'd like to use.
- Auto discovery protocol - could be a cookie but this is not strong because you may be at a new browser. It's the application's responsibility to ask the subject which CSP they want to use.
- Discussions continued around use cases that might not have been considered in the ICAM requirements (such as contractor / employer or student / university).
- At some point the Relying Party has to take responsibility for it's actions. It's much simpler if the application it self simply confirms with you which assertions it will ask for (like tax ID etc)
- At the moment WAYF is designed to perform discovery and after discovery the applications still interacts with the user.
- Brett clarified ARB's interpretation of the use of 'should' - allows opt-out and actually brings us beyond the ICAM requirement.
US Federal Gov Profile Feedback
-
- Question about how to acknowledge other work has been done in the space. 2 suggestions add to overview and/or add to references section.
- ACTION: David W will write up a set of discussion points regarding the US Federal Gov Privacy Profile and send over the list for IAWG review.
Adjourn