IAWG Meeting Minutes 2012-10-18
Minutes Approved by IAWG 2012-11-08
IAWG Meeting 18 October 2012
Date and Time
- Date: Thursday, 18 October 2012
- Time: 07:00 PT | 10:00 ET | 14:00 UTC (time chart)
- United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2012-10-04
- Discussion
- F2F Prep
- Pseudonymous approach
- Glossary
- Cross border certification
- Document Management
- F2F Prep
- AOB
- Adjourn
Attendees
- Andrew Hughes
- Myisha Frazier-McElveen
- Colin Soutar
- Bill Braithwaite
Quorum is 4 of 6 as of 17 September 2012.
Staff:
- Heather Flanagan (scribe)
Non-voting:
- Ken Dagg
- Nathan Faut
Apologies:
Minutes
- Bill Braithwaite moves to approve the minutes; Colin Soutar seconds - no discussion, minutes approved
Discussion
Face to Face planning
- Pseudonymous team report
- (Andrew) been putting together a doc describing the problem space and how to potentially resolve it; the credentials are the second step - the first step needs to remodel the interaction itself; the IAF and SAC mention the model without defining the model; so, discussion at F2F could focus on: what is the interaction model we expect to see
- (Colin) it does feel like we are coming to consensus in the team working on this that that approach is appropriate; that is also a good short term target for the F2F
- (Myisha) is this something we would have ready to discuss with the broader Kantara membership, or should it stay within the IAWG right now? what would we need to do to get to the point where we could share this more broadly? (Andrew) make sure the other members of the team are ok with the draft, and if they are, can put together a few slides
- (Ken) discussion makes sense; a couple of slides on the basic concepts to get agreement on just those, a if we get agreement on those, then the changes to the SAC and IAF flow naturally; since the 4 members of the team came at this from such different perspectives, the end result might be close to "right"
- (Colin) suggests 30 minutes presentation, 30 minutes discussion
- (Andrew) been putting together a doc describing the problem space and how to potentially resolve it; the credentials are the second step - the first step needs to remodel the interaction itself; the IAF and SAC mention the model without defining the model; so, discussion at F2F could focus on: what is the interaction model we expect to see
- Glossary
- (Myisha) is there something we would need to do prior to the F2F in order to have a fruitful discussion re: the glossary? How do we focus the discussion?
- (Andrew) isn't a question of what we need to achieve by when?
- (Myisha) we have been looking at the glossary from the perspective of the IAF, making sure terms are consistent; out of the meeting, we would want to achieve as much consensus as possible on as many of the definitions as we possibly could; we had talked about having a mini-task force to work at the F2F to move this forward
- (Andrew) isn't part of the discussion adjusting the definitions and sending out to the workgroups?
- we will need to look at the document approval process possibly as related to how we update the glossary - when we send something out for call for comments, someone should be tasked with reviewing the glossary and making sure items are updated based on the comments (not for F2F)
- (Myisha) is there something we would need to do prior to the F2F in order to have a fruitful discussion re: the glossary? How do we focus the discussion?
- Cross border certification (aka, "cross the pond certification" or "interjurisdictional certification")
- (Ken) there was some work being done out of the UK to align tScheme to the SAC; (Nathan) the UK gov't is funding tScheme to do a comparison between the upcoming trust framework criteria against 800-63-current version, and they will then make an assessment of the differences and determine how to ack US versus UK LoA
- (Andrew) what is Kantara's role in interjurisdictional certification? What happens when oversees requests come in? (Nathan) it depends on who applies; we have certified assessors oversees; (Andrew) as we get in to interfederation, it is great that Kantara is FICAM oriented, but that is limiting; (Nathan) Kantara wants to appeal to all comer's; the idea that the central framework would be one thing, and then for different governing bodies there would be different profiles appropriate to the jurisdiction;
- (Ken) how close is the tScheme to the SAC? Is it close enough to overlap profiles or do we have a much larger chunk of work ahead, one that will require heavier changes to the IAF in order to have that common central core
- (Andrew) are the trust frameworks actually compatible in how they envision the implementations? you have to have the basic interaction model in mind then describe them in the IAF and SAC - you can't change the SAC to change the model, you need to change the model to change the SAC
- (Myisha) what would we be able to accomplish out of this topic at the F2F? (Andrew) a discussion/consensus on what we envision the role of Kantara to be in inter-trust framework certification; do we have a role to play in leveling, equivalence, cross-certification? if we come to a common ground on that, the rest will follow; (Ken) rather than the role, the model Kantara will use would be a better way to look at this;
- (Myisha) is this ready to be talked about outside the IAWG?
- (Colin) do we think it is Kantara's intent to certify providers across jurisdiction, or to provide tools and models for different jurisdictions to recognize certifications that occurred in other jurisdictions? this impacts the privacy work as well as the IAF/SAC
Document Management
- Report from Heather on a potential ticket system: http://www.kantarainitiative.org/ticket/
- Things that would have to change:
- currently, name and email are required - if we want people to use this rather than have someone transcribe their requests, this goes against current policy (which we'd like to change anyway) - note that the email address is required so someone can check on the status of a ticket
- Need a wider variety of help topics
- Is "Open" and "Closed" sufficient status levels? I keep thinking of the IETF errata system as a model (http://www.rfc-editor.org/errata.php)
- Questions/comments from HF:
- how would this be better than a table on a wiki page?
- anything is better than a word doc or spreadsheet
- (Ken) would want a way for people to be able to see all tickets without seeing who submitted them; the help topics could be specific docs; problem with a wiki page is permission and knowledge
- (Myisha) could we take the week to look at that? Next week, group should come back with comments
- Things that would have to change:
AOB
Next call:
- Date: Thursday, 25 October 2012
- Time: 07:00 PT | 10:00 ET | 14:00 UTC (time chart)
- United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers