IAWG Meeting Minutes - 2010-12-01
These minutes were approved on Dec 15, 2010.
Attendees:
Voting:
John Bradley
Bill Braithwaite
Dan Combs
Patrick Curry
Myisha Frazier-McElveen
Colin Soutar
Frank Villavicencio
David Wasley
Ben Wilson
Rich Trevorah
Non-Voting:
Kenneth Dagg
Rainer Hoerbe
Pete Palmer
Tom Smeddinghoff
Richard Wilsher
Apologies:
Rich Furr
Staff:
Joni Brennan
Anna Ticktin
MEETING MINUTES:
1. ADMINISTRATIVE:
Roll Call — Quorum: 7/12
- Reminder of Motion of Minutes Approval: 2010-11-17http://kantara.atlassian.net/wiki/display/idassurance/IAWG+Meeting+Minutes+-+2010-11-17
Motion to accept minutes as recorded: Bill Braithewaite
Seconded: Rich Trevorah, Frank Villavicencio.
Minutes approved as recorded without objection.
Action Item Review:
FOG doc update — Staff
- Documents are being finalized by staff and readied for the LC. Will submit in advance of their next telecon on December 8, 2010.
IAWG Roadmap Check-in
- ICAM Update- Joni needs to loop with the previously identified party of 3 [David Wasley, John Bradley and Ben Wilson. Currently, things are on hold as ICAM may change.
ICAM reviewing their requirements which will impact our activities on the ICAM Privacy Profile. There may be some outcomes from the Geneva Meeting in early December.
2. IAF---Rainer
- IAF is a subset of the complete trust framework. question is how to delineate?
- Suggestion: broaden the scope of the IAF with a Trust Federation Assurance Framework.
- As a follow-up on the meeting from the IAWG meeting from Oct 27, I compiled a list of "use cases" (baptized as constellations) and trust relationships that should help to discuss the scope of identity federations for the IAF (LoA, SAC and FOG) documents.
- Link: http://kantarainitiative.org/confluence/x/8oh7Ag
My preliminary conclusions (= suggestions for further discussion) are:
- a) Make trust relationships the deciding factor for the scope definition. This has a number of benefits:
- It is easier to fit the scope of IAF documents with the possibilities of legal contracts, which require to define rights an duties per party
- The framework can be extended to satisfy the complete set of trust requirements by all parties
- Documents audience can be defined per party (role), better defining who needs to read what.
Intuitively, the IAF documents are already structured like this to a great extent, but an explicit analysis should make it possible to make that complete. - b) Select the subset of trust relationships that is as congruent as possible with the current set of requirements.
- c) Align the current documents with the set selected in b), and produce a minor revision.
- d) Extend the scope of the IAF to include all trust relation ships, possibly ending up with a complete "Trust Federation Assurance Framework"
- e) Put this work on the roadmap of the IAWG.
- f) Another consideration would be to refine the trust relationships and associated requirements to a formalized model that would allow automated policy negotiation for the inter-federation use case. (-> FIWG?)
- Champion -Rainer, Kenneth Dagg, Patrick Curry
- Step 1: Draft the "Architecture of the trust framework" document---start in January and develop over a 6-8weeks timeframe.
- Step 2. Assess the impact on other existing IAF documents
- Additionally a Relying Party Guideline document should be added to the IAWG roadmap
3. SAC Guideline Doc
- The SACs is a policy doc. [criteria]
The "guidelines" would be guidance doc. (containing guidance update, FAQs)
- The work group proposes a change from word format to "structured [database or xml] format", version controlled snapshot would be captured along the way
2 separate documents: SACs and a guidance doc
- Richard Wilsher:
Consult 2 Comply + Zygma working to get the SAC into their compliance mapper.
With this, it can link to other legislation and standards.
Kantara has rights to edit and augment this tool.
It could generate a subset or exatraction of criteria necessary to your LOA.
4. AOB
- None.