IAWG Meeting Minutes 2011-06-22
Attendees:
John Bradley
Kay Bross
Myisha Frazier-McElveen
Linda Goettler
NonVoting
Ken Dagg
Colin Soutar
Dan Combs
Bill Braithewaite
David Wasley
Helen Hill
Mark Lizar
Apologies:
Rich Furr
Richard Trevorah
Richard Wilsher
Rainer Hoerbe
Staff:
Joni Brennan
Anna Ticktin
MINUTES:
1. ADMINISTRATIVE:
- Roll Call---Quorum met
- Motion for minutes approval: 15 June 2011
- John moves to approve the minutes as captured. Linda seconds. With no discussion or objection, the minutes are approved.
Leadership Nominations
- Rich Furr has self-nominated to fill the position of Vice-Chairman.
- John Bradley moves to waive the secret ballot process and move forward to accept Rich Furr's lone nomination and elect him to Vice-Chairman of the IAWG.
- Linda Goettler seconds. With no objections or abstentions, the motion carries.
2. NSTIC DG / NOI
- A separate discussion group has been launched to deal with the NOI response and other NSTIC activities. Please look to the link below for further information or to join the effort:
- http://kantarainitiative.org/confluence/display/nstic/Home
3. Funding Report / Update — Joni
- The IEEE path has not panned out. We are pursuing an EU type NREN for interest along the lines of Terena, Fraunhofer, etc.
4. SCA Conference Workshop Themes
- "Smart Cards and More"
- "Strong Authentication for Large Populations: Smart Cards and More"
- John / David : there is synergy between a smart card having an identifier that can be strongly bound to a person. (SAML-based service that could provide information about that identifier.)
- "Smarter Card: Strong authentication and Rich identity"
- HIAWG could put forth its PIDS as a use case and partner it's efforts with IAWG
- ACTION ITEM 201110622-01 John will send some draft language to the list that summarizes the Smart Card Space to Kantara Trust Framework / higher levels of assurance relationship for collective feedback.
5. AOB
- Attribute Assurance : is this a track we want to undertake in Kantara? Where does this work belong? In IAWG or elsewhere?
David Wasley 3 axis:
- the strength of binding of an identifier to a physical person;
- the trustworthiness of information known about that person (attributes of identity);
- the degree of privacy or lack thereof represents by various uses of the above.
For example, I could have a very reliable identifier (an abstract identifier on a smart with a biometric pin) but if very little is known about me then an Attribute Provider could only provide low assurance information. In fact, the smartcard issuer might not even ask for personal information from me. However, I might want to enter into a service agreement with one or more Attribute Providers that would then investigate and validate various "claims" I would like to be able to make to Relying Parties. The third axis relates to how much information about me is actually given to a Relying Party. This issue is independent of the other 2 axes but obviously giving away bogus information associated with a poorly bound identifier could be less problematic than the other extreme.
Here's a graphic I made several years ago to illustrate the concept:
- Ken: Gov't of Canada has an interest in attribute assurance and validation(realtime and delayed)/verification around attributes.
Summary:
- There is clear interest, but a separate work group could make more sense since the stakeholders may be a different set than those dialing into IAWG.
- ACTION ITEM 20110622-02 JONI will draft language around an Attribute Assurance charter.