/
Leadership Council Teleconference - 2010-09-01

Leadership Council Teleconference - 2010-09-01

Sep 16, 2010

Minutes approved September 15, 2010

Kantara Leadership Council Teleconference

1 Date and Time | 2 Attendees | 3 Apologies | 4 Agenda | 5 Minutes | 6 Next Teleconference

Date and Time

  • Date: Wednesday, September 1, 2010

  • Time: 3pm PDT | 6pm EDT | 22:00 UTC (Time Chart)

  • Teleconference Options:

    • Skype: +9900827043671716

    • US Dial-In: +1-201-793-9022 | Room Code: 3671716

NOTES:

Attendees

  • Voting:

    1. User-Managed Access: Eve Maler

    2. ULX: Phillipe Clement

    3. Federation Interoperability: John Bradley

    4. Japan WG: Toshihiro Suzuki

    5. eGov: Colin Wallis

    6. Privacy and Public Policy: Abbie Barbir

  • Non-Voting:

    1. Identity Community Update: J. Trent Adams

    2. Map the Gap: J. Trent Adams

    3. Staff: Joni Brennan

    4. Staff: Dervla O'Reilly

    5. Guest: Drummond Reed

Apologies

  • Consumer ID: Bob Pinheiro

Agenda

  1. Roll Call for Quorum Determination

  2. Approval of prior meeting minutes

    1. Review: Leadership Council Teleconference - 2010-08-04

  3. OIX Presentation - Drummond Reed

  4. Reminder: Quarterly Reports

    1. Call for Group Leaders to add 2010-Q2 Report and to back-fill prior reports

    2. Add Reports to: Quarterly Reports

    3. Using Report Template: Quarterly Report Template

  5. Call for Paris Meeting Agendas

  6. Proposal: Creation of a fellowship program supporting independent volunteers.

  7. Action Item Reviews:

    1. NASPO: LC Members interested in actively moving this work forward are asked to formalize a proposal and bring it to the LC for consideration.

    2. United Identities: Colin will send the presentation around on the LC list, soliciting responses of interest.

  8. AOB

Minutes

  1. Roll Call for Quorum Determination

    1. 6 voting members, quorum reached

  2. Approval of prior meeting minutes

    1. MOTION: To approve the minutes as recorded for the Leadership Council Teleconference on 2010-08-04.

    2. Moved by Colin, Motion Carried

  3. Open Identity Exchange (OIX) Presentation

    1. Introductory Notes:

      1. Presented by Drummond Reed and John Bradley

      2. ICF loaned Drummond to help bootstrap OIX

      3. Drummond stepped down as ED of OIX after Catalyst, returning to ICF

      4. Drummond is speaking as volunteer continuing to support the project

      5. Don Thibeau now acting ED

      6. John Bradley joined OIX as a volunteer Technical Advisor

    2. General Overview:

      1. OIX is primarily a registry, or "listing", of certified services (IdPs and RPs)

      2. OIX "lists" operational trust frameworks

      3. OIX and Kantara are symbiotic (as defined by the recent press release)

      4. Kantara is one producer (among others) of frameworks that are listed and assessed against.

      5. "Operational Certification" of each framework is defined by the framework producer (a.k.a. "framework authority")

      6. OIX does not offer a certification service itself, it is a listing service on behalf of the "framework authority" (e.g. GSA/ICAM, Kantara, etc.)

      7. OIX uses a "Rules & Tools" model to identify the difference between "process" (OIX) and "mechanism" (e.g. certification mechanism)

      8. OIX builds on top of "Federation Operator Guidelines" that are both "Rules Based" and "Operational Based"

      9. The term "profiles" is used to describe how a "framework authority" needs a specific technology to be implemented in order to be certified (and subsequently "listed" by OIX)

      10. OIX is still solidifying methods for how "profiles" are created (e.g. by Kantara) and submitted to OIX for "listing"

      11. OIX listings are technology neutral, not promoting any one specific technology.

      12. There is an understood US-bias in many of the OIX foundational documents (many based on profiles from the US Gov), they are looking to expand further.

      13. OIX carries some indemnifcation insurance

    3. Q: If OIX "lists", but doesn't "certify", what is the actual process for getting "listed"?

      1. A: This is still being defined, but the rough process is being formalized now.

    4. Basic steps in "listing" a hypothetical new trust framework:

      1. Example: LinkedOrg wants to submit a Trust Framework and have IdPs certified against it listed by OIX

      2. For LinkedOrg to be a Trust Framework Authority, OIX requires:

        1. they be a legal entity

        2. they must be an OIX Member

      3. LinkedOrg puts together a "Trust Framework Specification" comprised of:

        1. Starting with with an "Implementation Profile" of Kantara IAF and...

        2. ... they add their own rules to it (e.g. a Privacy Profile)

        3. They then define the same OpenID Profile used by ICAM for LOA 1.

      4. To become an OIX Listed Trust Framework, OIX must verigy they are "compliant" by OIX General Counsel (currently Scott David):

        1. Verify that it is an authetnic submission (i.e. all appropriate forms are filled out and steps followed) from an authentic member (i.e. an OIX member in good standing)

        2. Verify that it meets all the requirements of the "OIX Trust Framework Requirements Document"

          1. This is a proforma evaluation to ensure steps are followed, nothing about the contained details.

          2. Verfification includes:

            1. how assessors will do their job when certifying services for the proposed Trust Framework

            2. that the submitted framework meets minimum bar from the "Principles of Openness" whitepaper:

              1. The Trust Framework Authority must self-certify they agree to the principles.

      5. Assesors for the LinkedOrg "Trust Framework Specification" must:

        1. submit a "Trust Framework Participant Form"

        2. meet requirements set out in the submitted "Trust Framework Specification"

        3. They go through the Assesor Qualification Process to be "Listed"

        4. They must be OIX Members (or a Kantara-certified assesor)

      6. Participants (e.g. IDPs and RPs, etc.) go through a similar process to be "Listed"

        1. They must also be OIX Members

        2. NOTE: Kantara certified assesors are automatically accepted

      7. Operation:

        1. Listings will be queried using SAML-based signed metadata

        2. Security will be matched to LOA (e.g. higher levels may require)

        3. Much of this is still being worked out, in conjunction with input from the Fed Interop

  4. Reminder: Quarterly Reports

    1. Call for Group Leaders to add 2010-Q2 Report and to back-fill prior reports

    2. Add Reports to: Quarterly Reports

    3. Using Report Template: Quarterly Report Template

  5. Call for Paris Meeting Agendas

    1. Deadline for early-bird registration: September 17

  6. Proposal: Creation of a fellowship program supporting independent volunteers.

  7. Action Item Reviews:

    1. NASPO: LC Members interested in actively moving this work forward are asked to formalize a proposal and bring it to the LC for consideration.

    2. United Identities: Colin will send the presentation around on the LC list, soliciting responses of interest.

  8. Meeting adjourned at 23:30

Next Teleconference

  • Date: Wednesday, September 15, 2010

  • Time: 9am PDT | 12pm EDT | 16:00 UTC (Time Chart)

  • Teleconference Options:

    • Skype: +9900827043671716

    • US Dial-In: +1-201-793-9022 | Room Code: 3671716

NOTES: