2015-01-06 eGov Meeting Minutes

Owned by Former user (Deleted)
Jan 05, 2015
3 min read

Date and Time

Date: 6. January 2015

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

Role Call

  • Colin Wallis
  • Rainer Hörbe  
  • Ken Dagg
  • Keith Uber, GlobalSign/Ubisecure (Note taker) 

1. Administration

Non-quorate call.

November minutes posted immediately prior to call, to be approved on next call.

Preparations for election

AP: Colin to send a request for nominations for leadership via email listserv.

Rainer, Colin and Keith all prepared to stand again for same positions.

Secret ballot method, same as last time.

2. NZ UMA Pilot

NZ government is doing a pilot for UMA (first government UMA case). ForgeRock implementation: OpenStack - OpenUMA

Use case: Delegated authority (For B2G)

Use case: Government director is the main holder of authority, but wants to delegate to a company financial controller to file tax returns. Replace paper-based process.

General discussion of current UMA implementations: CloudIdentity/Gluu/ForgeRock/Roland pydc library etc

Rainer: Is UMA secure enough for the government use case?

The difference between oAuth and openid connect and SAML etc is that the security model is based on https, not on signatures.

Not secure enough for all use cases.

Colin: For filing a tax return that is adequate

Rainer: we have ultra-secure signature solutions (German MPA for example) that are so complicated that people use services to simplify the deployment which drop the security level back to HTTPS security level.

Keith: Are external tax agents, tax accountants and auditors considered, or is the delegation internal to the same company? Are third-parties involved?

NZ Companies House / Companies register is third-party. NZ Companies register only for limited liability companies, not for sole traders, not for partnerships, not for non-profit. Only limited liability companies have a company number, others don't. A lot of argument and debate on sole traders - if they have a unique identity, privacy implications, even if the sole trader trades as "John Smith Plumbing" (smile) Interesting case for privacy commission officials.

Colin will let us know as the project goes ahead.

3. New work topic: Gathering of requirements for government acting as relying parties

Continued discussion from egov mailing list thread.

Ken: Some have clearly defined requirements:

Incommon, Safe Biopharma

UK has come up with some

USA has come up with some

6-10 clearly identified

 

We need to communicate to actors in eGov that we are taking on this piece of work. To welcome various governments to get on board. This should be a priority to do first. If there is no interest, the work is not worth taking on.

Colin: an example place to gain traction is O5. O5 has many allied nations, (Mexico, Israel, Sweden) Identity summit that runs currently every 6 months.

Next one Jan 27-29 in Mexico City.

Could we send a message to take along and let them know?

2 days of government only discussion. 3rd day is Kantara led industry day.

 

D5 - Digital five has been formed in December. Hosted by UK.

Members from UK, NZ, Estonia, Israel and Republic of Korea. Expectation that other governments would join.

We need to get these representatives to understand the task at hand, and help contribute to the discussion.

On the mailing list a beginning list has been made.

AP: Keith to create a starting point wiki page to summarize and provide fill the blanks spots for further contributions

4. Conference Reports:

Rainer: EWTI - European Workshop on Trust and Identity  http://identityworkshop.eu/ 3-4 Dec 2014

Session notes available at https://identityworkshop.eu/ewti2014/session_notes.pdf

60-65 registered participants, 2/3 were from Higher Ed. Timetabling close to year end not best

Lots of interesting topics:

"IDP of last resort" great topic

Informal problem statement was written about that to connect STORK, United ID, IDP for the homeless

Vectors of Trust discussion

Javascript aspects, code is running in the browser, not on the server. These frameworks have problems using saml.

Lots of technical recommendations about this. See item 7 in proceedings

David Simonsen from WAYF gave a great presentation on metrics about consent: "how many people drop off" when presented with consent dialogs

Provisioning of users at the relying party side. If SPML and SCIM don't work, what to do?

Privacy considerations when doing up front provisioning. Internet2 session also about similar topic.

Out of band provisioning using AWS message queue, non-standard implementation.

One guy from a company in Slovakia

 

Keith: Gartner IAM, Las Vegas, 2-4 Dec 2014

Close to 1400 attendees,

Interesting keynote by Jeremy Wiltz on FBI's next generation biometrics databases.

Very high-level.

David Pogue, funny

Brian Iverson, great fundamental presentations

Good eGov Case Study on DC One Card

AP: Keith to invite guest to present case study to egov group

 

Other

Rainer: Does anyone have any identity and open government data thoughts/experience/expertise

Open Research Data "done a quick and incomplete analysis"

The problem is not the publication of data, but making it easy for data producers to upload and offer the data

Finnish/NZ approaches discussed.

 

Next Meeting  

Date and Time

Date: 2. February 2015

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

------------------------------------------------------- 

To join the teleconference 
------------------------------------------------------- 
DIAL IN INFORMATION: 

Skype:  +99 051 000 000 481 
Conference Id: 613-2898 
US Dial-In: +1-805-309-2350  

http://kantarainitiative.org/confluence/display/GI/Telco+Bridge+Info