Date

January 5th, 2016

Attendees

Goals

IRM in the Wild Discussion & Examples - Working Through the Principles

Discussion Items

Time	Item	Who	Notes
2 mins	Kantara IPR	Sal	Kantara IPR http://kantarainitiative.org/confluence/download/attachments/2293776/Kantara+Initiative+IPR+Policies+_V1.1_.pdf?version=1
2 mins	Roll Call	Sal	Roll, new intros, announcements
4 mins	Minutes/Notes Update	Sal	Minutes, Notes, 2015-11-17 Meeting Notes
5 mins	Principles	Sal	Discussion of Principles 1.1
40 mins	IRM in the Wild	All	Discussion of IRM in the wild - Consolidating the Use Cases
1 min	Other Admin	All	Other Administrative, Action Item Review (not covered above)
1 min	AoB	All	AoB TBD...

Action Items

Submitted Links

Submitted by Former user (Deleted):

Tue-Wed Jan 12-13: NSTIC Workshop: Applying Measurement Science in the
Identity Ecosystem http://www.nist.gov/nstic/events.html
Wed evening Jn 13: “Privacy Papers for Policy Makers” - A discussion of leading privacy research https://fpf.org/2015/12/15/privacy-papers-for-policymakers/
Thu Jan 14: FTC PrivacyCon https://www.ftc.gov/news-events/events-calendar/2016/01/privacycon

Submitted by Thorsten Niebuhr (Unlicensed):

Here is the link on Entity Relationship Management / Semantics. Whitepaper is only available as german version right now, translation is planned to be done by end of next week

http://www.wedacon.net/entity-relationship-management

High-level Topics Covered

Role call
IRP Update
Principles Update - v.1.1
IRM in the Wild
Worked through DNS as IRM Use Case

Detailed Meeting Notes

IPR Policy

Kantara looking at Contribution approach that OpenID is using - having one IPR policy across all the groups - taking up at the board level

Roll & New Intros

Thornsten brief intro
Going to see what notes from last calls

Ian is out - but will be running through the principles again shortly - possibly use what comes out of the NIST workshop next week - going to want 3-4 people to have working group to go through the v.1.1 of the principles - will be asking for volunteers soon

Asking who is going to - NIST Workshop & PrivacyCon links being sent by Steve - will be sent to group and put in minutes [Included Below in Links]

Scott - will be at NIST workshop - Thursday - Identity Assurance group will be meeting with FICAM for a workshop - agenda up in the air - intended to be for Identity Assurance, Assessors, and CSPs to meet - link for this event to be sent as well

Idea is to draft 1.1 version of principles - confirm or deny if IRM is a "thing" or not - or should it be under "ABAC" for example

Way to determine is to document use cases and measure against principles we have so far - represent in a matrix

[ Reference: Matrix of IRM in the Wild]

Last call - spreadsheet development - talked about migration - questionable and went through principles and applicability - trying to answer - is there a unique case of IRM being done?

Does anyone have anything to throw out for a use case?

Scott - is IRM a separate thing which deserves paying attention to? - Yes absolutely - going on since IT and the internet - relationships which must be managed - other ways to maintain identity space

Sal - Ian & Sal is skeptical if they have an example of IRM - show a case of it and tell me why it is relationship management?

Scott giving example of Domain Space

Sal - you believe that is a case of IRM which exists - take DNS as a use case then? Go through the principles and it would work?

Scott - it would apply to a lot of the attributes

Kim - does it have to meet all principles?

Sal - there will be examples which it meets some but not fully; To define use cases it is okay to look for fully applicable; At this point;

Kim - at some point after looking at use cases we would then have to determine what doesn't make it IRM

Sal - yes exactly what we are trying to accomplish

Scott - probably not going to be black & white as to when it is or isn't - going to meet a few of the principles

Sal - we are working through the principles at the same time so it will be "push and pull" in different directions

Scott - DNS - and IP address to a Domain Name - registrant has to provide details about themselves, etc.

Working through DNS in IRM-in-the-Wild-Dashboard spreadsheet - (See Notes There)

Worked through each principle and decided whether or not it applied
Discussion around "immutable" - definitely applies - serves the purpose of immutability
Adrian - talking about the replacements to DNS with various architectures (e.g., Block Chain, etc.) - something we are doing could inform that process - that would be interesting
- Scott in agreement
- Google OneName, and NameCoin for more information on Block Chain
Adrian came up with another piece to this space - configuration management - thinking about scaling of identity - "promise theory" - eye opening way of looking at IRM - people out there looking at configuration of large-scale systems and the scalability of them - so for example when they see DNS - they cringe - it is brittle, not scalable, too centralized
Sal - some there is registration and some there is use - need distributed autonomous things - completely agree - Promise Theory gives us a nice set to compare against our principles
Scott - Provable would be a difference between DNS and Block Chain
Sal - likes going through this and gathering related things - should we go through Block Chain and Distributed Hashes?
Scott - interesting on Immutable - IP addresses which are mutable - ID of the individual which registered the records is not supposed to be mutable - both sides (immutable & mutable) show up
Sal - challenging because DNS is at a lower level
Continue to go through the Principles…
Completed going through principles for DNS

Thornsten - entity relationship management and semantic whitepaper - going to send link

Sal - architectural principles - these may be applicable there - makes a lot of sense - going to put Promise Theory in autonomous for now