eGov Meeting Notes - 2011-07-11
*Non quorate? check new joining member status's*
Kantara eGov Working Group Teleconference
Date and Time
- Date: 11 July 2011
- Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ (12th July)
Attendees
Voting:
Scott Cantor, Internet2
Colin Wallis, NZ Govt
Thomas Grundel, IT Crew, Denmark
John Bradley
Rainer Hoerbe, Kismed Health GmbH
LaChelle LeVan, Probaris Inc
Non-Voting:
Daniel Bennett, SAFE Bio-Pharma
Mickey Tevelow, N8 Security
Staff:
Anna Ticktin
Apologies
Bob Sunday, Gov of Canada
Meeting Notes
1) Roll call for Quorum determination
Not quorate by one
2) eGov Membership Status. New member intros (CW)
United ID, SAFE-Biopharma, Comfact AB (soon)
3) Review and approve June meeting draft minutes (attendees)
Quorum not met. June draft Minutes will be circulated to the list for electronic vote.
4) Work Item 1: Update regarding Conformance test plan planning options (IRB..JB?)
IRB continuing to evaluates complementary options from Fraunhofer and Fedlab.
5) Work Item 2: Discuss next steps. Start SLO use case/requirements for input into eGov Deployment model and cookbook (Fulup and Rainer)
No recent work done post Berlin, but considered to be closed, based on Berlin meeting notes. Action 2011-07-11-01: Colin to check with TelcoID WG.
6)Work Item 3: Collection of requirements for Attributes WG (was Start up the Attribute Development Sub Committee of the eGov WG)
Colin had begun an email thread that Bob had expended. There was a request to re-circulate this thread to ensure sufficient input beore forwarding to the Attributes WG (when it's chartered). Action 2011-07-11-02: Colin to re-cirulate the Attributes thread.
7) Work Item 4: The Open Source Support Initiative WG.
Rainer has produced an interesting summary of SAML products on Wikipedia (and now on the KI website as well). This has been sent to the OSS WG. Thanks Rainer!
8) LC and BoT updates (Incl. Assurance Review Board, Interop Review Board, IOP WG) (CW/JB)
JB briefly updated eGov on LC activities, mostly centred around re-allocating unspent budget to WGs that are short of funds to deliver urgent work.
9) Liaisons: OASIS eGov Member Section, KI's ISO and ITU-T's Liaisons
CW reminded the group to sign up to the BoT Liaison SC to view and comment on the ISO SC27 drafts to be discussed at the next SC27 meeting in Nairobi in October. comments close early Sept in most cases.
10) Events: A reminder given of Dervla's emails on KI's potential involvement in SCA, KI F2F at Mountain View etc.
11) AOB: Recent threads etc -
Newer Crypto algorithms deployment advice thread:
DK's OIO SAML Profile recommends the following regarding the minimum required algorithms which must be supported by all Identity and Service Providers:
- Encryption algorithm must be AES with at least 128 bit keys.
- Signature algorithm must be SHA1withRSA or SHA256withRSA with minimum 1024 bit modulus.
Thus, it is allowed to use AES or RSA with longer keys than specified above. All DES-variants and MD5 hashing are forbidden. When using 1024 bit RSA modulus, federation participants should prepare to upgrade a longer modulus within 6-24 months.
The EU's EPSOS also recommends SHA 256. Some software implementations e.g. Open SSL actually disable ECC and default to RSA and DH. ECDH is known to be particularly hard to deploy. The US Gov Federal PKI site is a sueful starting point for updated info: http://www.idmanagement.gov/fpkipa/
Some of the vendors that were behind the original RFC for ECC are known to have patented their implementatons, making it risky for others to deploy likewise.
Some discussion of SHA-2 for a root CA and a PKIX chain....
Next Monthly Meeting: NOTE DATE CHANGE!
- Date: Monday, August 8th, 2011
- Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ (9th)
- Dial-In: US: +1 201 793 9022, Skype: + 9900827044630912
- Code:
NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.