2013-08-05 eGov Meeting Notes

1. Administrative section

Date and Time

Date: 5. Aug 2013

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

Role Call

Colin Wallis, Gov of NZ

Keith Uber, Ubisecure Solutions, Finland

Thomas Gundel, IT Crew, Denmark

Sal D'Agostino, IDMachines, USA

Apologies

Anil John
Rainer Hörbe
 
4 of 11 voting members present. Quorum (5) not achieved.
 
Approval of minutes from April meeting: Not done.
 
Note taker: Keith
 

2. Agenda

Ken is not on the call - relevant agenda items will be handled on the next call.

Colin added information about the ucentricid.com conference in DC in October, and a recent NSTIC blog on architectural patterns that support the various functions/processes in federated identity, to be discussed at end of call

2.1. Colin to report on draft a clause on the SC27 WG5 Identity Federation clause in 24760-3

The draft is in progress

Participant keen to add technical controls for attack sin the areas of requesting authenticated entity, authentication, authorizing release of attributes etc which may not fit in this particular clause (Identity Federation) but valuable to include somewhere in the standard. 

Colin has added the initial draft for the sub clause entitled 'interoperability between federations', for comment.

Editors have asked Kantara to take just this Identity Federation clause and work on the practical aspects of it. It is to be submitted by the end of August 2013. It is being worked on in a closed list of members who expressed an interest to participate within Kantara. The editors will then do a total review and put out a proposed next working draft based on these comments and others. ISO will then review it at the next meeting in Korea in October.

2.2. Government of Canada’s Guideline on Identity Assurance

Ken Dagg had earlier presented Government of Canada paper, shared on the list. Sent 13.5.2013 title "Guideline on Identity Assurance Consultation Draft Apr 25 2013.pdf". Ken asked for more comments in the Identity Assurance guidelines. Ken is not on today's call.

Short discussion about how equivalent documents don't exist in some jurisdictions - due to either centralised non-competitive models, or lack of ownership/split of responsibility across government departments. Postponed to September call.

2.3 Recent event reports from attendees (eGov aspect)

IETF 87 Berlin - No participants present

Cloud Identity Summit CA - No participants present

NSTIC IDESG Plenary at MIT (July 24-26, 2013) - Sal:

  • a report was out on business sustainment models,
  • more pilots underway
  • report out on the previous pilots
  • feeling of the need to encourage more interaction between working groups
  • Attendance seemed low - 75-100 in the room - 30 remote? Held right after CIS in Napa Valley. Earlier plenaries had 200 or more.
  • Slow moving, definitely a difficult management task - big Identity providers are still lacking
  • latest documents http://www.idecosystem.org/filedepot

DefCon

- Interesting given the recent PRISM news

Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA)

  • information sharing network for real-time exchange of cyber-attack data
  • Held at Schiphol 25 July 2013 - approx 21 nations represented by a mix of gov, mil, or business
  • eGov working group to invite Patrick Curry to report on the current status
  • http://www.federatedbusiness.org/mne7

2.4 Upcoming events


http://www.ucentricid.com/

Recently Confirmed - Kantara will participate in the UserCentric ID Live event and is part of the expert advisory committee as well.  If your organization would like to take part please contact Joni for more details.  Event organised by publisher in cooperation with the Smart Card Alliance.

2.5 Summary on Kantara activities in the July Director's corner

2013 July

Discussed NSTIC resilent network - There was a presentation of their pilot at the plenary.

This led to NSTIC discussion

Discussed NSTIC blog post

 http://nstic.blogs.govdelivery.com/2013/08/02/nstic-pilot-common-considerations-5-an-identity-ecosystem-functional-model-for-the-modern-market-2/

From blog: "Such an architectural capability has been recognized by Trust Framework Providers such as Kantara Initiative, although it has not yet been incorporated into their certification scheme."
Colin: IAWG is working on it. It's the second item on their current roadmap.

2.6. Updates on national projects

Denmark: Many new services going live on 26 August 2013, including Power of Attorney service. Thomas invited to present on the next call.

Finland: National ID (Population register) inviting different players to present possible future models for eID infra, both PKI and post-PKI

NZ- Launch of RealMe (officially) last week, link already sent to list. Colin could give another presentation on the architectural pieces that make up the overall service

Next Meeting

Topics (one or more of the following)

Patrick Curry - MACCSA (Multinational Alliance for Collaborative Cyber Situational Awareness) presentation

Thomas Gundel - Danish Power of Attorney services

Colin Wallis - RealMe architecture

Date and Time

Date: 2. Sept 2013

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

------------------------------------------------------- 

To join the teleconference 
------------------------------------------------------- 
DIAL IN INFORMATION: 

Skype:  +99 051 000 000 481 
Conference Id: 613-2898 
US Dial-In: +1-805-309-2350  

http://kantara.atlassian.net/wiki/display/GI/Telco+Bridge+Info 

 

Â