Draft 2015-06-01 eGov WG Meeting Minutes
Date: June 01, 2015
1. Attendees
Denny Prvu
Angela Rey
Colin Wallis
Rainer Hörbe (presenting)
Thomas Gundel
Â
2. Approve minutes of previous meeting
Carried over
Discussion Items
3. Work item: Code of Conduct for entities (e.g. govt) acting as relying parties"
Care needed for RP to look after attributes in privacy respecting way.
eIDAS has no provision for this.
Federations should use metadata, technical trust in compliance and certification.
'Context should be an added criteria.
Example use cases: RP does eTenders for other RPs ..e.g. US Fed Gov has active website where vendors register (SAM.gov?)..that does not provide identity services. External user would arrive via FICAM , in future also Connect.gov. Individuals use separate access from a different federal database... 'if you using a PIV Card, certain rules apply for the RP.
Â
ACTION: Check with Kantara IAWG if PIV Card in scope for IAF.
4. Rainer's presentation on 'Privacy by Design in Federated Identity Management'... previously submitted to IEEE Privacy and Security conference May 21st 2015.
Link to slide notes is here:     eGov - Dateilisten                    Â
Note to self to find link for slides
ACTION: Rainer will supply speaking notes and references to help explain slides.
Slide 5: Look outside FIM...
Slide 6: Project co-authored by Rainer
Slide 8: ISO 29100 and PbD rules and principles..
Slide 9: Linking of delta between different privacy domains. Peering servcice without being able to link up ...limited linking capability
Slide11: Designed new 'blind proxy' and uses centarlised login (like DK's Nemlogin, AT's, NZ's. Summary: Late binding like Fed Canada's CATS spec of FIDO U2F. 6 alternatives with controls that trust the use of the metadata.
Slide 17: Temporary linking, on edirection (pairwise identifiers).
Slide 18/19: Constrained Linking..limited time (1hour say). via the proxy.
Slide20: Biullet 2 is ABC4Trust
Slide 21: PE FIM = blind Proxy
Â
Comment: Needing plain language version to get better adoption. by re-stating architecture into common language that the user understands.
Comment: Highlight difference sin privacy requirements.. invdividual vs employee.
5. Reports from recent conferences
Carried over to next meeting
6. AOB
Kantara Virtual plenary coming up late June. Angela suggest a presentaion from Connect.gov
Â
Â