Draft 2015-06-01 eGov WG Meeting Minutes

Owned by Colin Wallis (Unlicensed)
Last updated: Jul 05, 2015
2 min read

Date: June 01, 2015

1. Attendees

  • Denny Prvu

    Angela Rey

    Colin Wallis

    Rainer Hörbe (presenting)

    Thomas Gundel

 

2. Approve minutes of previous meeting

Carried over

Discussion Items

3. Work item: Code of Conduct for entities (e.g. govt) acting as relying parties"

Care needed for RP to look after attributes in privacy respecting way.

eIDAS has no provision for this.

Federations should use metadata, technical trust in compliance and certification.

'Context should be an added criteria.

Example use cases: RP does eTenders for other RPs ..e.g. US Fed Gov has active website where vendors register (SAM.gov?)..that does not provide identity services. External user would arrive via FICAM , in future also Connect.gov. Individuals use separate access from a different federal database... 'if you using a PIV Card, certain rules apply for the RP.

 

ACTION: Check with Kantara IAWG if PIV Card in scope for IAF.

4. Rainer's presentation on 'Privacy by Design in Federated Identity Management'... previously submitted to IEEE Privacy and Security conference May 21st 2015.

Link to slide notes is here:     eGov - Dateilisten                     

Note to self to find link for slides

ACTION: Rainer will supply speaking notes and references to help explain slides.

Slide 5: Look outside FIM...

Slide 6: Project co-authored by Rainer

Slide 8: ISO 29100 and PbD rules and principles..

Slide 9: Linking of delta between different privacy domains. Peering servcice without being able to link up ...limited linking capability

Slide11: Designed new 'blind proxy' and uses centarlised login (like DK's Nemlogin, AT's, NZ's. Summary: Late binding like Fed Canada's CATS spec of FIDO U2F. 6 alternatives with controls that trust the use of the metadata.

Slide 17: Temporary linking, on edirection (pairwise identifiers).

Slide 18/19: Constrained Linking..limited time (1hour say). via the proxy.

Slide20: Biullet 2 is ABC4Trust

Slide 21: PE FIM = blind Proxy

 

Comment: Needing plain language version to get better adoption. by re-stating architecture into common language that the user understands.

Comment: Highlight difference sin privacy requirements.. invdividual vs employee.

5. Reports from recent conferences

Carried over to next meeting

6. AOB

Kantara Virtual plenary coming up late June. Angela suggest a presentaion from Connect.gov