2015-03-08 eGov Meeting Minutes

Date and Time

Date: 3. August 2015

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

Roll Call

  • Colin Wallis
  • Rainer Hörbe  

 

  • Keith Uber (Note taker) 
  • Thomas Grundel
  • Judy Carter
  • Angela Rey

    Apologies
  • Ken Dagg

1. Administration

Quorum of 3 achieved.  June 2015 minutes moved by Rainer, seconded by Thomas.

Rainer has other obligations in Sept, Oct and Nov and cannot make the calls. Colin and Keith to open and run the calls. 

2. Code of Conduct for Relying Parties

By request by the IAWG, we have been looking at the identity assurance, which has until now been focused on the IDP, to incorporate also the SP requirements.

Colin is the intial editor and welcomes contributions and help.

Colin has been busy compiling information from GEANT2 FOPS Federation Operation and Procedures, REFEDS and NZ Service Integration Guide, etc.

New additions are the Treasury Board Secretariat of the Government of Canada's two documents contributed:

1) CATS Cyber Auth Technical Specification (Available on outside contributions on wiki)

2) Adding and removing credential service providers under the Credential Broker Service

The Canadian Integration Guide may contain important references and each should be examined if a copy can be sighted

David Simonson at WAYF has provided the template contract for SPs. Some new aspects have come in from this.

Mikael Linden sent link to the GEANT data protection code of conduct background report. We had already located the template document. 

The background is that the “Article 29 working party “ (a working group from the European data protection agencies working together) gave their blessing to the document .

But the “Article 29 working party“ would like more specific guidance and practical value for RPs.

Thomas added documents from the Danish federation, which contains specific technical requirements.

The common argument for the lack of rules, is that this aspect has been covered by the data protection legislation in the applicable jurisdiction.

AP: Request the response by the Article 29 working party to the GEANT Data protection code of conduct. 

Progress is being made. Please follow and contribute to discussion on mailing list and updates on wiki.

3. Proposals for speaking places at RSA 2016 Spring Conference

Keith proposed: A set of state of the art on the eGov around the globe based on "Life Events"

Colin: We might need bigger players (Canada, UK, EU)

Finland: Process for permission to marry - completely online process from spouse to spouse to check for right to marry through population registry. Possible to do by federated login via bank, ID card or mobile PKI from home.

NZ "having a baby" process - citizen "touches" the government/non-gov agencies up to 28 times in order to have a baby. Of the 28 processes, 20 have some form of repetition, some material that has already been given to another party in the flow. There is a project underway called BABII, that aims to replace that process with a combination of APIs at the front end and department cooperation at the backend.

Aim for three events - before, late stage, and after birth.

Denmark's Portal:

If you want, as a foreigner, move to Denmark and start working, there is a common portal to coordinate various agencies to make the move step-by-step.

Goal: breaking down government silos and take a citizen oriented view.

AP: Keith - to write this up and send to Joni.

4. Conference Reports:

June, Cloud Security Alliance APAC Conference in Bangkok.

Highlights: CSA moving from standards, guidance and certification to additionally investing in product development. CSA is developing these products with the goal to have a revenue stream.Examples are:

MAST - Mobile Assurance Security and Testing - testing the security features of a handset (Taiwan)

STRATUS - provides users the ability to see who has accessed their material between different cloud providers and within an application. A powerful audit trail. (New Zealand)

Rainer: TERENA conference in Porto in mid June.

EWTI - is coming up in December

Other

Block chain discussion.

Rainer is developing an open source rights management system for entity operators to send their metadata to federation operators. Anonymity is not required, only verifiability.

PEER Working group meeting last week, updates are coming every week.

PEER will be usable, PEER is for any kind of entity 

Rainer volunteers to do UI design.

Rainer has been working with Roland Hedberg (GEANT FedLab). Funding require 3 man years. Looking for funding.

InCommon is interested to cooperate. Joint effort between REFEDS, GEANT2, Internet2.

Instead of doing SAML2.1, better to do better conformance profile. A new conformance document will be created, something like “scalable interoperability profile”

After which a formal test description.

 

 

Next Meeting  

Date and Time

Date: 7. September 2015

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

------------------------------------------------------- 

To join the teleconference 
------------------------------------------------------- 
DIAL IN INFORMATION: 

Skype:  +99 051 000 000 481 
Conference Id: 613-2898 
US Dial-In: +1-805-309-2350  

http://kantara.atlassian.net/wiki/display/GI/Telco+Bridge+Info