Charter (Clients)

Clients Work Group

(2) PURPOSE: 

The Clients Work Group will develop, maintain and evolve draft Client Specifications for interactions with intelligent/ehanced client platforms (such as a smart card or a computing platform with an isolated execution environment, though there is nothing restricting these same specifications from being applied to/implemented by off-the-shelf software applications running in a generic OS). Software modules called "Provisioned Modules" are created by issuing parties and placed into the isolated execution environment.  The focus of this work group is on the management interactions between the  issuing party and the isolated execution environment management for the purpose of provisioning and management of said "provisioned modules" as well as on the interactions between client platforms that each have isolated environments (for the purpose of moving/copying/bonding Provisioned Modules between such environments).  The existing Liberty Advanced Clients Specifications will be accepted as a starting place and additional work to realize the requirements specified in the Liberty Robust Client MRD in future editions of those specifications.

Example Provisioned Modules include (but in no way are limited to):

  • A Security Token Service extension that can provide local, secure, STS services to a local Identity Selector such as Cardspace with strong authentication of the user
  • A soft SIM equivalent that can provide SIM like services for authentication to network services
  • An intelligent credit card that can provide secure ecommerce transaction support with local strong authentication of the user.
  • An extension of the SAML IdP able to provide delegated SAML IdP services.  This is referred to as a "Trusted Module" in the Liberty Advanced Client Specifications.

With the exception of the "Trusted Module"  this group will not focus on the functional possibilities for Provisioned Modules.  The expectation is that that work will take place in other environments, possibly even other Kantata Initiative Work Groups.  

To achieve this, the group will undertake the development of Client related specification drafts while continuously reviewing current and emerging technology for potential harmonization and convergence. Such Technical Drafts will be contributed to an appropriate Standards Setting Organization for its life cycle and maintenance phases.

Specifically, the Clients Work Group is responsible for:

  • Driving the harmonization and interoperability of intelligent/ehanced client platform specifications and protocols which currently coexist in the identity space.
  • The phased development and delivery of Client Specification harmonization and convergence deliverables such as extensions or profiles. Requirements and proposals may also be driven by requirements and proposals contributed by other Kantara Initiative Work or Discussion Groups
  • Developing and maintaining appropriate relationships and liaisons with other Kantara Work or Discussion Groups and external bodies, as deemed appropriate by the Work Group.
  • Creation of supporting technical materials for market education and evangelism including, but not limited to, presentations, overviews, examples, etc..
  • Oversee the contribution of proposed Client Specifications developed to an existing Standards Setting Organizations.

(3) SCOPE: 

The Clients Work Group is chartered to:

  • Ensure that Client Specifications evolve in way that fosters potential harmonization and convergence with related industry technical efforts.
  • Develop and deliver supporting technical documentation for market education/evangelism
  • Reference technical work in external, vendor neutral industry groups and bodies
  • Establish liaison relationships with appropriate external, vendor neutral industry groups and bodies to ensure Work Group requirements and specifications are understood, addressed and submitted to the appropriate Standards Setting Organization

Out of scope:

  • The definition and functionality of Provisioned Modules (with the exception of a) the interfaces necessary for common administration of such modules and b) the Trusted Module PM)
  • While efforts of this group would likely find a synergy with activities around InfoCard and OpenID (etc) the Clients group does not plan to undertake and specific work in the InfoCard and OpenID spaces.
  • The work of the Clients group DOES NOT include aspects of ALL possible client work. The Clients WG will strive to ensure that the work within the Work Group does not duplicate or conflict with the relevant work of other external, vendor neutral industry group and standards organizations.
  • This understanding may be modified as works evolve and harmoniziation or convergence opportunities present themselves naturally.

(4) DRAFT TECHNICAL SPECIFICATIONS: 

The following specs would be submitted as a set to a, likely new, TC within OASIS

  • Advanced Client Technical Overview
  • Identity Provider (IdP) Service Specification (this particular spec may be combined with other Liberty specifications in some form of STS harmonization spec)
  • Provisioned Module Manager Service Specification (PMM)
  • Provisioned Module Service Specification (PM)
  • Platform Attestation Service Specification

The following spec may be submitted to the Security Services TC within OASIS:

  • SAML Assertion IdP  Delegation Profile

(5) OTHER DRAFT RECOMMENDATIONS: 

Possible white paper or usage guidelines and policy to support the Clients WG work.

(6) LEADERSHIP: 

Conor P. Cahill, Intel, proposed Chair

(7) AUDIENCE: 

The audience for this Work Group includes providers developing identity based services making use of client devices in a federated environment.

(8) DURATION: 

The Kantara Initiative Leadership Council charters the Clients Work Group for five years. It may be amended from time to time, with changes approved by the Leadership Council. This charter will expire on 9/2014 or upon submission and acceptance of the draft technical specifications into the proposed standards body.

(9) IPR POLICY: 

(10) RELATED WORK AND LIAISONS

Potentially related work includes:

  • SAML work in the SST
  • Liberty/WS-* harmonization work in Concordia
  • OMA DM provisioning work in OMA
  • Global Platform provisioning work in the Global Platform

(11) CONTRIBUTIONS (optional):

Liberty Alliance  will contribute the Advanced Client Specification Set as well as the Robust Client MRD to the Clients Work Group.

(12) PROPOSERS: 

  • Conor P. Cahill, Conor.P.Cahill -at- intel.com,  Intel Corporation
  • Hubert Le Van Gong, Sun Microsystems
  • George Fletcher, AOL

History

Date

Note

September 9th, 2009

The Leadership Council ratifies this charter for operation.