AIM WG Notes 24-July-2013

Owned by Former user (Deleted)
Last updated: Jul 24, 2013Version comment
3 min read

Call not at quorum

Date and Time

  • Date: Wednesday, 24 July 2013
  • Time: 07:00 PT | 10:00 ET | 14:00 UTC
  • Dial-in: United States Toll +1 (805) 309-2350
    •  Alternate Toll +1 (714) 551-9842
  • Skype: +99051000000481
    • Conference code: 613-2898

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Approval of Minutes:AIM WG Minutes 01-May-2013
  2. Discussion / Action Item Review
    1. Discussion around "Review AMDG Recommendations and verify if/how they tie in to the AIMWG work"
    2. the AIM WG charter and next steps
      1. AMDG Report
  3. AOB
  4. Adjourn

Attendees

  • Steve Olshansky
  • Allan Foster
  • Keith Hazelton
  • Sal D'Agostino

As of May 1, 2013, quorum is 5 of 9

Non-Voting

Staff

  • Heather Flanagan

Apologies

Minutes

Approval of Minutes:AIM WG Minutes 01-May-2013

  • Call not at quorum

Administration

Action Items

Action

Assigned To

Status

Description

Comments
20121127-06Allan Fosterin progress, Ken Dagg inputReview AMDG Recommendations and verify if/how they tie in to the AIMWG work 
20121211-01Group Review Attribute Design draftDetermine on next call if this is something group wants to discuss further
20130109-02Keith Hazelton create a semantic diagram that will look something at a historical perspectiveKeith to post to wiki and lead a discussion on April 3 call
20130123-01Kirk Fergusson Share the working definitions for components in their diagram 
20130515-01Keith Hazelton Provide links to relevant notes taken in recent IIW 16 sessionsthese links will be added to these notes and the AIM repository of information

New Action Items

Action

Assigned To

Status

Description

Comments
20130723-01Keith Hazelton, Steve Olshansky Keith to add in the additional columns to the attribute registry discussed and bring back to the group for discussion 

Action

Assigned To

Status

Description

Comments
 

AIMWG CHARTER REVIEW SUGGESTIONS

...as suggested by Joni
  • Review AMDG recommendations and determine if work plan for each is needed OR if they have been overcome by events. 
  • Include WG 'accepted' items not captured in to AIMWG charter. 
  • Update charter to add language indicating that new work items may be proposed as research develops.

Recommendations taken from AMDG Report

    

Discussion

Notes from the last call are particularly useful as we consider next steps - see AIM WG Notes 10-July-2013

See WG - Attributes In Motion - Roadmap Planning - AIMWG (make sure to add to next call when Ken Dagg and/or Colin Wallis are available)

  • consider adding a paper on the issue of metadata around attributes themselves (i.e., level of confidence, level of assurance, age and duration, etc.) - does this fit under handling? context? or should it be its own thing?
    • Allan was at the U.S. government ABAC workshop, and NIST 800-162 is the US government's first shot in terms of access control in the attribute space, and is a parallel to NIST 800-63 which was the original identity landscape; with 162, the questions started to come up of how do you issue and track this metadata (hallway discussions)
    • part of the mission of this doc is to create a formal place for more of a XACML model, and while it probably won't be immediately impacting, it is likely to have a long term impact on this space
    • this is a first attempt to try to formalize attribute based access control to frame the discussion, and there will be subsequent documents going in to more detail on specific components later
    • Document is still open for public comment
      • suggest starting with caching of status before caching with attributes
      • do not make assumptions that the authoritative source will be repeatedly referenced - caching technologies will need to be taken in to account
    • where should the metadata of attributes live, in what document?
      • this is something of a chicken and egg problem, since we are guessing on both sides
      • we are probably clearer on what the attributes are, what they look like, where they come from and how they are determined
      • we do not have something that defines what are the metadata of attributes, what things do you need to manage as you look at an attribute in their life cycle
      • if you have a metadata registry, what would you register? what would you apply best practices to?
        • Keith has the rudimentary attribute registry, and the columns are essentially metadata on the attributes themselves - AI: Keith to add in the additional columns discussed and bring back to the group for discussion; Steve Olshansky to assist
        • the challenge is that metadata outside of context are not really practicable

Next Call

  • Date: Wednesday, 7 August 2013
  • Time: 07:00 PT | 10:00 ET | 15:00 UTC
  • Dial-in: United States Toll +1 (805) 309-2350
    •  Alternate Toll +1 (714) 551-9842
  • Skype: +99051000000481
    • Conference code: 613-2898