AIM WG Minutes 23-Jan-2013

DRAFT minutes pending AIM WG review

Date and Time

  • Date: Wednesday, 23 January 2013
  • Time: 07:30 PT | 10:30 ET | 15:30 UTC
  • Dial-in: United States Toll +1 (805) 309-2350
    •  Alternate Toll +1 (714) 551-9842
  • Skype: +99051000000481
    • Conference code: 613-2898

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Approval of Minutes: AIM WG Minutes 09-Jan-2013
    4. Member e-ballot reminders
      1. IAF document series
      2. At Large Board of Trustees seats
  2. Discussion / Action Item Review
    1. Attribute flows and refactored diagrams
      1. see Leif's diagram
    2. Ontology (tentative)
    3. Identity Architecture - document feedback
  3. AOB
    1. Internet2 and a "identity week" meeting this fall
    2. Potential call time shift (30 minutes earlier)
    3. NSTIC grant privacy group
  4. Adjourn

Attendees

  • Kirk Fergusson
  • Allan Foster
  • Keith Hazelton
  • Steve Olshansky
  • David Chadwick
  • Sal D'Agostino

Quorum is 4 of 7 as of 14 January 2013

Non-Voting

  • Mark Schiebel (MCNC)
  • Ken Klingenstein
  • Steven Carmody

Staff

  • Heather Flanagan (scribe)
  • Andrew Hughes

Apologies

  • Ken Dagg
  • Leif Johanson

Minutes

  • Motion to approve the minutes: Kirk moves to approve the minutes, Keith seconded - moved by acclimation

Administration

Action Items

Action

Assigned To

Status

Description

Comments
20121127-03Heather FlanaganCompleteGet the starter documents from Andre Boysen 
20121127-04Ken KlingensteinCompletePut together initial draft diagram(s) for attribute lifecycle to discuss with this group to determine viability (or not) 
20121127-05Ken Klingenstein/Heather Flanagan (I2 hat)CompletePut together a rough definition of terms in the attribute ecosystem big picture diagram 
20121127-06Allan Foster Review AMDG Recommendations and verify if/how they tie in to the AIMWG work 
20121211-01Group Review Attribute Design draftDetermine on next call if this is something group wants to discuss further
20130109-01Leif JohnasonCompletecreate a simple semantic diagram on one of the simple flowsPosted to list
20130109-02Keith Hazelton create a semantic diagram that will look something at a historical perspective 

New Action Items

Action

Assigned To

Status

Description

Comments
20130123-01Kirk Fergusson Share the working definitions for components in their diagram 

Discussion

Attribute flows and refactored diagrams
  • see Leif's diagram
  • Ken has drafted "5 ways of looking at an attribute ecosystem" - a 2 sentence summary of each perspective with a pointer to each model diagram; diagrams include Leif's, UMA, Anil's, Ken's - none are inaccurate, they are just different ways of looking at the world
    • we are not going to end up with only one diagram
    • in going to get material to support this document, stumbled in to a request from Kaliya to collect all diagrams related to the identity ecosystem; an activity in the IDESG to build models of the identity ecosystem; there is also work in the Cloud AuthZ group to develop an ontology; there may be significant duplicity of effort here
    • can call this a "diagram registry"
    • need to ask ourselves what these things are trying to help us accomplish, so we can avoid an addiction to the creation of diagrams for their own sake
      • since we are still trying to figure out exactly what is flowing, this is still a worthwhile activity
  • What else needs to be done with the diagrams at this time?
  • How does our work relate to the Cloud AuthZ group in OASIS? Can we set up a formal liaison with that group? They are still a fairly new group, and we do have informal liaisons; they have a very different perspective, coming from a business/financial mode of thinking
Identity Architecture document
  • This is the solution SecureKey has developed in conjunction with clients in British Columbia to provide a chip-enabled government identity to the province; this describes the solution and the architecture
  • Question: what protocols are underneath this and what components need to be installed where for this to work?  See section 3 "app data flow" though that doesn't quite cover who needs to install what?
  • This will be a real-world deployment in about 3 weeks
  • Question: in looking at this diagram, the only correlation between diagrams would be to look at the large blobs in the diagrams and see if there are similar objects in the other diagrams; if there is not consistency in high level objects, we should understand why
  • Can this architecture be improved or enhanced?
  • Question: what is a ticket designed for? what can it do? one of the things in Open Stack is the fact that the tokens that are prepared are bearer tokens and therefore someone could get a hold of it and replay it (security weakness); unclear if the tokens/tickets being past here are the same type of tokens?
  • if comparing this drawing to Leif's, almost none of the words are the same, and that points to the challenge this group has; what terminology do we want to talk about? it would be interesting in taking Kirk's diagram and seeing if there is some kind of mapping back to Leif's so we can get some equality of terms
    • SecureKey does have working definitions to go along with these blocks
  • The protocol level may be the same, but the trust level may be wildly different in different models; there could also be attribute flow and consent levels that could be covered; in some use cases, even liability could flow in its own view in to the model
    • we're also missing revocation, so we talk about "freshness" instead
  • Are there such things as attributes that are non-transferable? are these terms defined anywhere?
    • maybe there is an ISO or ITU standard that defines these
    • possibly an early Kerberos standard defines these as well
    • would businesses be willing to invest in the extra cost in the technology to get less back as we look at privacy and anonymity? possibly not, but when they have to comply with privacy legislation they might
  • the discussion about the definitions
    • no, this group does not want to build a full glossary, but possibly a partial that could then feed the IAWG glossary
    • part of the problem with a glossary is that glossaries dissolve context, and context is part of the definition; if we put the context back in the glossary, we're building an ontology instead
    • perhaps the terms should be defined per-document in order to keep the context sensible
    • maybe a concept map would map well to this effort

AOB

  • Proposal to move the call time 30 minutes earlier - 07:00-08:00 PT / 10:00-11:00 ET
  • Note that we may be light on participation next call due to conflict with the NSTIC IDESG plenary
  • Internet2 and a "identity week" meeting planned for this fall; it would be a combination REFEDs meeting, Advanced CAMP, and maybe an InCommon Participants meeting, and possibly more; dates are not set yet, location would be San Francisco Bay Area

 

Next Call

  • Date: Wednesday, 6 February 2013
  • Time: 07:00 PT | 10:00 ET | 15:00 UTC
  • Dial-in: United States Toll +1 (805) 309-2350
    •  Alternate Toll +1 (714) 551-9842
  • Skype: +99051000000481
    • Conference code: 613-2898