TI WG 2013-03-19 Teleconference
Kantara TI WG, Tue 19 Mar. 2013
Date:
- Date: Tue 19 Mar. '13
Attendees:
- Ingo Friese, DT (voting)
- Keith Uber, Ubisecure (voting)
- Jonas Högberg, Ericsson (voting)
- Joni Brennan, Kantara (non-voting)
Regrets:
- Gaël Gourmelen, Orange-FT (non-voting)
Notes:
1. Roll Call
Quorum was met with 3 out of 3 voting members present.
2. Minute Taker
Minutes were taken by Keith Uber.
3. Amendments/Modifications to the Agenda
- None
4. Joni Brennan - Government programs / non governmental programs like NSTIC
NSTIC
US/UK activity on credential exchange:
NSTIC - the NSTIC group is at the halfway mark of their government funding. IDESG was funded for 2.5M USD standing up and help create a trusted ID ecosystem within the US. They do have an international group also.
Intention is promote adoption of a federated model.
A lot of time has been spent on setting up the organization and its bylaws and IPRs.
Joni was the IDESG Trust Framework Group chair, but recently stepped down due to other commitments.
Progress has been slow.
Promoting federation and moving past the blocking factors
A lot of vendors come to the meetings, but not relying parties. This is a challenge.
Joni follows closely and is the key liaison for Kantara.
On the telco side, AT&T and Verizon has attended to date.
The pilot projects have moved forward. There is no formal reporting structure for the pilot progress.
Kantara is participating in a pilot run by Resilent networks by providing governance subject matter expertise.
A second round of pilots will occur - attribute exchange, privacy enhancing, some vertical (healthcare) etc.
Not all results are published, however there should be transparency in the process and summarised results.
NSTIC could adopt and recognize an existing trust framework as an instance, instead of creating a new framework.
Business models and incentive models could be explored more to ensure a working commercial model.
FCCX Federal Cloud Credential Exchange (said aloud as "F-SIX"). Simiarly to IDP proxy, hub based model. All government sponsored, but includes non-government applications.
This is an answer to moving egovernment to a federated egov id model.
US post office playing a key role in this identity project.
US post office has put out a bid for a federal cloud hub RFP (late last year).
The RFP included the requirement for the cloud credential operator to set the pricing for the identity providers.
This commodotizes the identity providers and has caused some reaction.
The RFP is a "starting point for a conversation". The pricing matrix feature of the RFP has upset stakeholders in the process.
Joni notes that the telco operators may be concerned with these developments and interested to monitor more closely what is happening.
Canada has set their own government price for the hub.
Jonas: is there a european hub model?
DIBEAU project within Europe is looking at mapping between the international standards for trust, allowing cross-border comparisons.
STORK for European eID but business model is unclear.
NSTIC/IDESG had a vision of a trustmark with a fee in order to create an organization that is ongoing after the current funding is exhausted.
FCCX Federal Cloud Credential Exchange is an important project that Kantara is following.
Kantara is hosting a meeting with various US government agencies, telcos, credit bureaus, hub operators, etc Apr 11 2013 in Washington D.C. To talk about the disconnects in the Government RFP. Facilitating a vendor neutral forum to find an appropriate business model for all parties.
US/UK activity
Kantara is doing a cross-mapping study in the UK based on the GPG Good Practice Guide (45, 46) - looking at NIST-863 documents to UKs GPG - what is the coverage, gap analysis etc
It is a cooperation project between TScheme and Kantara. A funded study by the governments happening at the Assurance Review Board level.
The hope is that for example it can be recognised that a Kantara certification that is recognised by NIST is equivalent to or better than, or provides more assurance than a UK certification. Any global organization would then be able to get a Kantara accredition and thus satisfy both US and UK requirements in one go.
IDESG activity
Kantara is participating and helping governments and identity providers.
The IAWG is taking on a work item called decoupled binding - separating the identity from the credential.
These will be mapped in the Identity Assurance Framework (IAF) so that Canada and US credential models would be mutually equivalent.
Joni invites the TIWG to provide feedback on commodotization models, for example from Telco vendors.
Next step for Kantara is to create a focused position paper on these models. Joni will keep us up to date.
Joni says that our panel and events (workshop) have been accepted for European Identity Conference (EIC) May 14-17 Munich. F2F likely in the Munich area before or after.
The creation of a Kantara legal entity in Europe has not progressed. There may be more ways for non-European entities to apply for EU funding.
4. LC Update
Joni updated us on LC:
Budget approved for 2013.
Membership drive.
Cloud best practices work group formed (Neal McEvoy)
Keep marketing active, keep visible
Alan Foster elected BoT president
5. Approval of MoM
Three sets of minutes (January 22 2013, Feb 5 2013, Mar 5 2013) were approved by unanimous agreement.
6. Ongoing work update
- Telco Mobile Authentication Solutions
- Keith has combined and sent out the content complete document ready for initial review (version 0.91)
- Formulate introduction around purpose "State of the art survey"
- Conclusion todo
- Now in review stage
- Ingo compiled his comments and remarks and has made a table of comments
- Ingo will manage the comments table
Other documents:
Jonas still to do
7. F2F Plenary May
F2F before European Identity Conference (EIC) in May 14-17 Munich. F2F likely in the Munich area before or after.
8. AOB
None
Call adjourned 17.25
Next Meeting
- Teleconference
- No meeting for 2.4.2013 due to Easter holiday
- Date: (exceptionally )Thursday 4.4.2013 16:00 CET. TO BE CONFIRMED, monitor the mailing list of agenda.
LINE C
* US Dial-In: +1-805-309-2350 | Conference ID: 178-2540