AIM WG Minutes 04-September-2013
DRAFT minutes, pending AIM WG approval
Date and Time
- Date:Â Wednesday, 04 September 2013
- Time:Â 07:00 PT | 10:00 ET | 14:00 UTC
- Dial-in: United States Toll +1 (805) 309-2350
- Â Alternate Toll +1 (714) 551-9842
- Skype: +99051000000481
- Conference code:Â 613-2898
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Approval of Minutes: AIM WG Minutes 21-August-2013
- Discussion / Action Item Review
- WG - Attributes In Motion - Attribute Handling Best Practices
- Periodic Table of Trust Elements
- AOB
- Adjourn
Attendees
- Steve Olshanksy
- Keith Hazelton
- Sal D'Agostino
As of August 5, 2013, quorum is 3 of 5
Non-Voting
- Ken Dagg
- Colin Wallis
- Leif Johansson
Staff
Apologies
- Ken Klingenstein
- Allan Foster
- Maarten Kremers
Minutes
- Keith moves to approve the minutes, Steve approves, no objections - minutes passed
Administration
Action Items
Action | Assigned To | Status | Description | Comments |
|---|---|---|---|---|
| 20130109-02 | Keith Hazelton | OBE | create a semantic diagram that will look something at a historical perspective | Keith to post to wiki and lead a discussion on April 3 call |
| 20130123-01 | Kirk Fergusson | Â | Share the working definitions for components in their diagram | Sal to reach out to Kirk to let him know we are going to remove the action item (2013-09-04) |
| 20130515-01 | Keith Hazelton | Complete | Provide links to relevant notes taken in recent IIW 16 sessions | these links will be added to these notes and the AIM repository of information |
| 20130821-01 | Keith Hazelton, Allan Foster | In Progress | Go through the Attribute Registry Draft and answer the questions, post to the list | Keith to sent out a list of comments; waiting for Allan |
New Action Items
Action | Assigned To | Status | Description | Comments |
|---|---|---|---|---|
| Â | Â | Â | Â | Â |
Discussion
Attribute Handling Best Practices
- Identity of Things shows how this can be expanded beyond the Identity Ecosystem; attributes can be expanded beyond identity in to consent, for example
- InfoSharing is another group working with attributes beyond identity
- Let's start with core and work our way out? Boiling the ocean is very tempting in this doc. Suggest we start with a well-defined scope of use cases and establish things for that, doing this with a larger universe in mind.
- example - see Anil's latest blog post
- one of the reasons that Anil's post is so clear is that it has a very tight scope
- if we follow the use case behind that post, that's a way of describing this in a context; we can talk about what parts are in scope and what parts are out; need to make this clear in layman's terms
- when you get in to a specific example such as binding identity to authentication credentials, you can find out more; you can say in the scoping that the binding is outside of the scope. That eliminates a number of perceptions and ties people more tightly to what we are, and are not, doing
- example - see Anil's latest blog post
- One is consuming an attribute or providing an attribute; are we to focus more on the provider or the consumer? The RP is relying on attributes to be both a consumer and a provider, so how do they actually differ from an SP? an RP can become a middle proxy, which is an interesting role; the RP role is particularly interesting when talking about handling attributes
- For topics definitely to include, we also need to consider the transport and exchange of attributes, exposing them (possibly from the different perspectives of how they are stored, how they are discovered); the metadata question is also a gap; security, privacy, the transmission - these topics should be looked at from all three perspectives, and balancing them against transparency and discoverability
- in legal terms there are only two types of attribute entity - you are either a data owner or a data processor; either you are proxying an attribute or you are an authoritative source on attributes; if you are Equifax and re-writing attributes, you are both a data owner and a data processor
- One idea, in the Global Context, would to also be to have a commercial perspective - attributes as business
- this could be something interesting to tie in to the proxy area
- there are very few examples of transparent attribute proxies; even if syntax doesn't change in the re-release, the semantics usually have
- Next step: Heather to further update the draft outline in time for the next call
Periodic Table of Trust Elements
- Steve working with Ken on this, and hope to have something in about 3 weeks to distribute; first public showing will probably be at the IDESG meeting in October
- UMA had done a document back in January which is related; see http://docs.kantarainitiative.org/uma/draft-uma-trust.html
AOB
Attribute Registry
- Leif still looking for more input
- are we still looking at an IANA registry?
- Con: it may not scale
- Pro: realistic option on a distributed registry rely on a bootstrap from DNS, and we have not seen any good example of anyone doing this in practice
- we have not clearly described the advantage for groups to keep up with their attribute submission to a registry or even a distributed service; need to be more clear on the potential uses of having this kind of service
- possible usage models should be a section in the draft
Next Call
- Date: Wednesday, 18 September 2013
- Time: 07:00 PT | 10:00 ET | 15:00 UTC
- Dial-in: United States Toll +1Â (805) 309-2350
- Â Alternate Toll +1 (714) 551-9842
- Skype: +99051000000481
- Conference code: 613-2898