AMDG Notes 2011-12-06
Kantara Initiative Attribute MGMT DG Teleconference
Date and Time
- Date: Tuesday, 06 / 12 / 2011
- Time: 11 PT | 14 ET | 19 UTC
Attendees
- Sal D'Agostino
- Keith Hazelton
- Heather Flanagan
- Colin Wallis
- Bob Sunday
Apologies
- Anna Ticktin
Agenda
1. Administrative:
Roll Call
new member introduction
Motion for minutes approval: Minutes 2011-11-08
Agenda confirmation
Action item review:
20111108-01: all: review Account Linking doc and provide feedback by next call*
20111108-02: Keith: Move Attribute Aggregation use case up to VO section*
20111108-03: Sal: Sal to post the PIV2SAML items to the use case repository*
20111108-04: all: to review the eGov requirements and see what information can be used/discussed at next call
20111108-05: Sal: reach out to the background check industry to see if they are willing to participate in the DG-AM
2. 90 Day deliverable – Identify gaps in attribute landscape
i. Mapping attributes to providers where the don’t match (Identify attributes mismatches)
a. content difference
b. name difference
3. OASIS Trust Elevation
4. AOB
Minutes
1. Administrative
- Roll Call
- Action Item Review :
- 20111108-01: all: review Account Linking doc (https://spaces.internet2.edu/display/fedapp/Account+Linking) and provide feedback by next call* - stays open for group review
- New Zealand government is seeing very similar issues as described in the document; in particular, noting who is authoritative is a significant area of challenge for government bodies
- 20111108-02: Keith: Move Attribute Aggregation use case up to VO section - DONE
- 20111108-03: Sal: Sal to post the PIV2SAML items to the use case repository - DONE
- more ICAM/SAML than PIV/SAML so information in wiki has been adjusted
- 20111108-04: all: to review the eGov requirements and see what information can be used/discussed at next call - DONE
- Some additional comments have been added (Colin); the sheer amount of information that could be carried in the wealth of attributes available is overwhelming; one approach is described by Rackish Radakrishnan (sp?) - a notion to converting collections of attributes in to tokens so as to more easily transfer/transmit them; this was presented at the trust elevation committee of OASIS
- AI: Colin to send out link or doc
- 20111108-05: Sal: reach out to the background check industry to see if they are willing to participate in the DG-AM - DONE
- they are interested and we'll continue to rope them in
- 20111108-01: all: review Account Linking doc (https://spaces.internet2.edu/display/fedapp/Account+Linking) and provide feedback by next call* - stays open for group review
90 Day deliverable – Identify (not fill - that comes later) gaps in attribute landscape
i. Mapping attributes to providers where the don’t match (Identify attributes mismatches)
a. content difference
b. name difference
Open discussion:
We have the section on Social2SAML gateways - that's a gap that people are in the process of filling
AI: Keith to add additional links to that section
AI: Heather to report back from Mapping the Identity Ecosystem workshop which will occur next week in Amsterdam
- Keith - How to be more systematic in researching and prioritizing the gaps?
- Colin - How do we separate the problems out - semantic problems versus protocol problem versus transport problems
- Colin - can we create a flow of the problem space? we can then separate the space in to consumable chunks
- Keith - we need to stay focused on the context of managing the attributes themselves, not necessarily what is being done with the attributes (access management, provisioning)
- Keith - so far none of the items discussed are brand new; each has someone working on them in either a standards sense or a working group sense; we need to make these more visible and increase collaboration; perhaps something like a glossary describing the issues and efforts?
OASIS Trust Elevation
Colin: this was discussed in the Kantara e-gov call yesterday. discussion has not yet come to consensus. The group is trying to find a standardized way of doing dynamic step-up authentication. It is still an open question as to whether this is something that should even be done, much less how to do it. The idea for dynamic step up and associated use cases comes out of some Bank of America use cases. This is more than LoA of attributes, it could be a standardized approach on HOW the attributes would be assured and transported.
Bob: When we talk about assurance levels and authN we separate credentials and attributes, so any discussion of step-up function would need to respect that separation. The right to get attributes is an issue that needs to be handled separately.
Keith: The more info you try to shove in to the credential, the shorter "shelf-life" it needs to have.
That group has asked for a liaison with this group. We do have some overlap already, so it seems like a good thing to support and explore further. This will become a standing item on our agenda and we will send them links to the material we're collecting in the Kantara wiki, and we can get from them copy of their working docs as allowed by IPR.
AI: Colin to take this support back to the OASIS working group
Any Other Business... Adjourn
Next Meeting
- Date: Tuesday, December 20, 2011
- Time: 11 PDT | 14 EDT | 19 UTC
- Dial in: Skype: +9900827044630912 or US Dial-In: +1-201-793-9022 | Room Code: 4630912