2017-01-11 Draft Meeting Notes

TFS Monthly Sync ā€“ Draft Meeting Notes

Wednesday, January 11, 2017

Ā 

Ā 

Attendees

Ken Crowl, Experian

Russ Weiser, Zentry-Synchronoss

Boris Kronrod, Athenahealth

Andrew Hughes, KI IAWG

Richard Wilsher, Zygma

Brian Dilley

Colin Wallis, KI

Peter Alterman, SAFE BioPharma

Tom Barton, Incommon

Lee Aber, ID.me

LaChelle LeVan, FICAM

Matthew, FICAM

Paul Caskey, Incommon

Stuart Levy, TransUnion

Cynthia Gibson, Zentry-Synchronoss

Ruth Puente, KI

Ā 

Ā 

SAFE BioPharma Update

  • They continue working on internationalization for digital signature, and they are co-organizing with FICAM the workshop on this topic, which will be held on March 8th.
  • They are also focused on the Trust List to express SAFE cross certificate with the Europeans; the same trust list can be used to assert a certified component of a larger federation, which allows a trustmark to be verified.

Ā 

Incommon Update

Their current work is mainly focused on the following:

  • SIRTFI trust framework, security Internet response for federation across the globe.
  • Multifactor Authentication Profile, how the SAML signaling should proceed.
  • Baseline expectations, which relates to trustworthiness. What people expect of their peers and federation operators to have enough confidence in it. The aim of the baseline is to provide a path towards better implementation to support those expectations on trustworthiness.
  • REFEDS Assurance working group and profile. Draft on REFEDS Assurance profile: http://tinyurl.com/h8z3joe

Ā 

IAWG UpdateĀ 

  • Planning to analyze the 800-63-3 potential impacts on the IAF SAC.
  • Finalizing comments on NISTIR 8149 for Trust frameworks.
  • Finalizing comments on the IDESG mapping to the KI IAF, which would bring potential enhancements for the KI IAF SoC.
  • Coordinating strategy to provide the community comments on the upcoming release of 800-63-3.

Ā 

FICAM UpdateĀ 

They have been working on several areas, including:

  • 800-63-3.
  • Standard Operating Process and Procedures. They plan to send the draft shortly.
  • They are considering a long-term and joint effort with the community to develop the requirements to replace the requirements of 800-63-3, and analyze the impacts.
  • It was highlighted that they are trying to:

Ā  Ā  Ā  Ā  Ā  -Simplify the processes.

Ā  Ā  Ā  Ā  Ā  -Be more focused on the missions.

Ā  Ā  Ā  Ā  Ā  -Get a better understanding of the offerings, so they match missionaries, trying to drive the mission towards solutions in a simpler manner, whether they are federated, commercial federated or federations.

  • The workshop on Digital Signature will be held on March 8th, which will address the need to align the US Gov. and the EU around digital signatures.
  • ICAM Day will be held on March 7th for Agencies only. The objective of this event is to listen to the agencies on their challenges for the deliverable on their mission services, Citizen to Government, Business to Government, Government to Government. Also, they plan to discuss shared services and shared networks across government and cost savings, and reconsider some of the technology transition.
  • They plan to launch a new idmanagement.gov based on a customer experience model, in order to help the agencies to achieve their goal.

Ā 

Industry Comments

  • It was pointed out the need to have a direct exchange with the Agencies, so they can better understand their needs.
  • It was commented the need to promote the benefits of FICAM, create a value proposition, be FICAM marketing channel within the TFPs communities and internal audiences. FICAM clarified that the benefits should be considered around the Federated Identities, as FICAM is very broad.Ā 
  • It was suggested to visit the Ping identity website: https://www.pingidentity.com/en/products/identity-defined-security.html