TFS Monthly Sync – Draft Meeting Notes

Wednesday, October 12, 2016

Attendees

Peter Alterman, SAFE BioPharma

Andrew Hughes, KI LC Chair

Colin Wallis, KI

Ken Crowl, Experian

Scott Shorter, KUMA

Ann West, Incommon

Adam Madlin, Symantec

SATO Hiroyuki, Gakunin

Brian Dilley, Verizon

Russ Weiser, Synchronoss.

LaChelle LeVan, FICAM

Kevin Morooney, Internet2

Paul Caskey, Incommon

Cynthia Gibson, Synchronoss

Ruth Puente, KI

Incommon Update

They are looking to operationalize the Baseline Expectations for Trust in Federation. The Baseline expectations of Identity Providers, Service Providers and Federation Operators, was approved by Incommon Assurance Advisory Committee and they are now working on the implementation plan. Final Version: https://spaces.internet2.edu/display/InCAssurance/Baseline+Expectations+for+Trust+in+Federation
Multifactor profile. Incommon has approved a profile for that and now has shared it with REFEDS, which will ratify it as one of their standards, so name space will be an international name space, profile will be able to be asserted internationally.
Open ID Connect for Federation. Implications on Assurance. There are several mobile use cases. Federation with OpenIdConnect specification (sent to the mailing list during the call): https://github.com/rohe/pyoidc/blob/master/oidc_fed/oidcfed.txt

IAWG Update

Starting analysis and feedback on IDESG mapping between their baseline requirements and the Kantara IAF Service Assessment Criteria through a small working group of CSPs and Assessors. The IAWG sub-group is evaluating if Kantara approvals can be used to qualify for the listing service IDESG is running. http://kantara.atlassian.net/wiki/display/idassurance/IDESG+Mapping+to+KI+IAF?src=contextnavchildmode

Early discussion about potential impacts of 800-63-3 update.
Concluded comment discussions for NISTIR 8112 "Attribute Metadata". http://kantara.atlassian.net/wiki/display/idassurance/NISTIR+8112+Attribute+Metadata+community+review?src=contextnavchildmode

Early discussion to provide a Kantara statement on NISTIR 8149 "DRAFT Developing Trust Frameworks to Support Identity Federations".
Project on SAC updates and improvements will start in November.
Development of the ID Pro Association in Kantara https://kantarainitiative.org/digital_identity_professional/

Biopharma Update

Busy with new partners and new vendors.
Finishing audits.
Revising documents, updating procedures and policy documents.
Very active at the Electronic Signatures and Infrastructure Working Group, which deals with internationalization.
Drafting a Signature Guideline for the membership in compliance with 21 CFR Part 11, FDA requirements for electronic submission and systems.
They have been developing Federation Standards requirements for all the infrastructure services that go into federations from CSPs, and also Relying Party requirements.
BioPharma Draft of Federation Requirements document was sent to the mailing list during the call and Peter Alterman encouraged the participants to send feedback on it.
Studying carefully the interoperability between trust lists and cross certifications, the 2 different methodologies that US and EU use for determining trusted issuers and level of assurance for crypto credentials.

FICAM Update

Working on alignment across the TFPs.
ICAM Day is scheduled for next March, probably will be a 2-day session. They stressed Peter Alterman good suggestions to include additional partners, to talk about digital signatures and encryption.
They had a meeting with Australian Access Federation, where they addressed several issues related to research and education area, OpenId Connect and attributes. They also reviewed some of their tools.
They have made progress on the Draft standard operating procedures and hope to share it by the end of October.
Planning the 800-63-3 update implementation.

Comments

There were comments on componentization and breakdown of the TFP solution on the elements in identity access management, CSP versus Token manager versus Identity manager.
- Agencies are looking for solutions where they don´t have to have individual components.
- Although the agencies have the option of a full service CSP, there are other agencies and subordinated organizations that want to contract for their own identity proofing and outsource the token manager piece and this option should be available.
- It is relevant to identify what the market demand is.
There is a need for global metadata for a number of attributes, have a global set of metadata for a standardized set of attributes.
- Incommon is part of the global interfederation service eduGAIN, where Federation Operators register themselves and their metadata, and then eduGAIN combines all the national registries and republishes them in one large file: https://www.incommon.org/edugain/
- Semantic interoperability. It was cited the message from Martin Smith: “The goal of the discussion would be to generate ideas on how bottom-up and top-down approaches might be combined to create a semantic standardization process that would maximize interoperability, avoid element name collisions, minimize superfluous duplication (i.e., promote re-use), but which, nevertheless, would not have to be so centralized and inflexible and huge as to be impossible to implement”.
- It was suggested to start in the TFS Sync Group a list of core attributes and metadata definition for core attributes.

Browser not supported