Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Date and Time

Date: 2. Dec 2013

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

Role Call

Keith Uber

Thomas Gundel

Denny Prvu

Colin Wallis

Ajay Daryanani (non voting)
Rainer Hoerbe
Patrick Curry

 

Quorate call 

Administration


Anil John is now non-voting due to non-attendance (conflicting call time). Colin to inform John.
Quorom is 5 participants.
September 2 minutes approved: Rainer moved, Colin seconded.
1. Charter review
 Ken felt that we were unduly restricting ourselves to governments being relying parties
We should include governments as IDPs as well
Section 8 - Duration - We would make a decision in 2014 about remaining as a WG or becoming a discussion group.
Vote on LC call - Colin moved, Keith and Thomas approved.
Reviewed charter to be submitted to leadership council

2. IDCloud analysis

OASIS technical committee which is connecting use cases and solutions/technologies for IDM in cloud services/PaaS. They have done a nice use case document and gap analysis on what is available and what is missing in available offerings.
The document seems a bit unbalanced. It is s very detailed in UMA, OpenID Connect, etc, but is very light on references to SAML.
STORK should be included, the specific STORK profile should be added to the list.
Rainer proposes to put forward to the TC more information about the eGov Implementation Profile for inclusion in the report.
The document is a ‘living document’ - details on STORK were recently added.
Rainer has tried to contact Gershin Jansen, no response received to date.
Colin participated in the early stage, when the discussion/document was a very high level.
Gap Analysis is not yet a public document.
Is Research/HigherEd interested in cloud use cases?
Internet2, SWAMID provide box.net to their students 
In Spain, Google and Microsoft are federated via SAML2
AP: Rainer to write and circulate a draft text response to the OASIS IDCLoud TC to the list for comments
Ajay will share the document in tomorrow’s GEANT meeting to see what the feeling is within that group.

3. Presentation

Patrick Curry presented MACCSA, Multinational Alliance for Collaborative Cyber Situational Awareness. The audio presentation was recorded and will be made available in the days after the call.

Rough notes follow. Please listen to the audio for more detail.

MACCSA
History
Lead by the USA
Cyberspace part lead by the UK
Five areas lead by 
Norway - Threats and vulnerabilities
Sweden - Information sharing
Italy - Legal
Finland - Technology
UK- Main experiment which lasted a week - an advanced simulation environment
involving 90 people, telco, energy, air traffic management, military
Activity and Experimentation lasted two years
to test and evaluate the value of collaborative cyber situational awareness
You were only 20% effective at best if you didn’t share information
Collaboration is your only choice
Information sharing framework (ISF) needs to be implemented.
To take that forward and implement it requires an organization.
Over 9 months a series of transitions workshops were arranged 
22 governments
35 nations
8 EU organizations
UN
ITU
NATO
TMFOrum
ITU impact
First group
CSA Cloud security alliance
Outcome was examination of four organizations that could handle this. None were considered 
Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA).
MACCSA
Legal entity in October 2013
UK Based
Early stage - Legally formed, Has not yet met
First meeting scheduled for 13 December 2013, London.
Founding participants are now being gathered
What do they do?
Information sharing network
Information sharing model, information management model
Federated trust Level 3 PKI
Cyber 
Mapping to the four levels of assurance
Collection of 
ISO2700 AUS top 35 mitigation,s 
US - release 4
Sand TOP 20 controls
Including security metrics, sufficient for audits to occur.
Challenges:
Trust framework audit models have been examined
From IDM environment to other types of control
One or more interoperable schemes are required.
We are leveraging what is needed for business to share information.
The same could be applied to citizen or government cases. This work is highly reusable.
Software is being developed by the organization which will be made public.
Fake organizations are their biggest problem.
How to detect the authority of individuals within an organization.
How to determine if a company is compliant with requirements of their industry sector.
Need to be accurate to within 24hours.
ROLLO doesn’t exist today. Examining joint venture options. It will pull together data that is captured from other public registers.
To be a European business register.
Register is voluntary, not legislated.
EU has a register interoperability API in place.
The API already supports 76 nations register.
Accurate, complete and timely data is important.
The register could support other business activities.
Relations to taxations, drug trafficking preventions, money laundering etc.
Fake government organizations is a nightmare scenario. How to check that some org/body is legitimate.
Colin:
The link to Kantara is that the IAF could become a more generic framework with a set of profiles under that?
Patrick:
Federation model, Most PKI Bridges support one or two policies. 
Need reusable policies across national boundaries
NATO IDM Policy
NATO and EU have agreed to work together to make sure that nations don’t need to have two or more ID systems.
Must be forward looking.
Mobile device 
Kantara needs to get on top of biometrics
Where does liability fall?
Opportunities for Kantara to get these people on board and cooperate.
NISP 
Network information security platform
three working groups:
  1. risk management (3 sub groups - risk mgmt and mitigation, metrics, risk mgmt framework and maturity models)
  2. info sharing
  3. research and innovation
This research is not confined to EU members. Content will flow back to EU legislation.

Next Meeting  

Date and Time

Date: 8. Jan 2014 (Note exceptional date due to new year. )

Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)

------------------------------------------------------- 

To join the teleconference 
------------------------------------------------------- 
DIAL IN INFORMATION: 

Skype:  +99 051 000 000 481 
Conference Id: 613-2898 
US Dial-In: +1-805-309-2350  

http://kantarainitiative.org/confluence/display/GI/Telco+Bridge+Info 

 

  • No labels