Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Kantara eGov Working Group Teleconference

Date and Time

  • Date: 4. Nov 2012
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 07:00 NZ(+1)

Attendees

John Bradley, Ping

Sal D’Agostino, ID Machines, USA

Alan Foster, ForgeRock

Rainer Hoerbe, Kismed, Austria

Denny Prvu, CA

Bob Sunday

Keith Uber, Ubisecure

Colin Wallis, DIA NZ Govt, NZ

Apologies

Thomas Grundel, IT Crew, Denmark

 

1. Agenda review/Minutes approval

Minute taker: Keith.

Quorate call: 7 of 13 voting members. Bob is currently non-voting.

June 4th minutes approved. Colin moved, Denny seconded.

2. eGov Charter Repositioning

An e-vote of the eGov members was held at the end of September (and approved the new Charter), after which this should have gone to LC for approval. There was no time on the 10 Oct LC Call. The LC will vote on the 7 Nov call.

3. eGov Membership Invitation Letter

- Status report from Colin

Rainer sent the letter already to a Dutch representative. No response back yet.
Add Jaag Kooper (sp?) to Dutch list.
Colin to dig up the Dutch ebook author.
Keith Williamsy (OpenID Board Member)
The letter won't be sent until the letter is approved by LC.
More names are required. List of contacts is not for redistribution or publication.
Letter will be sent by Joni under her name.

Note: The LC call is scheduled to be on the same day and time as the next NSTIC call.

4. Face to Face meeting, Washington DC, 31stOct/Nov 1st

Meeting was canceled due to Hurricane Sandy

5. Privacy Enhanced WebSSO

Proposal of a new work item from Rainer: CA, NZ and now UK have extended SAML WebSSO or are in the process to do so to implement a non-tracability requirement for identity and attribute providers. A collection and comparison of approaches, architectural designs and extensions of SAML profiles would be useful in particular for private-public federations.

Colin presented the requirements of NZ

  • you can't move personal information from one domain to another without specific user consent.
  • the best way in their opinion is to get consent at the time of the event
  • SAML AQ profile was ideal, but is backchannel.
  • NZ had requested a browser-based binding of Attribute Query

John Bradley:
AQ is broken in a few ways. It does not support actually support evidence of consent. The consent is collected by the wrong party (SP, not the IDP).

In the UK, they had a similar situation (Matt Trigg(sp?))
NZ used a mix of back and front channel techniques based on the use case, including use of WS-Trust.
The Change Notify protocol OASIS SSTC (Phil Hunt, Oracle) works in the front channel. The title is strange, but the flow seems to work for front channel interactions
David Simonsons of WAYF.dk can do front (spring flicker?) and back channel attribute exchange. Front channel was a proposal in a TERENA pilot project. It was found to be unstable in the case of when multiple attributes need to be queried in sequence.

Q. How many use cases have more than one Attribute Provider in addition to the IDP?

NZ is building a consent service to get around a centralized consent register.
There are issues in getting the consent information and the user information at the same time.

John Bradley: Most people are doing this with oAuth.
Colin: The current architecture is SAML.

UK's matching service

Allan:
Discussion of IDP with two AAs (attribute authority)

Q. Is it possible to standardize this in any way so that it would a solution used across multiple governments? Or become a standard product feature?

Internet2 has won a contract to provide a privacy-enhanced solution - "uApprove style"


User experience discussion: 10 dialogs vs one

How do you have multiple consent services, which could provide a common consent dialog?

It depends on what is the relationship between the attribute provider and the consent service.

1. UMA-like consent service
2. Attribute provider manages consent on their own

OIX attribute exchange network is looking at attribute release.

Colin: Would it not be better, to see what the funding possibilities are - are those projects which have got funding, are they usable in this case?

This new work item proposal is sufficiently overlapping with the NSTIC pilots - perhaps it's better to wait for them?

The work item would include:
Couple of stakeholders, privacy requirements, solutions and discussion
Not a standardization activity, rather a review of current solutions and needs with a view for interoperability and standardization

Not too technology dependent (XML, JWT).

Steven Dunn
processed their first SAML assertion 3 or 4 weeks ago
building a proxy using OpenSAML to proxy basic SAML assertions
DWP will be deploying
Creating good practice guide for proofing on several dimensions

AP: Agreed to collect the use cases and solutions on the eGov wiki.
If we can do that before the next call, great.

The UK is willing to release documents/information
CA specs are already open
NZ use cases have been posted on the eGov wiki (more coming)

We need some ways to compare approaches.

We will collect material
AP: Rainer: create wiki page for page use cases and solutions

Next Monthly Meeting: 

  • Date: Monday, December 3, 2012
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 06:00 NZ(+1)
  • Please use Skype or US local access numbers where possible.

 

  • No labels